mirror of
https://github.com/reactos/reactos.git
synced 2025-08-07 20:53:04 +00:00
[KERNEL32]
Clean-up IntReadConsoleOutputCode a little bit. [CONSRV] Fix a buffer overflow in SrvReadConsoleOutputString, which was translated sometimes into heap corruption and assert, triggered when freeing a remote captured buffer in csrsrv, when executing kernel32_winetest console, just during a call to ReadConsoleOutputCharacterA. Nevertheless I still keep the culprit code (commented-out now) because it might be useful in the future. svn path=/branches/ros-csrss/; revision=58229
This commit is contained in:
Hermès Bélusca-Maïto
parent
6d28ec8640
commit
7846f054ff
2 changed files with 28 additions and 35 deletions
|
|
@ -351,10 +351,7 @@ IntReadConsoleOutputCode(HANDLE hConsoleOutput,
|
||||||
ReadOutputCodeRequest->CodeType = CodeType;
|
ReadOutputCodeRequest->CodeType = CodeType;
|
||||||
ReadOutputCodeRequest->ReadCoord = dwReadCoord;
|
ReadOutputCodeRequest->ReadCoord = dwReadCoord;
|
||||||
|
|
||||||
// while (nLength > 0)
|
|
||||||
{
|
|
||||||
ReadOutputCodeRequest->NumCodesToRead = nLength;
|
ReadOutputCodeRequest->NumCodesToRead = nLength;
|
||||||
// SizeBytes = ReadOutputCodeRequest->NumCodesToRead * CodeSize;
|
|
||||||
|
|
||||||
Status = CsrClientCallServer((PCSR_API_MESSAGE)&ApiMessage,
|
Status = CsrClientCallServer((PCSR_API_MESSAGE)&ApiMessage,
|
||||||
CaptureBuffer,
|
CaptureBuffer,
|
||||||
|
|
@ -369,15 +366,11 @@ IntReadConsoleOutputCode(HANDLE hConsoleOutput,
|
||||||
|
|
||||||
BytesRead = ReadOutputCodeRequest->CodesRead * CodeSize;
|
BytesRead = ReadOutputCodeRequest->CodesRead * CodeSize;
|
||||||
memcpy(pCode, ReadOutputCodeRequest->pCode.pCode, BytesRead);
|
memcpy(pCode, ReadOutputCodeRequest->pCode.pCode, BytesRead);
|
||||||
// pCode = (PVOID)((ULONG_PTR)pCode + /*(ULONG_PTR)*/BytesRead);
|
|
||||||
// nLength -= ReadOutputCodeRequest->CodesRead;
|
|
||||||
// CodesRead += ReadOutputCodeRequest->CodesRead;
|
|
||||||
|
|
||||||
ReadOutputCodeRequest->ReadCoord = ReadOutputCodeRequest->EndCoord;
|
ReadOutputCodeRequest->ReadCoord = ReadOutputCodeRequest->EndCoord;
|
||||||
}
|
|
||||||
|
|
||||||
if (lpNumberOfCodesRead != NULL)
|
if (lpNumberOfCodesRead != NULL)
|
||||||
*lpNumberOfCodesRead = /*CodesRead;*/ ReadOutputCodeRequest->CodesRead;
|
*lpNumberOfCodesRead = ReadOutputCodeRequest->CodesRead;
|
||||||
|
|
||||||
CsrFreeCaptureBuffer(CaptureBuffer);
|
CsrFreeCaptureBuffer(CaptureBuffer);
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -862,20 +862,20 @@ CSR_API(SrvReadConsoleOutputString)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
switch (CodeType)
|
// switch (CodeType)
|
||||||
{
|
// {
|
||||||
case CODE_UNICODE:
|
// case CODE_UNICODE:
|
||||||
*(PWCHAR)ReadBuffer = 0;
|
// *(PWCHAR)ReadBuffer = 0;
|
||||||
break;
|
// break;
|
||||||
|
|
||||||
case CODE_ASCII:
|
// case CODE_ASCII:
|
||||||
*(PCHAR)ReadBuffer = 0;
|
// *(PCHAR)ReadBuffer = 0;
|
||||||
break;
|
// break;
|
||||||
|
|
||||||
case CODE_ATTRIBUTE:
|
// case CODE_ATTRIBUTE:
|
||||||
*(PWORD)ReadBuffer = 0;
|
// *(PWORD)ReadBuffer = 0;
|
||||||
break;
|
// break;
|
||||||
}
|
// }
|
||||||
|
|
||||||
ReadOutputCodeRequest->EndCoord.X = Xpos;
|
ReadOutputCodeRequest->EndCoord.X = Xpos;
|
||||||
ReadOutputCodeRequest->EndCoord.Y = (Ypos - Buff->VirtualY + Buff->MaxY) % Buff->MaxY;
|
ReadOutputCodeRequest->EndCoord.Y = (Ypos - Buff->VirtualY + Buff->MaxY) % Buff->MaxY;
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue