Bug 694432 - Make the LdrLoadDll hook compatible with Windows 8 by not assuming that a valid path would always be passed; r=bsmedberg

--HG-- extra : rebase_source : e0df4ea7724118968276d55a0ec25fe4111756d4
2024-09-13 09:24:08 -07:00 · 2011-10-17 16:15:08 -04:00 · 2011-10-17 16:15:08 -04:00 · 082fd77472
commit 082fd77472
parent d5111d16d8
1 changed files with 8 additions and 2 deletions
--- a/toolkit/xre/nsWindowsDllBlocklist.cpp
+++ b/toolkit/xre/nsWindowsDllBlocklist.cpp
@ -210,11 +210,17 @@ patched_LdrLoadDll (PWCHAR filePath, PULONG flags, PUNICODE_STRING moduleFileNam
  wchar_t *dll_part;
  DllBlockInfo *info;

+  // In Windows 8, the first parameter seems to be used for more than just the
+  // path name.  For example, its numerical value can be 1.  Passing a non-valid
+  // pointer to SearchPathW will cause a crash, so we need to check to see if we
+  // are handed a valid pointer, and otherwise just pass NULL to SearchPathW.
+  PWCHAR sanitizedFilePath = (intptr_t(filePath) < 1024) ? NULL : filePath;
+
  int len = moduleFileName->Length / 2;
  wchar_t *fname = moduleFileName->Buffer;

  // figure out the length of the string that we need
-  DWORD pathlen = SearchPathW(filePath, fname, L".dll", 0, NULL, NULL);
+  DWORD pathlen = SearchPathW(sanitizedFilePath, fname, L".dll", 0, NULL, NULL);
  if (pathlen == 0) {
    // uh, we couldn't find the DLL at all, so...
    printf_stderr("LdrLoadDll: Blocking load of '%s' (SearchPathW didn't find it?)\n", dllName);
@ -228,7 +234,7 @@ patched_LdrLoadDll (PWCHAR filePath, PULONG flags, PUNICODE_STRING moduleFileNam
  }

  // now actually grab it
-  SearchPathW(filePath, fname, L".dll", pathlen+1, full_fname, NULL);
+  SearchPathW(sanitizedFilePath, fname, L".dll", pathlen+1, full_fname, NULL);

  // The filename isn't guaranteed to be null terminated, but in practice
  // it always will be; ensure that this is so, and bail if not.