VirtualBox

Opened 7 years ago

Last modified 7 years ago

#16834 closed defect

VGDrvCommonIoCtl may be potentially dereferencing a null pointer on pcbDataReturned — at Version 1

Reported by: ColinIanKing Owned by:
Component: guest control Version: VirtualBox 5.1.22
Keywords: null pointer deference Cc:
Guest type: all Host type: Linux

Description (last modified by Frank Mehnert)

Function VGDrvCommonIoCtl in src/VBox/Additions/common/VBoxGuest/VBoxGuest.cpp is checking to see if pcbDataReturned is NULL and then setting it to zero, thus the code assumes there is a potential for the pointer to be NULL. However, later in the function we have:

            case VBOXGUEST_IOCTL_GUEST_CAPS_ACQUIRE:
                CHECKRET_SIZE("GUEST_CAPS_ACQUIRE", sizeof(VBoxGuestCapsAquire));
                rc = vgdrvIoCtl_GuestCapsAcquire(pDevExt, pSession, (VBoxGuestCapsAquire *)pvData);
                *pcbDataReturned = sizeof(VBoxGuestCapsAquire);
                break;

and this dereferencing the pointer that could potentially be zero.

Change History (1)

comment:1 by Frank Mehnert, 7 years ago

Description: modified (diff)
Note: See TracTickets for help on using tickets.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette