Description
Coverity fixes :
- CID 515122: Unitialized scalar variable in ntoskrnl/ex/init.c : The NlsTableSizes array was not initialized.
- CID 716200 & 716267: Out-of-bounds access in ntoskrnl/ex/init.c : Bad usage of the snwprintf function : The 'Count' argument (second one) is a count of __characters_ (-> bytes when CHAR, WCHARs when WCHAR) (see: http://msdn.microsoft.com/en-us/library/2ts7cx93(v=vs.71).aspx :
Return Value
=========
_snprintf returns the number of bytes stored in buffer, not counting the terminating null character. If the number of bytes required to store the data exceeds count, then count bytes of data are stored in buffer and a negative value is returned. _snwprintf returns the number of wide characters stored in buffer, not counting the terminating null wide character. If the storage required to store the data exceeds count wide characters, then count wide characters are stored in buffer and a negative value is returned.
Also, do not use p as temp variable, directly use the array InitBuffer->DebugBuffer, and use sizeof to query the 256 length.
- CID 701301: Unintentional integer overflow in ntoskrnl/ex/sysinfo.c : Cast to ULONGLONG.
- CID 514669: Array compared against 0 in ntoskrnl/ex/sysinfo.c : Here, Process->ImageFileName is an array of 16 CHARs. Removing the check for Process->ImageFileName.
Attachments
Issue Links
- blocks
-
CORE-6681 ntoskrnl: Coverity code defects
- Resolved