UNADDR (MessageBox on win7) WNDCLASSEXW.lpszClassName #505
Comments
|
From bruen...@google.com on July 21, 2011 11:31:50 pretty simple: this is a write of a pointer, no capacity, so this check should not be there |
|
From derek.br...@gmail.com on July 22, 2011 07:44:59 This issue was closed by revision r408 . Status: Fixed |
|
From bruen...@google.com on July 22, 2011 08:05:56 Issue 25 has been merged into this issue. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
From bruen...@google.com on July 21, 2011 14:04:47
xref issue #499 xref issue #60 didn't see before b/c didn't have NtUserGetClassInfoEx before
(only had NtUserGetClassInfo entry)
so the unknown param handler did the right thing: I guess lpszMenuName
wasn't read after that, or was already defined.
NtUserGetClassInfo* is not called on xp64 gui-inject.exe,
nor on win7 in issue499 test app.
0:000> dt safe
Local var @ 0x245c9c68 Type tagWNDCLASSEXW
+0x000 cbSize : 0x76372499
+0x004 style : 0x18f0f8
+0x008 lpfnWndProc : 0x00000010 +10
+0x00c cbClsExtra : 1983267092
+0x010 cbWndExtra : 0
+0x014 hInstance : 0x00c36ba4
+0x018 hIcon : 0x0018f0b0
+0x01c hCursor : 0x76372a46
+0x020 hbrBackground : 0x00c36ba4
+0x024 lpszMenuName : 0x0018f0f8 "MSCTFIME UI"
+0x028 lpszClassName : 0x04090409 ""
+0x02c hIconSm : 0x0018f11c
0:000> dc @@(safe.lpszClassName)
04090409 ???????? ???????? ???????? ???????? ????????????????
no indication that lpszClassName is optional. the "predefined names" are
real strings, not constants. and an atom must have top bytes as zero. so what's going on?
Original issue: http://code.google.com/p/drmemory/issues/detail?id=505
The text was updated successfully, but these errors were encountered: