Uninitialized pointer bug in _MCFCRT_TlsGet()

Question

Uninitialized pointer bug in _MCFCRT_TlsGet()

Closed this issue 8 years ago · 2 comments

Upon return of _MCFCRT_TlsGet() on [1] or [2] the content of *ppStorage is left uninitialized and attempt to use that value results in undefined behavior:

    TlsKey *const pKey = (TlsKey *)hTlsKey;
    if(!pKey){
        SetLastError(ERROR_INVALID_PARAMETER);
        return false;
    }
    TlsThread *const pThread = GetTlsForCurrentThread();
    if(!pThread){
        return true; // [1]
    }
    TlsObject *const pObject = GetTlsObject(pThread, pKey);
    if(!pObject){
        return true; // [2]
    }

Answer 1 · 2016-06-19T12:44:24.000Z

This is a false error, as there used to be *ppStorage = nullptr; on the first line.

But since this was obscure, I replaced it with

#ifndef NDEBUG
    *ppStorage = (void *)0xDEADBEEF;
#endif

And upon a return value of true we shall set the value properly.

Answer 2 · 2016-06-20T01:03:17.000Z

Re-marked as enhancement.