Be more defensive about how windows RegistryKeys are handled #739
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Few things along a general theme of skepticism in this registry code.
Fixes an issue where
HKEY_LOCAL_MACHINE
is not sign-extended into 64 bits on 64 bit targets.From discussion with @ChrisDenton it's unclear why this works, perhaps internal details, or odd handle behavior with
KEY_WOW64_32KEY
. Dunno, easy fix (hopefully).Replaces
Repr::Const(...)
withRepr::LocalMachine
.According to https://learn.microsoft.com/en-us/windows/win32/api/winreg/nf-winreg-regqueryvalueexw, using this with some HKEY types (
HKEY_PERFORMANCE_DATA
and presumably its subkeys) requires using the API in a totally different way, and knowing exactly which type you're dealing with. If you try to use the API as you normally, it seems like you'd end up with UB.Since we don't care at all about
HKEY_PERFORMANCE_DATA
, this just makes it clearer that we should never have otherRepr::Const
s thanHKEY_LOCAL_MACHINE
.Behaves a lot more defensively in
RegistryKey::query_str
. Specifically, it adds some asserts that the values we get are as we'd expect, and defensively zeroes the memory we allocate for the wide string.This is being a bit paranoid, but most of these weird behaviors seem like they could happen if we happened to have a
HKEY_PERFORMANCE_DATA
-derived key, and there's no easy way for us to check for that.These checks try to minimize how disastrous it would be if we did end up with one (panic rather than either heap buffer overflow or returning a pile of uninit memory to the caller).
Fixes a small oversight in a case where we'd panic the value we read happens to be the empty string. Presumably this couldn't actually happen, or we'd have gotten a bug report by now.
Adds some comments explaining this stuff, to make it more clear which things are done or not done intentionally.
r? @ChrisDenton