Commit 6c597bac authored by Jeff Zaroyko's avatar Jeff Zaroyko Committed by Alexandre Julliard

ntdll: Avoid NULL deref in RtlDeleteTimer.

parent 63908f03
......@@ -49,6 +49,7 @@ typedef struct _RTL_HANDLE_TABLE
static HMODULE hntdll = 0;
static SIZE_T (WINAPI *pRtlCompareMemory)(LPCVOID,LPCVOID,SIZE_T);
static SIZE_T (WINAPI *pRtlCompareMemoryUlong)(PULONG, SIZE_T, ULONG);
static NTSTATUS (WINAPI *pRtlDeleteTimer)(HANDLE, HANDLE, HANDLE);
static VOID (WINAPI *pRtlMoveMemory)(LPVOID,LPCVOID,SIZE_T);
static VOID (WINAPI *pRtlFillMemory)(LPVOID,SIZE_T,BYTE);
static VOID (WINAPI *pRtlFillMemoryUlong)(LPVOID,SIZE_T,ULONG);
......@@ -80,6 +81,7 @@ static void InitFunctionPtrs(void)
if (hntdll) {
pRtlCompareMemory = (void *)GetProcAddress(hntdll, "RtlCompareMemory");
pRtlCompareMemoryUlong = (void *)GetProcAddress(hntdll, "RtlCompareMemoryUlong");
pRtlDeleteTimer = (void *)GetProcAddress(hntdll, "RtlDeleteTimer");
pRtlMoveMemory = (void *)GetProcAddress(hntdll, "RtlMoveMemory");
pRtlFillMemory = (void *)GetProcAddress(hntdll, "RtlFillMemory");
pRtlFillMemoryUlong = (void *)GetProcAddress(hntdll, "RtlFillMemoryUlong");
......@@ -930,6 +932,13 @@ static void test_RtlAllocateAndInitializeSid(void)
ok(ret == STATUS_INVALID_SID, "wrong error %08x\n", ret);
}
static void test_RtlDeleteTimer(void)
{
NTSTATUS ret;
ret = pRtlDeleteTimer(NULL, NULL, NULL);
ok(ret == STATUS_INVALID_PARAMETER_1, "expected STATUS_INVALID_PARAMETER_1, got %x\n", ret);
}
START_TEST(rtl)
{
InitFunctionPtrs();
......@@ -962,4 +971,6 @@ START_TEST(rtl)
test_HandleTables();
if (pRtlAllocateAndInitializeSid)
test_RtlAllocateAndInitializeSid();
if (pRtlDeleteTimer)
test_RtlDeleteTimer();
}
......@@ -1005,10 +1005,13 @@ NTSTATUS WINAPI RtlDeleteTimer(HANDLE TimerQueue, HANDLE Timer,
HANDLE CompletionEvent)
{
struct queue_timer *t = Timer;
struct timer_queue *q = t->q;
struct timer_queue *q;
NTSTATUS status = STATUS_PENDING;
HANDLE event = NULL;
if (!Timer)
return STATUS_INVALID_PARAMETER_1;
q = t->q;
if (CompletionEvent == INVALID_HANDLE_VALUE)
status = NtCreateEvent(&event, EVENT_ALL_ACCESS, NULL, FALSE, FALSE);
else if (CompletionEvent)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment