[fireball] 25332: Dmitry G. Gorbachev (hto at mail cnt dot ru): NtOpenKey() calls ObpCaptureObjectAttributes() which can return null ObjectName. Then null pointer used in if (ObjectName.Buffer[(ObjectName.Length / sizeof(WCHAR)) - 1] == '\\') which leads to a crash. - Ros-diffs

6 Jan 2007

Author: fireball
Date: Sat Jan  6 22:14:41 2007
New Revision: 25332
URL: http://svn.reactos.org/svn/reactos?rev=25332&view=rev
Log:
Dmitry G. Gorbachev (hto at mail cnt dot ru):
NtOpenKey() calls ObpCaptureObjectAttributes() which can return null
ObjectName.
Then null pointer used in
 if (ObjectName.Buffer[(ObjectName.Length / sizeof(WCHAR)) - 1] == '\')
which leads to a crash.
Modified:
    trunk/reactos/ntoskrnl/cm/ntfunc.c
Modified: trunk/reactos/ntoskrnl/cm/ntfunc.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/cm/ntfunc.c?rev=25...
==============================================================================

--- trunk/reactos/ntoskrnl/cm/ntfunc.c (original)
+++ trunk/reactos/ntoskrnl/cm/ntfunc.c Sat Jan  6 22:14:41 2007
@@ -1367,7 +1367,8 @@
       return Status;
     }
-  if (ObjectName.Buffer[(ObjectName.Length / sizeof(WCHAR)) - 1] == '\')
+  if (ObjectName.Buffer && 
+      ObjectName.Buffer[(ObjectName.Length / sizeof(WCHAR)) - 1] == '\')
     {
       ObjectName.Buffer[(ObjectName.Length / sizeof(WCHAR)) - 1] = UNICODE_NULL;
       ObjectName.Length -= sizeof(WCHAR);

    