From 958edf5d4b35b5befc14c3de4b5ce6d081da083e Mon Sep 17 00:00:00 2001
From: Magnus Olsen <magnus@greatlord.com>
Date: Sun, 4 May 2008 17:58:43 +0000
Subject: [PATCH] fixed NtUserEnumDisplaySettings bug inside
 IntEnumDisplaySettings  DWORD DisplayNumber was not init before it was use.
 GetDisplayNumberFromDeviceName did not allown pdevice with NULL value or
 string lenght is 0 thuse have been fixed.

svn path=/trunk/; revision=33274
---
 reactos/subsystems/win32/win32k/objects/dc.c | 47 ++++++++++++++++++--
 1 file changed, 43 insertions(+), 4 deletions(-)

diff --git a/reactos/subsystems/win32/win32k/objects/dc.c b/reactos/subsystems/win32/win32k/objects/dc.c
index 014399c16ea..443b3cb1d76 100644
--- a/reactos/subsystems/win32/win32k/objects/dc.c
+++ b/reactos/subsystems/win32/win32k/objects/dc.c
@@ -2717,8 +2717,17 @@ GetDisplayNumberFromDeviceName(
   if (DisplayNumber == NULL)
     return STATUS_INVALID_PARAMETER_2;
 
-  if (pDeviceName && pDeviceName->Length <= DisplayString.Length)
-    return STATUS_OBJECT_NAME_INVALID;
+ DPRINT1("GetDisplayNumberFromDeviceName Pass 1 seh  \n");
+
+  if ((pDeviceName != NULL) && (pDeviceName->Length != 0))
+  {
+    if (pDeviceName->Length <= DisplayString.Length)
+    {
+      DPRINT1("GetDisplayNumberFromDeviceName FAIL pDeviceName : %wZ  \n",pDeviceName);
+      DPRINT1("GetDisplayNumberFromDeviceName FAIL pDeviceName->Length : %d  \n",pDeviceName->Length);
+      return STATUS_OBJECT_NAME_INVALID;
+    }
+  }
 
   if (pDeviceName == NULL || pDeviceName->Length == 0)
   {
@@ -2757,7 +2766,7 @@ GetDisplayNumberFromDeviceName(
         Number = Number * 10 + Char - L'0';
       else if (Char != L'\0')
         return STATUS_OBJECT_NAME_INVALID;
-    }
+      }
 
     *DisplayNumber = Number - 1;
   }
@@ -2783,7 +2792,7 @@ IntEnumDisplaySettings(
   static UNICODE_STRING CachedDeviceName;
   PDEVMODEW CachedMode = NULL;
   DEVMODEW DevMode;
-  ULONG DisplayNumber;
+  ULONG DisplayNumber = 0;
 
   if (!NT_SUCCESS(GetDisplayNumberFromDeviceName(pDeviceName, &DisplayNumber)))
   {
@@ -2791,6 +2800,8 @@ IntEnumDisplaySettings(
     return FALSE;
   }
 
+  DPRINT1("IntEnumDisplaySettings Pass 1 seh  \n");
+
   DPRINT("DevMode->dmSize = %d\n", pDevMode->dmSize);
   DPRINT("DevMode->dmExtraSize = %d\n", pDevMode->dmDriverExtra);
   if (pDevMode->dmSize != SIZEOF_DEVMODEW_300 &&
@@ -2801,13 +2812,17 @@ IntEnumDisplaySettings(
     return FALSE;
   }
 
+  DPRINT1("IntEnumDisplaySettings Pass 2 seh  \n");
+
   if (iModeNum == ENUM_CURRENT_SETTINGS)
   {
+    DPRINT1("IntEnumDisplaySettings  ENUM_CURRENT_SETTINGS  \n");
     CachedMode = &PrimarySurface.DMW;
     ASSERT(CachedMode->dmSize > 0);
   }
   else if (iModeNum == ENUM_REGISTRY_SETTINGS)
   {
+    DPRINT1("IntEnumDisplaySettings  ENUM_REGISTRY_SETTINGS  \n");
     RtlZeroMemory(&DevMode, sizeof (DevMode));
     DevMode.dmSize = sizeof (DevMode);
     DevMode.dmDriverExtra = 0;
@@ -2821,9 +2836,13 @@ IntEnumDisplaySettings(
     /* FIXME: Maybe look for the matching devmode supplied by the
      *        driver so we can provide driver private/extra data?
      */
+
+    DPRINT1("IntEnumDisplaySettings Pass 3 seh  \n");
   }
   else
   {
+    DPRINT1("IntEnumDisplaySettings  NO FLAGs  \n");
+
     BOOL IsCachedDevice = (CachedDevModes != NULL);
 
     if (CachedDevModes &&
@@ -2840,6 +2859,8 @@ IntEnumDisplaySettings(
       LPWSTR CurrentName;
       DRVENABLEDATA DrvEnableData;
 
+      DPRINT1("IntEnumDisplaySettings iModeNum  \n");
+
       /* Free resources from last driver cache */
       if (IsCachedDevice == FALSE && CachedDeviceName.Buffer != NULL)
       {
@@ -2854,12 +2875,16 @@ IntEnumDisplaySettings(
         return FALSE;
       }
 
+      DPRINT1("IntEnumDisplaySettings Pass 4 seh  \n");
+
       if (!IntPrepareDriverIfNeeded())
       {
         DPRINT1("IntPrepareDriverIfNeeded failed\n");
         return FALSE;
       }
 
+      DPRINT1("IntEnumDisplaySettings Pass 5 seh  \n");
+
       /*
        * DriverFileNames may be a list of drivers in REG_SZ_MULTI format,
        * scan all of them until a good one found.
@@ -2940,6 +2965,9 @@ IntEnumDisplaySettings(
             SetLastWin32Error(STATUS_NO_MEMORY);
             return FALSE;
           }
+
+          DPRINT1("IntEnumDisplaySettings Pass 6 seh  \n");
+
           if (CachedDevModes != NULL)
           {
             RtlCopyMemory(NewBuffer, CachedDevModes, SizeUsed);
@@ -2978,12 +3006,19 @@ IntEnumDisplaySettings(
     }
 
     /* return cached info */
+
+
+     DPRINT1("IntEnumDisplaySettings return cached info  \n");
+
     CachedMode = CachedDevModes;
     if (CachedMode >= CachedDevModesEnd)
     {
       SetLastWin32Error(STATUS_NO_MORE_ENTRIES);
       return FALSE;
     }
+
+    DPRINT1("IntEnumDisplaySettings Pass 7 seh  \n");
+
     while (iModeNum-- > 0 && CachedMode < CachedDevModesEnd)
     {
       assert(CachedMode->dmSize > 0);
@@ -2994,10 +3029,14 @@ IntEnumDisplaySettings(
       SetLastWin32Error(STATUS_NO_MORE_ENTRIES);
       return FALSE;
     }
+
+    DPRINT1("IntEnumDisplaySettings Pass 8 seh  \n");
   }
 
   ASSERT(CachedMode != NULL);
 
+  DPRINT1("IntEnumDisplaySettings Pass 9 seh  \n");
+
   RtlCopyMemory(pDevMode, CachedMode, min(pDevMode->dmSize, CachedMode->dmSize));
   RtlZeroMemory(pDevMode + pDevMode->dmSize, pDevMode->dmDriverExtra);
   RtlCopyMemory(pDevMode + min(pDevMode->dmSize, CachedMode->dmSize), CachedMode + CachedMode->dmSize, min(pDevMode->dmDriverExtra, CachedMode->dmDriverExtra));