← Back to team overview

sikuli-driver team mailing list archive

[Bug 1101171] Re: X-1.0rc3: Windows: Java_org_sikuli_script_Win32Util_openApp should use SecureZeroMemory

 

** Changed in: sikuli
   Importance: High => Medium

-- 
You received this bug notification because you are a member of Sikuli
Drivers, which is subscribed to Sikuli.
https://bugs.launchpad.net/bugs/1101171

Title:
  X-1.0rc3: Windows:  Java_org_sikuli_script_Win32Util_openApp should
  use SecureZeroMemory

Status in Sikuli:
  Fix Committed

Bug description:
  In function Java_org_sikuli_script_Win32Util_openApp in file sikuli-
  script\src\main\native\Win32Util.cc, the usage of ZeroMemory  in
  conjunction with using compiler optimization, can lead to unwanted
  effects.

  For example, I experienced that the function intermittently opened an
  app in a minimized state. This started to happen on Windows 8, but not
  on other platforms.

  Now, the reason for that, can be that the struct STARTUPINFO is
  actually not all zeros. Please see article on:
  https://www.securecoding.cert.org/confluence/display/cplusplus/MSC06-CPP.+Be+aware+of+compiler+optimization+when+dealing+with+sensitive+data

  Instead of using ZeroMemory, SecureZeroMemory should be used.

To manage notifications about this bug go to:
https://bugs.launchpad.net/sikuli/+bug/1101171/+subscriptions


References