At the end of LIST_FOR_EACH_ENTRY, assuming no matches are found, `provider` will point to the list head, not NULL, as a result we call IsEqualGUID on invalid memory.
-- v2: crypt32: Fix invalid access of list head.
From: Yuxuan Shui yshui@codeweavers.com
At the end of LIST_FOR_EACH_ENTRY, assuming no matches were found, `provider` will point to the list head, instead of being NULL. As a result we call IsEqualGUID on invalid memory. --- dlls/crypt32/sip.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/dlls/crypt32/sip.c b/dlls/crypt32/sip.c index 132f491b2f1..d9da19b6272 100644 --- a/dlls/crypt32/sip.c +++ b/dlls/crypt32/sip.c @@ -562,10 +562,11 @@ static WINE_SIP_PROVIDER *CRYPT_GetCachedSIP(const GUID *pgSubject) LIST_FOR_EACH_ENTRY(provider, &providers, WINE_SIP_PROVIDER, entry) { if (IsEqualGUID(pgSubject, &provider->subject)) + { + ret = provider; break; + } } - if (provider && IsEqualGUID(pgSubject, &provider->subject)) - ret = provider; LeaveCriticalSection(&providers_cs); return ret; }
-
Yuxuan Shui -
Yuxuan Shui (@yshui)