[NTDLL/CSRSRV]

Re-fix part of the capture-buffer offset setting, based on what I understood from all my previous investigations. It reverts a little part of r57673 but fixing some existing bugs there. svn path=/branches/ros-csrss/; revision=57809
2025-02-22 16:36:33 +00:00 · 2012-12-06 22:24:27 +00:00 · 2012-12-06 22:24:27 +00:00 · 5127a493a3
commit 5127a493a3
parent 190ce5ba55
2 changed files with 54 additions and 32 deletions
--- a/dll/ntdll/csr/connect.c
+++ b/dll/ntdll/csr/connect.c
@ -51,7 +51,8 @@ CsrClientCallServer(IN OUT PCSR_API_MESSAGE ApiMessage,
                    IN ULONG DataLength)
 {
    NTSTATUS Status;
-    ULONG i;
+    ULONG PointerCount;
+    PULONG_PTR OffsetPointer;

    /* Fill out the Port Message Header. */
    ApiMessage->Header.u2.ZeroInit = 0;
@ -90,13 +91,16 @@ CsrClientCallServer(IN OUT PCSR_API_MESSAGE ApiMessage,
             * a server pointer, and each pointer to these message pointers
             * is converted into an offset.
             */
-            for (i = 0 ; i < CaptureBuffer->PointerCount ; ++i)
+            PointerCount  = CaptureBuffer->PointerCount;
+            OffsetPointer = CaptureBuffer->PointerOffsetsArray;
+            while (PointerCount--)
            {
-                if (CaptureBuffer->PointerOffsetsArray[i] != 0)
+                if (*OffsetPointer != 0)
                {
-                    *(PULONG_PTR)CaptureBuffer->PointerOffsetsArray[i] += CsrPortMemoryDelta;
-                    CaptureBuffer->PointerOffsetsArray[i] -= (ULONG_PTR)ApiMessage;
+                    *(PULONG_PTR)*OffsetPointer += CsrPortMemoryDelta;
+                    *OffsetPointer -= (ULONG_PTR)ApiMessage;
                }
+                ++OffsetPointer;
            }
        }

@ -120,13 +124,16 @@ CsrClientCallServer(IN OUT PCSR_API_MESSAGE ApiMessage,
             * pointers, and convert back these message server pointers
             * into client pointers.
             */
-            for (i = 0 ; i < CaptureBuffer->PointerCount ; ++i)
+            PointerCount  = CaptureBuffer->PointerCount;
+            OffsetPointer = CaptureBuffer->PointerOffsetsArray;
+            while (PointerCount--)
            {
-                if (CaptureBuffer->PointerOffsetsArray[i] != 0)
+                if (*OffsetPointer != 0)
                {
-                    CaptureBuffer->PointerOffsetsArray[i] += (ULONG_PTR)ApiMessage;
-                    *(PULONG_PTR)CaptureBuffer->PointerOffsetsArray[i] -= CsrPortMemoryDelta;
+                    *OffsetPointer += (ULONG_PTR)ApiMessage;
+                    *(PULONG_PTR)*OffsetPointer -= CsrPortMemoryDelta;
                }
+                ++OffsetPointer;
            }
        }

--- a/subsystems/win32/csrsrv/api.c
+++ b/subsystems/win32/csrsrv/api.c
@ -1125,7 +1125,9 @@ CsrCaptureArguments(IN PCSR_THREAD CsrThread,
    PCSR_CAPTURE_BUFFER LocalCaptureBuffer = NULL, RemoteCaptureBuffer = NULL;
    SIZE_T BufferDistance;
    ULONG Length = 0;
-    ULONG i;
+    ULONG PointerCount;
+    PULONG_PTR OffsetPointer;
+    ULONG_PTR CurrentOffset;

    /* Use SEH to make sure this is valid */
    _SEH2_TRY
@ -1182,19 +1184,23 @@ CsrCaptureArguments(IN PCSR_THREAD CsrThread,
     * All the pointer offsets correspond to pointers which point
     * to the remote data buffer instead of the local one.
     */
-    for (i = 0 ; i < RemoteCaptureBuffer->PointerCount ; ++i)
+    PointerCount  = RemoteCaptureBuffer->PointerCount;
+    OffsetPointer = RemoteCaptureBuffer->PointerOffsetsArray;
+    while (PointerCount--)
    {
-        if (RemoteCaptureBuffer->PointerOffsetsArray[i] != 0)
+        CurrentOffset = *OffsetPointer;
+
+        if (CurrentOffset != 0)
        {
-            /* Temporarily transform the offset into a pointer */
-            RemoteCaptureBuffer->PointerOffsetsArray[i] += (ULONG_PTR)ApiMessage;
+            /* Get the pointer corresponding to the offset */
+            CurrentOffset += (ULONG_PTR)ApiMessage;

