Uploaded image for project: 'Core ReactOS'
  1. Core ReactOS
  2. CORE-6624

Invalid use of SEH



    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Fix Version/s: 0.5
    • Component/s: NTCore, Win32SS
    • Labels:


      We have multiple cases where code inside SEH blocks is not "safe".

      • ntoskrnl/ex/sysinfo.c:768
        SeLocateProcessImageName is called, which allocates a string, which is not released when an exception happens after it.
      • ntoskrnl/ex/sysinfo.c:1031
        ExpQueryModuleInformation is called, SEH open from NtQuerySystemInformation, an exception causes unreleased KeEnterCriticalRegion and ExAcquireResourceExclusiveLite
      • ntoskrnl/ex/sysinfo.c:1988
        NtQuerySystemInformation calls different functions that
      • ntoskrnl/ex/sysinfo.c:1077
        QSISystemHandleInformation leaks process references when an exception happens.
      • ntoskrnl/ex/sysinfo.c:1337:
        SystemLoadGdiDriverInformation doesn't unload the driver, when an exception happens.
      • ntoskrnl/ex/sysinfo.c:1659, result of ProbeAndCaptureUnicodeString is not used, might call MmLoadSystemImage with an uninitialized image name.
      • ntoskrnl/ex/sysinfo.c:1799:
        QSISystemCreateSession doesn't free the session that it created, when an excepttion happens.
      • ntoskrnl/se/token.c:2026
        SeCaptureLuidAndAttributesArray shouldn't be wrapped in SEH
      • subsystems/csr/csrsrv/api.c:581/800
        Why is CsrpCheckRequestThreads inside SEH? The rest looks cheesy as well.
      • subsystems/win32/csrss/csrsrv/api/wapi.c:225
        The called APIs need to be reviewed. Why can they throw an exception and do they properly handle that? Why don't these APIs handle that completely themselves?
      • subsystems/win32/csrss/win32csr/file.c:139
        Use of RtlUpcaseUnicodeString must be reviewed.
      • subsystems/win32/csrss/win32csr/file.c:508
        All of the variables used in __finally must be volatile
      • win32k/ntuser/useratom.c:94
        Buffer is not probed
      • ntoskrnl/ob/oblife.c:373
        StringBuffer must be volatile

      NtQueryPerformanceCounter uses 2 SEH blocks, where one should be sufficient.

      Files to check:

      • dll/win32/userenv/environment.c
      • ntoskrnl/ob/obname.c
      • win32k/ntuser/window.c
      • ntoskrnl/ke/i386/usercall.c
      • ntoskrnl/mm/ARM3/virtual.c
      • win32k/objects/line.c
      • ntoskrnl/ob/oblife.c
      • ntoskrnl/lpc/send.c
      • ntoskrnl/lpc/reply.c
      • win32k/ntuser/cursoricon.c
      • ntoskrnl/fsrtl/notify.c
      • win32k/ntuser/clipboard.c
      • ntoskrnl/fsrtl/fastio.c
      • ntoskrnl/config/cmapi.c




            • Assignee:
              ThePhysicist Timo Kreuzer
              ThePhysicist Timo Kreuzer
            • Votes:
              2 Vote for this issue
              3 Start watching this issue


              • Created: