ntdll: Avoid NULL deref in RtlDeleteTimer.
This commit is contained in:
parent
63908f039b
commit
6c597bac2e
|
@ -49,6 +49,7 @@ typedef struct _RTL_HANDLE_TABLE
|
|||
static HMODULE hntdll = 0;
|
||||
static SIZE_T (WINAPI *pRtlCompareMemory)(LPCVOID,LPCVOID,SIZE_T);
|
||||
static SIZE_T (WINAPI *pRtlCompareMemoryUlong)(PULONG, SIZE_T, ULONG);
|
||||
static NTSTATUS (WINAPI *pRtlDeleteTimer)(HANDLE, HANDLE, HANDLE);
|
||||
static VOID (WINAPI *pRtlMoveMemory)(LPVOID,LPCVOID,SIZE_T);
|
||||
static VOID (WINAPI *pRtlFillMemory)(LPVOID,SIZE_T,BYTE);
|
||||
static VOID (WINAPI *pRtlFillMemoryUlong)(LPVOID,SIZE_T,ULONG);
|
||||
|
@ -80,6 +81,7 @@ static void InitFunctionPtrs(void)
|
|||
if (hntdll) {
|
||||
pRtlCompareMemory = (void *)GetProcAddress(hntdll, "RtlCompareMemory");
|
||||
pRtlCompareMemoryUlong = (void *)GetProcAddress(hntdll, "RtlCompareMemoryUlong");
|
||||
pRtlDeleteTimer = (void *)GetProcAddress(hntdll, "RtlDeleteTimer");
|
||||
pRtlMoveMemory = (void *)GetProcAddress(hntdll, "RtlMoveMemory");
|
||||
pRtlFillMemory = (void *)GetProcAddress(hntdll, "RtlFillMemory");
|
||||
pRtlFillMemoryUlong = (void *)GetProcAddress(hntdll, "RtlFillMemoryUlong");
|
||||
|
@ -930,6 +932,13 @@ static void test_RtlAllocateAndInitializeSid(void)
|
|||
ok(ret == STATUS_INVALID_SID, "wrong error %08x\n", ret);
|
||||
}
|
||||
|
||||
static void test_RtlDeleteTimer(void)
|
||||
{
|
||||
NTSTATUS ret;
|
||||
ret = pRtlDeleteTimer(NULL, NULL, NULL);
|
||||
ok(ret == STATUS_INVALID_PARAMETER_1, "expected STATUS_INVALID_PARAMETER_1, got %x\n", ret);
|
||||
}
|
||||
|
||||
START_TEST(rtl)
|
||||
{
|
||||
InitFunctionPtrs();
|
||||
|
@ -962,4 +971,6 @@ START_TEST(rtl)
|
|||
test_HandleTables();
|
||||
if (pRtlAllocateAndInitializeSid)
|
||||
test_RtlAllocateAndInitializeSid();
|
||||
if (pRtlDeleteTimer)
|
||||
test_RtlDeleteTimer();
|
||||
}
|
||||
|
|
|
@ -1005,10 +1005,13 @@ NTSTATUS WINAPI RtlDeleteTimer(HANDLE TimerQueue, HANDLE Timer,
|
|||
HANDLE CompletionEvent)
|
||||
{
|
||||
struct queue_timer *t = Timer;
|
||||
struct timer_queue *q = t->q;
|
||||
struct timer_queue *q;
|
||||
NTSTATUS status = STATUS_PENDING;
|
||||
HANDLE event = NULL;
|
||||
|
||||
if (!Timer)
|
||||
return STATUS_INVALID_PARAMETER_1;
|
||||
q = t->q;
|
||||
if (CompletionEvent == INVALID_HANDLE_VALUE)
|
||||
status = NtCreateEvent(&event, EVENT_ALL_ACCESS, NULL, FALSE, FALSE);
|
||||
else if (CompletionEvent)
|
||||
|
|
Loading…
Reference in New Issue