[win32k]

- In FNID_SENDMESSAGECALLBACK use SEH before accesing the user-mode buffer svn path=/trunk/; revision=49962
2024-07-07 21:25:05 +00:00 · 2010-12-06 12:07:05 +00:00 · 2010-12-06 12:07:05 +00:00 · a38b059ca1
parent 3e169e3cb2
commit a38b059ca1
1 changed files with 14 additions and 5 deletions
--- a/reactos/subsystems/win32/win32k/ntuser/message.c
+++ b/reactos/subsystems/win32/win32k/ntuser/message.c
@ -2175,14 +2175,23 @@ NtUserMessageCall( HWND hWnd,
        break;
    case FNID_SENDMESSAGECALLBACK:
        {
-            PCALL_BACK_INFO CallBackInfo = (PCALL_BACK_INFO)ResultInfo;
+            CALL_BACK_INFO CallBackInfo;
            ULONG_PTR uResult;
-
-            if (!CallBackInfo)
-                break;
+            
+            _SEH2_TRY
+            {
+                ProbeForRead((PVOID)ResultInfo, sizeof(CALL_BACK_INFO), 1);
+                RtlCopyMemory(&CallBackInfo, (PVOID)ResultInfo, sizeof(CALL_BACK_INFO));
+            }
+            _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
+            {
+                Ret = FALSE;
+                _SEH2_YIELD(break);
+            }
+            _SEH2_END;

            if (!co_IntSendMessageWithCallBack(hWnd, Msg, wParam, lParam,
-                        CallBackInfo->CallBack, CallBackInfo->Context, &uResult))
+                        CallBackInfo.CallBack, CallBackInfo.Context, &uResult))
            {
                DPRINT1("Callback failure!\n");
            }