Re: [ntdll] Care about empty fields of assembly_identity structure in actctx.c
Hi Roman,
On parsing of manifest in PE module is possible access to zero address and crash. It's happens because not all manifest attributes can be specified and pointers in assembly_identity structure can be uninitialized. This patch adds function for setting empty strings in structure elements when they not initialized.
Your patch looks like a workaround. You should fix the code to cope with NULL pointers correctly instead of allocating useless empty strings. Also initialize_assembly_identity doesn't make sense. ai is initialized a few lines later by memset call. Jacek
Jacek Caban wrote:
Hi Roman,
On parsing of manifest in PE module is possible access to zero address and crash. It's happens because not all manifest attributes can be specified and pointers in assembly_identity structure can be uninitialized. This patch adds function for setting empty strings in structure elements when they not initialized.
Your patch looks like a workaround. You should fix the code to cope with NULL pointers correctly instead of allocating useless empty strings. Also initialize_assembly_identity doesn't make sense. ai is initialized a few lines later by memset call.
Thanks for your notices! I'm rewrote patch, append some changes and split to small parts.
On Wed, Mar 11, 2009 at 2:40 PM, Roman Mindalev <lists(a)r000n.net> wrote:
Jacek Caban wrote:
Hi Roman,
On parsing of manifest in PE module is possible access to zero address and crash. It's happens because not all manifest attributes can be specified and pointers in assembly_identity structure can be uninitialized. This patch adds function for setting empty strings in structure elements when they not initialized.
Your patch looks like a workaround. You should fix the code to cope with NULL pointers correctly instead of allocating useless empty strings. Also initialize_assembly_identity doesn't make sense. ai is initialized a few lines later by memset call.
Thanks for your notices! I'm rewrote patch, append some changes and split to small parts.
Please send only one patch per e-mail. -- -Austin
Austin English wrote:
On Wed, Mar 11, 2009 at 2:40 PM, Roman Mindalev <lists(a)r000n.net> wrote:
Jacek Caban wrote:
Hi Roman,
On parsing of manifest in PE module is possible access to zero address and crash. It's happens because not all manifest attributes can be specified and pointers in assembly_identity structure can be uninitialized. This patch adds function for setting empty strings in structure elements when they not initialized.
Your patch looks like a workaround. You should fix the code to cope with NULL pointers correctly instead of allocating useless empty strings. Also initialize_assembly_identity doesn't make sense. ai is initialized a few lines later by memset call. Thanks for your notices! I'm rewrote patch, append some changes and split to small parts.
Please send only one patch per e-mail.
Ok
participants (3)
-
Austin English -
Jacek Caban -
Roman Mindalev