sikuli-driver team mailing list archive

Thread
Date

[Bug 1101171] Re: X-1.0rc3: Windows: Java_org_sikuli_script_Win32Util_openApp should use SecureZeroMemory

To: sikuli-driver@xxxxxxxxxxxxxxxxxxx
From: RaiMan <rmhdevelop@xxxxxx>
Date: Tue, 07 May 2013 13:59:04 -0000
Reply-to: Bug 1101171 <1101171@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: sikuli
   Importance: High => Medium

-- 
You received this bug notification because you are a member of Sikuli
Drivers, which is subscribed to Sikuli.
https://bugs.launchpad.net/bugs/1101171

Title:
  X-1.0rc3: Windows:  Java_org_sikuli_script_Win32Util_openApp should
  use SecureZeroMemory

Status in Sikuli:
  Fix Committed

Bug description:
  In function Java_org_sikuli_script_Win32Util_openApp in file sikuli-
  script\src\main\native\Win32Util.cc, the usage of ZeroMemory  in
  conjunction with using compiler optimization, can lead to unwanted
  effects.

  For example, I experienced that the function intermittently opened an
  app in a minimized state. This started to happen on Windows 8, but not
  on other platforms.

  Now, the reason for that, can be that the struct STARTUPINFO is
  actually not all zeros. Please see article on:
  https://www.securecoding.cert.org/confluence/display/cplusplus/MSC06-CPP.+Be+aware+of+compiler+optimization+when+dealing+with+sensitive+data

  Instead of using ZeroMemory, SecureZeroMemory should be used.

To manage notifications about this bug go to:
https://bugs.launchpad.net/sikuli/+bug/1101171/+subscriptions

References

[Bug 1101171] [NEW] Use of ZeroMemory in Java_org_sikuli_script_Win32Util_openApp leads to intermittent problems
From: Kristian Karl, 2013-01-18