From a7937e83b2f8606aa777098eb5e738241a5458e1 Mon Sep 17 00:00:00 2001 From: Tim Clem Date: Tue, 9 Aug 2022 13:10:15 -0700 Subject: [PATCH] kernelbase: Don't assume the length of the process image name. NtQueryInformationProcess(ProcessImageFileNameWin32) may return an empty string in some circumstances, which leads QueryFullProcessImageNameW to crash if called with flags including PROCESS_NAME_NATIVE, as that path assumed the image name had a length of at least 2. --- dlls/kernelbase/debug.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dlls/kernelbase/debug.c b/dlls/kernelbase/debug.c index 9e954e3ffbe..cd8e0d7f87d 100644 --- a/dlls/kernelbase/debug.c +++ b/dlls/kernelbase/debug.c @@ -1575,7 +1575,7 @@ BOOL WINAPI DECLSPEC_HOTPATCH QueryFullProcessImageNameW( HANDLE process, DWORD if (status) goto cleanup; - if (flags & PROCESS_NAME_NATIVE) + if (flags & PROCESS_NAME_NATIVE && result->Length > 2 * sizeof(WCHAR)) { WCHAR drive[3]; WCHAR device[1024];