Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
The DriverEntry routine should save a copy of the argument, not the pointer, because the I/O Manager frees the buffer
Remarks
The driver's DriverEntry routine is saving a copy of the pointer to the buffer instead of saving a copy of the buffer. Because the buffer is freed when the DriverEntry routine returns, the pointer to the buffer will soon be invalid.
Code analysis name: NOT_COPYING_NAME
Example
The following code generates this warning. g_RP is of type PUNICODE_STRING, which is a pointer to the data type UNICODE_STRING. By saving PUNICODE_STRING RegistryPath, we are only saving the pointer to the UNICODE_STRING where the data exists. This will be lost at the end of DriverEntry.
PUNICODE_STRING g_RP;
NTSTATUS
DriverEntry(
PDRIVER_OBJECT DriverObject,
PUNICODE_STRING RegistryPath
)
{
g_RP = RegistryPath;
return 0;
}
The following code remediates this issue. g_RP is now a UNICODE_STRING, with its own buffer. When the data is copied over, it will persist beyond the return of DriverEntry
UNICODE_STRING g_RP;
NTSTATUS
DriverEntry(
PDRIVER_OBJECT DriverObject,
PUNICODE_STRING RegistryPath
)
{
g_RP = CloneRegistryPath(RegistryPath); // CloneRegistryPath is an example helper function that copies over the data.
return 0;
}