#16834 closed defect (invalid)
VGDrvCommonIoCtl may be potentially dereferencing a null pointer on pcbDataReturned
| Reported by: | ColinIanKing | Owned by: | |
|---|---|---|---|
| Component: | guest control | Version: | VirtualBox 5.1.22 |
| Keywords: | null pointer deference | Cc: | |
| Guest type: | all | Host type: | Linux |
Description (last modified by )
Function VGDrvCommonIoCtl in src/VBox/Additions/common/VBoxGuest/VBoxGuest.cpp is checking to see if pcbDataReturned is NULL and then setting it to zero, thus the code assumes there is a potential for the pointer to be NULL. However, later in the function we have:
case VBOXGUEST_IOCTL_GUEST_CAPS_ACQUIRE:
CHECKRET_SIZE("GUEST_CAPS_ACQUIRE", sizeof(VBoxGuestCapsAquire));
rc = vgdrvIoCtl_GuestCapsAcquire(pDevExt, pSession, (VBoxGuestCapsAquire *)pvData);
*pcbDataReturned = sizeof(VBoxGuestCapsAquire);
break;
and this dereferencing the pointer that could potentially be zero.
Change History (3)
comment:1 by , 7 years ago
| Description: | modified (diff) |
|---|
comment:2 by , 7 years ago
| Resolution: | → invalid |
|---|---|
| Status: | new → closed |
comment:3 by , 7 years ago
An advice if I may to "ColinIanKing"...
You can have the same effect if you post an e-mail to the VirtualBox developers' mailing list, without the need to open a ticket.
Note:
See TracTickets
for help on using tickets.


False positive. It can indeed happen that VGDrvCommonIoCtl() is called with pcbDataReturned = NULL but it's that parameter is never NULL for iFunction=VBOXGUEST_IOCTL_GUEST_CAPS_ACQUIRE. I admit that this is not obvious and that this is bad style but it's still not a bug and it's not worth to open a ticket.