From 482fa683055ced70832b7c05ec7525add04ba4f5 Mon Sep 17 00:00:00 2001 From: Jan Kotas Date: Tue, 19 May 2015 00:55:02 -0700 Subject: [PATCH] Fix potential null pointer dereference Calling WriteFile with both lpOverlapped and lpNumberOfBytesWritten set to null is invalid combination on Windows 7 [tfs-changeset: 1472978] --- src/zap/zapimage.cpp | 4 ++++ src/zap/zapwriter.cpp | 5 ++++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/src/zap/zapimage.cpp b/src/zap/zapimage.cpp index a7723c7..09e2b4d 100644 --- a/src/zap/zapimage.cpp +++ b/src/zap/zapimage.cpp @@ -914,6 +914,10 @@ public: m_hasher.HashMore(pv, cb); + // We are calling with lpOverlapped == NULL so pcbWritten has to be present + // to prevent crashes in Win7 and below. + _ASSERTE(pcbWritten); + if (!::WriteFile(m_hFile, pv, cb, pcbWritten, NULL)) { hr = HRESULT_FROM_GetLastError(); diff --git a/src/zap/zapwriter.cpp b/src/zap/zapwriter.cpp index 2cd784b..357aebd 100644 --- a/src/zap/zapwriter.cpp +++ b/src/zap/zapwriter.cpp @@ -388,8 +388,11 @@ void ZapWriter::WritePad(DWORD dwSize, BYTE fill) while (dwSize >= WRITE_BUFFER_SIZE) { + ULONG cbWritten; cbAvailable = min(WRITE_BUFFER_SIZE, dwSize); - IfFailThrow(m_pStream->Write(m_pBuffer, cbAvailable, NULL)); + IfFailThrow(m_pStream->Write(m_pBuffer, cbAvailable, &cbWritten)); + _ASSERTE(cbWritten == cbAvailable); + dwSize -= cbAvailable; } -- 2.7.4