From timurrrr.com on August 02, 2011 07:04:52

Repro:

include

include

include

define CHECK assert

typedef struct _UNICODE_STRING { USHORT Length; USHORT MaximumLength; PWSTR Buffer; } UNICODE_STRING;

typedef NTSTATUS (WINAPI *NtQueryObject)( HANDLE Handle, int ObjectInformationClass, PVOID ObjectInformation, ULONG ObjectInformationLength, PULONG ReturnLength);

int main() { HMODULE ntdll = ::GetModuleHandle("ntdll.dll"); NtQueryObject QueryObject = (NtQueryObject)::GetProcAddress(ntdll, "NtQueryObject"); CHECK(QueryObject != NULL);

HANDLE handle = ::CreateFile("test.txt", 0, FILE_SHARE_READ, NULL, OPEN_ALWAYS, 0, NULL); CHECK(handle != NULL);

ULONG size = 10; UNICODE_STRING* name = (UNICODE_STRING*)(new BYTE[size]); NTSTATUS result;

result = QueryObject(handle, 1 /* = ObjectNameInformation*/, name, size, &size); printf("result = 0x%X, size = %d\n", result, size); printf("name->Buffer = 0x%08X, name->Length = %d\n", name->Buffer, name->Length);

delete name; ::CloseHandle(handle); return 0; }

Report [Win7]: ... result = 0x80000005, size = 146 name->Buffer = 0x00000000, name->Length = 0 ... Error #1: UNADDRESSABLE ACCESS: writing 0x007f6eb2-0x007f6f3a 136 byte(s) within 0x007f6ea8-0x007f6f3a Note: prev lower malloc: 0x007f6ea8-0x007f6eb2 system call NtQueryObject 0x00401cea test.exe!__tmainCRTStartup f:\dd\vctools\crt_bld\self_x86\crt\src\crt0.c:266

Problems: a) DrM tries to make sure 0x007f6ea8-0x007f6f3a [146 bytes] is addressable though only the first 10 are. The range should not be accessible since the actual wriet doesn't happen (which is indicated by the failure result) b) the main() stack frame is absent [could be related to issue #406 ?]

Original issue: http://code.google.com/p/drmemory/issues/detail?id=531

该提问来源于开源项目：DynamoRIO/drmemory