Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2025-08-03 19:55:41 +00:00
Code Issues Projects Releases Packages Wiki Activity

[WIN32K]

Browse source 
Fix the hack, so it doesn't cause overwriting of usermode memory.

svn path=/trunk/; revision=57445
This commit is contained in:
Timo Kreuzer 2012-09-30 22:02:02 +00:00
parent aec6311fb5
commit bdd3db1d3d
1 changed files with 3 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

5
reactos/win32ss/gdi/ntgdi/dibobj.c
View file

@ -1007,6 +1007,7 @@ NtGdiGetDIBitsInternal(
PBITMAPINFO pbmi;
HANDLE hSecure = NULL;
INT iResult = 0;
UINT cjAlloc;
/* Check for bad iUsage */
if (iUsage > 2) return 0;
@ -1022,10 +1023,10 @@ NtGdiGetDIBitsInternal(
// HACK: the underlying code sucks and doesn't care for the size, so we
// give it the maximum ever needed
cjMaxInfo = sizeof(BITMAPV5HEADER) + 256 * sizeof(RGBQUAD);
cjAlloc = sizeof(BITMAPV5HEADER) + 256 * sizeof(RGBQUAD);
/* Allocate a buffer the bitmapinfo */
pbmi = ExAllocatePoolWithTag(PagedPool, cjMaxInfo, 'imBG');
pbmi = ExAllocatePoolWithTag(PagedPool, cjAlloc, 'imBG');
if (!pbmi)
{
/* Fail */