Alexandre Julliard wrote:
Robert Shearman rob@codeweavers.com writes:
/* check for an inherited winstation handle (don't ask...) */ if ((handle = find_inherited_handle( process, &winstation_ops ))) { winstation = (struct winstation *)get_handle_obj( process, handle, 0, &winstation_ops ); } else if (parent && parent->process->winstation) { handle = duplicate_handle( parent->process, parent->process->winstation, process, 0, 0, DUP_HANDLE_SAME_ACCESS ); winstation = (struct winstation *)get_handle_obj( process, handle, 0, &winstation_ops ); } if (!winstation) goto done; process->winstation = handle;
Handle is guaranteed to be non-NULL here, since winstation and handle are the same object (well, except if duplicate_handle fails).
Yes, it's non-NULL here, but that's irrelevant since it's reset on the next line.
Sorry, you are correct. It does indeed look like a flaw in the scanner:
At conditional (5): "handle = find_inherited_handle != 0" taking false path
298 if ((handle = find_inherited_handle( process, &desktop_ops ))) ... Event var_deref_model: Variable "desktop" tracked as NULL was passed to a function that dereferences it. [model] Also see events: [assign_zero] At conditional (8): "handle != 0" taking true path 311 if (handle) set_process_default_desktop( process, desktop, handle );
It doesn't seem to have tracked that handle was assigned zero on line 298.