http://bugs.winehq.org/show_bug.cgi?id=20317
Summary: Uninitialised memory reference in SetEntriesInAclW() Product: Wine Version: 1.1.31 Platform: PC OS/Version: Linux Status: NEW Keywords: download, patch, source Severity: normal Priority: P2 Component: advapi32 AssignedTo: wine-bugs@winehq.org ReportedBy: dank@kegel.com
Once you are past bug 20303 and bug 20315, the commands
cd dlls/advapi32/tests /usr/local/valgrind-10896/bin/valgrind --trace-children=yes --track-origins=yes --workaround-gcc296-bugs=yes ~/wine-git/wine advapi32_test.exe.so security.c
produce the valgrind warning
Conditional jump or move depends on uninitialised value(s) at RtlAllocateHeap (heap.c:1373) by HeapAlloc (heap.c:276) by GlobalAlloc (heap.c:361) by LocalAlloc (heap.c:961) by SetEntriesInAclW (security.c:3568) by test_SetEntriesInAcl (security.c:2583) Uninitialised value was created by a client request at mark_block_uninitialized (heap.c:187) by RtlAllocateHeap (heap.c:1429) by SetEntriesInAclW (security.c:3471) by test_SetEntriesInAcl (security.c:2583)
(so the amount of memory being allocated is undefined!) It seems the ppsid memory block is not fully initialized, since the change
--- a/dlls/advapi32/security.c +++ b/dlls/advapi32/security.c @@ -3468,7 +3468,7 @@ DWORD WINAPI SetEntriesInAclW( ULONG count, PEXPLICIT_ACCESSW pEntries, return ERROR_SUCCESS;
/* allocate array of maximum sized sids allowed */ - ppsid = HeapAlloc(GetProcessHeap(), 0, count * (sizeof(SID *) + FIELD_OFFSET(SID, SubAuthority[SID_MAX_SUB_AUTHORITIES]))); + ppsid = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, count * (sizeof(SID *) + FIELD_OFFSET(SID, SubAuthority[SID_MAX_SUB_AUTHORITIES])));
makes the warning go away.