Opened 7 years ago
Last modified 7 years ago
#16834 closed defect
VGDrvCommonIoCtl may be potentially dereferencing a null pointer on pcbDataReturned — at Initial Version
Reported by: | ColinIanKing | Owned by: | |
---|---|---|---|
Component: | guest control | Version: | VirtualBox 5.1.22 |
Keywords: | null pointer deference | Cc: | |
Guest type: | all | Host type: | Linux |
Description
Function VGDrvCommonIoCtl in src/VBox/Additions/common/VBoxGuest/VBoxGuest.cpp is checking to see if pcbDataReturned is NULL and then setting it to zero, thus the code assumes there is a potential for the pointer to be NULL. However, later in the function we have:
case VBOXGUEST_IOCTL_GUEST_CAPS_ACQUIRE:
CHECKRET_SIZE("GUEST_CAPS_ACQUIRE", sizeof(VBoxGuestCapsAquire)); rc = vgdrvIoCtl_GuestCapsAcquire(pDevExt, pSession, (VBoxGuestCapsAquire *)pvData); *pcbDataReturned = sizeof(VBoxGuestCapsAquire); break;
and this dereferencing the pointer that could potentially be zero.