[SERVICES]

- Use FIELD_OFFSET for variable-length structure sizes - Handle an invalid parameter condition in RCreateServiceW. Fixes an advapi32:service test - Do not dereference a NULL-pointer on out-of-memory svn path=/trunk/; revision=54315
2025-05-18 00:31:27 +00:00 · 2011-11-06 14:23:39 +00:00 · 2011-11-06 14:23:39 +00:00 · 0b595ead09
commit 0b595ead09
parent ac825c5ef6
2 changed files with 17 additions and 8 deletions
--- a/reactos/base/system/services/database.c
+++ b/reactos/base/system/services/database.c
@ -193,7 +193,7 @@ ScmCreateOrReferenceServiceImage(PSERVICE pService)
        /* Create a new service image */
        pServiceImage = HeapAlloc(GetProcessHeap(),
                                  HEAP_ZERO_MEMORY,
-                                  sizeof(SERVICE_IMAGE) + ((wcslen(ImagePath.Buffer) + 1) * sizeof(WCHAR)));
+                                  FIELD_OFFSET(SERVICE_IMAGE, szImagePath[wcslen(ImagePath.Buffer) + 1]));
        if (pServiceImage == NULL)
        {
            dwError = ERROR_NOT_ENOUGH_MEMORY;
@ -368,7 +368,7 @@ ScmCreateNewServiceRecord(LPCWSTR lpServiceName,
    /* Allocate service entry */
    lpService = HeapAlloc(GetProcessHeap(),
                          HEAP_ZERO_MEMORY,
-                          sizeof(SERVICE) + ((wcslen(lpServiceName) + 1) * sizeof(WCHAR)));
+                          FIELD_OFFSET(SERVICE, szServiceName[wcslen(lpServiceName) + 1]));
    if (lpService == NULL)
        return ERROR_NOT_ENOUGH_MEMORY;

--- a/reactos/base/system/services/rpcserver.c
+++ b/reactos/base/system/services/rpcserver.c
@ -155,7 +155,7 @@ ScmCreateManagerHandle(LPWSTR lpDatabaseName,

    Ptr = HeapAlloc(GetProcessHeap(),
                    HEAP_ZERO_MEMORY,
-                    sizeof(MANAGER_HANDLE) + (wcslen(lpDatabaseName) + 1) * sizeof(WCHAR));
+                    FIELD_OFFSET(MANAGER_HANDLE, DatabaseName[wcslen(lpDatabaseName) + 1]));
    if (Ptr == NULL)
        return ERROR_NOT_ENOUGH_MEMORY;

@ -1999,6 +1999,12 @@ DWORD RCreateServiceW(
        return ERROR_INVALID_PARAMETER;
    }

+    if ((dwServiceType & SERVICE_KERNEL_DRIVER) &&
+        (dwServiceType & SERVICE_FILE_SYSTEM_DRIVER))
+    {
+        return ERROR_INVALID_PARAMETER;
+    }
+
    if ((dwServiceType == (SERVICE_WIN32_OWN_PROCESS | SERVICE_INTERACTIVE_PROCESS)) &&
        (lpServiceStartName))
    {
@ -2267,9 +2273,12 @@ done:;
    }
    else
    {
-        /* Release the display name buffer */
-        if (lpService->lpServiceName != NULL)
+        if (lpService != NULL &&
+            lpService->lpServiceName != NULL)
+        {
+            /* Release the display name buffer */
            HeapFree(GetProcessHeap(), 0, lpService->lpDisplayName);
+        }

        if (hServiceHandle)
        {
@ -2366,7 +2375,7 @@ DWORD REnumDependentServicesW(
                                (dwServicesReturned + 1) * sizeof(PSERVICE));
    if (!lpServicesArray)
    {
-        DPRINT("Could not allocate a buffer!!\n");
+        DPRINT1("Could not allocate a buffer!!\n");
        dwError = ERROR_NOT_ENOUGH_MEMORY;
        goto Done;
    }
@ -4550,8 +4559,8 @@ DWORD RChangeServiceConfig2A(
            dwLength = (strlen(Info.lpDescription) + 1) * sizeof(WCHAR);

            lpServiceDescriptonW = HeapAlloc(GetProcessHeap(),
-                                            0,
-                                            dwLength + sizeof(SERVICE_DESCRIPTIONW));
+                                             0,
+                                             dwLength + sizeof(SERVICE_DESCRIPTIONW));
            if (!lpServiceDescriptonW)
            {
                return ERROR_NOT_ENOUGH_MEMORY;