From 75e296c6be08b7f5dd82b48edc86c4678a228c20 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Gardou?= Date: Tue, 25 May 2010 22:46:57 +0000 Subject: [PATCH] [WIN32K] - Check devmode size in NtUserChangeDisplaySettings - Copy memory instead of setting fields in UserEnumDisplaySettings, so we don't lost anything. svn path=/branches/reactos-yarotows/; revision=47355 --- subsystems/win32/win32k/ntuser/display.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/subsystems/win32/win32k/ntuser/display.c b/subsystems/win32/win32k/ntuser/display.c index 57e496e07dc..138a1ec24f6 100644 --- a/subsystems/win32/win32k/ntuser/display.c +++ b/subsystems/win32/win32k/ntuser/display.c @@ -648,11 +648,8 @@ NtUserEnumDisplaySettings( cbExtra = lpDevMode->dmDriverExtra; ProbeForWrite(lpDevMode, cbSize + cbExtra, 1); - lpDevMode->dmPelsWidth = pdm->dmPelsWidth; - lpDevMode->dmPelsHeight = pdm->dmPelsHeight; - lpDevMode->dmBitsPerPel = pdm->dmBitsPerPel; - lpDevMode->dmDisplayFrequency = pdm->dmDisplayFrequency; - lpDevMode->dmDisplayFlags = pdm->dmDisplayFlags; + /* Output what we got */ + RtlCopyMemory(lpDevMode, pdm, min(cbSize, pdm->dmSize)); /* output private/extra driver data */ if (cbExtra > 0 && pdm->dmDriverExtra > 0) @@ -703,6 +700,8 @@ UserChangeDisplaySettings( return DISP_CHANGE_BADPARAM; } } + else if (pdm->dmSize < FIELD_OFFSET(DEVMODEW, dmFields)) + return DISP_CHANGE_FAILED; else dm = *pdm;