            /* Validate the bounds of the current pointed pointer */
-            if ((*(PULONG_PTR)RemoteCaptureBuffer->PointerOffsetsArray[i] >= CsrThread->Process->ClientViewBase) &&
-                (*(PULONG_PTR)RemoteCaptureBuffer->PointerOffsetsArray[i] < CsrThread->Process->ClientViewBounds))
+            if ((*(PULONG_PTR)CurrentOffset >= CsrThread->Process->ClientViewBase) &&
+                (*(PULONG_PTR)CurrentOffset < CsrThread->Process->ClientViewBounds))
            {
                /* Modify the pointed pointer to take into account its new position */
-                *(PULONG_PTR)RemoteCaptureBuffer->PointerOffsetsArray[i] += BufferDistance;
+                *(PULONG_PTR)CurrentOffset += BufferDistance;
            }
            else
            {
@ -1203,10 +1209,9 @@ CsrCaptureArguments(IN PCSR_THREAD CsrThread,
                DbgBreakPoint();
                ApiMessage->Status = STATUS_INVALID_PARAMETER;
            }
-
-            /* Transform back into an offset */
-            RemoteCaptureBuffer->PointerOffsetsArray[i] -= (ULONG_PTR)ApiMessage;
        }
+
+        ++OffsetPointer;
    }

    /* Check if we got success */
@ -1249,7 +1254,9 @@ CsrReleaseCapturedArguments(IN PCSR_API_MESSAGE ApiMessage)
 {
    PCSR_CAPTURE_BUFFER RemoteCaptureBuffer, LocalCaptureBuffer;
    SIZE_T BufferDistance;
-    ULONG i;
+    ULONG PointerCount;
+    PULONG_PTR OffsetPointer;
+    ULONG_PTR CurrentOffset;

    /* Get the remote capture buffer */
    RemoteCaptureBuffer = ApiMessage->CsrCaptureData;
@ -1272,19 +1279,22 @@ CsrReleaseCapturedArguments(IN PCSR_API_MESSAGE ApiMessage)
     * to the local data buffer instead of the remote one (revert
     * the logic of CsrCaptureArguments).
     */
-    for (i = 0 ; i < RemoteCaptureBuffer->PointerCount ; ++i)
+    PointerCount  = RemoteCaptureBuffer->PointerCount;
+    OffsetPointer = RemoteCaptureBuffer->PointerOffsetsArray;
+    while (PointerCount--)
    {
-        if (RemoteCaptureBuffer->PointerOffsetsArray[i] != 0)
+        CurrentOffset = *OffsetPointer;
+
+        if (CurrentOffset != 0)
        {
-            /* Temporarily transform the offset into a pointer */
-            RemoteCaptureBuffer->PointerOffsetsArray[i] += (ULONG_PTR)ApiMessage;
+            /* Get the pointer corresponding to the offset */
+            CurrentOffset += (ULONG_PTR)ApiMessage;

            /* Modify the pointed pointer to take into account its new position */
-            *(PULONG_PTR)RemoteCaptureBuffer->PointerOffsetsArray[i] -= BufferDistance;
-
-            /* Transform back into an offset */
-            RemoteCaptureBuffer->PointerOffsetsArray[i] -= (ULONG_PTR)ApiMessage;
+            *(PULONG_PTR)CurrentOffset -= BufferDistance;
        }
+
+        ++OffsetPointer;
    }

    /* Copy the data back */
@ -1328,7 +1338,8 @@ CsrValidateMessageBuffer(IN PCSR_API_MESSAGE ApiMessage,
 {
    PCSR_CAPTURE_BUFFER CaptureBuffer = ApiMessage->CsrCaptureData;
    SIZE_T BufferDistance = (ULONG_PTR)Buffer - (ULONG_PTR)ApiMessage;
-    ULONG i;
+    ULONG PointerCount;
+    PULONG_PTR OffsetPointer;

    /*
     * Check whether we have a valid buffer pointer, elements
@ -1364,16 +1375,20 @@ CsrValidateMessageBuffer(IN PCSR_API_MESSAGE ApiMessage,
        if ((CaptureBuffer->Size - (ULONG_PTR)*Buffer + (ULONG_PTR)CaptureBuffer) >=
            (ElementCount * ElementSize))
        {
-            for (i = 0 ; i < CaptureBuffer->PointerCount ; ++i)
+            /* Perform the validation test */
+            PointerCount  = CaptureBuffer->PointerCount;
+            OffsetPointer = CaptureBuffer->PointerOffsetsArray;
+            while (PointerCount--)
            {
                /*
                 * The pointer offset must be equal to the delta between
                 * the addresses of the buffer and of the API message.
                 */
-                if (CaptureBuffer->PointerOffsetsArray[i] == BufferDistance)
+                if (*OffsetPointer == BufferDistance)
                {
                    return TRUE;
                }
+                ++OffsetPointer;
            }
        }
    }