Author: fireball Date: Sat Jan 6 22:14:41 2007 New Revision: 25332 URL: http://svn.reactos.org/svn/reactos?rev=25332&view=rev Log: Dmitry G. Gorbachev (hto at mail cnt dot ru): NtOpenKey() calls ObpCaptureObjectAttributes() which can return null ObjectName. Then null pointer used in if (ObjectName.Buffer[(ObjectName.Length / sizeof(WCHAR)) - 1] == '\\') which leads to a crash. Modified: trunk/reactos/ntoskrnl/cm/ntfunc.c Modified: trunk/reactos/ntoskrnl/cm/ntfunc.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/cm/ntfunc.c?rev=2… ============================================================================== --- trunk/reactos/ntoskrnl/cm/ntfunc.c (original) +++ trunk/reactos/ntoskrnl/cm/ntfunc.c Sat Jan 6 22:14:41 2007 @@ -1367,7 +1367,8 @@ return Status; } - if (ObjectName.Buffer[(ObjectName.Length / sizeof(WCHAR)) - 1] == '\\') + if (ObjectName.Buffer && + ObjectName.Buffer[(ObjectName.Length / sizeof(WCHAR)) - 1] == '\\') { ObjectName.Buffer[(ObjectName.Length / sizeof(WCHAR)) - 1] = UNICODE_NULL; ObjectName.Length -= sizeof(WCHAR);