https://git.reactos.org/?p=reactos.git;a=commitdiff;h=3e9cf62470c4b8cd5f721… commit 3e9cf62470c4b8cd5f7212c6bfe05d45bcaea4a2 Author: Mark Jansen <mark.jansen(a)reactos.org> AuthorDate: Fri Dec 28 19:26:32 2018 +0100 Commit: Mark Jansen <mark.jansen(a)reactos.org> CommitDate: Thu Jan 3 22:52:18 2019 +0100 [LDR] Don't dereference a possible nullptr on a malformed forwarded import --- dll/ntdll/ldr/ldrpe.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/dll/ntdll/ldr/ldrpe.c b/dll/ntdll/ldr/ldrpe.c index d8d235b34b..1f7fa31236 100644 --- a/dll/ntdll/ldr/ldrpe.c +++ b/dll/ntdll/ldr/ldrpe.c @@ -962,7 +962,7 @@ LdrpSnapThunk(IN PVOID ExportBase, PIMAGE_IMPORT_BY_NAME AddressOfData; PULONG NameTable; PUSHORT OrdinalTable; - LPSTR ImportName = NULL; + LPSTR ImportName = NULL, DotPosition; USHORT Hint; NTSTATUS Status; ULONG_PTR HardErrorParameters[3]; @@ -1117,8 +1117,14 @@ FailurePath: { /* Get the Import and Forwarder Names */ ImportName = (LPSTR)Thunk->u1.Function; + + DotPosition = strchr(ImportName, '.'); + ASSERT(DotPosition != NULL); + if (!DotPosition) + goto FailurePath; + ForwarderName.Buffer = ImportName; - ForwarderName.Length = (USHORT)(strchr(ImportName, '.') - ImportName); + ForwarderName.Length = (USHORT)(DotPosition - ImportName); ForwarderName.MaximumLength = ForwarderName.Length; Status = RtlAnsiStringToUnicodeString(&TempUString, &ForwarderName,