mirror of
https://github.com/reactos/reactos.git
synced 2025-05-20 17:45:06 +00:00
[WIN32K:NTGDI]
- Handle arbitrary-length DEVMODEW structures in NtGdiOpenDCW. Patch by Katayama Hirofumi MZ with small changes by me. CORE-12068 #resolve svn path=/trunk/; revision=72871
This commit is contained in:
Thomas Faber
parent
c60a62e0de
commit
c77ad2e9b5
1 changed files with 27 additions and 6 deletions
|
|
@ -692,9 +692,11 @@ NtGdiOpenDCW(
|
||||||
{
|
{
|
||||||
UNICODE_STRING ustrDevice;
|
UNICODE_STRING ustrDevice;
|
||||||
WCHAR awcDevice[CCHDEVICENAME];
|
WCHAR awcDevice[CCHDEVICENAME];
|
||||||
DEVMODEW dmInit;
|
|
||||||
PVOID dhpdev;
|
PVOID dhpdev;
|
||||||
HDC hdc;
|
HDC hdc;
|
||||||
|
WORD dmSize, dmDriverExtra;
|
||||||
|
DWORD Size;
|
||||||
|
DEVMODEW * _SEH2_VOLATILE pdmAllocated = NULL;
|
||||||
|
|
||||||
/* Only if a devicename is given, we need any data */
|
/* Only if a devicename is given, we need any data */
|
||||||
if (pustrDevice)
|
if (pustrDevice)
|
||||||
|
|
@ -711,13 +713,22 @@ NtGdiOpenDCW(
|
||||||
/* Copy the string */
|
/* Copy the string */
|
||||||
RtlCopyUnicodeString(&ustrDevice, pustrDevice);
|
RtlCopyUnicodeString(&ustrDevice, pustrDevice);
|
||||||
|
|
||||||
|
/* Allocate and store pdmAllocated if pdmInit is not NULL */
|
||||||
if (pdmInit)
|
if (pdmInit)
|
||||||
{
|
{
|
||||||
/* FIXME: could be larger */
|
|
||||||
/* According to a comment in Windows SDK the size of the buffer for
|
|
||||||
pdm is (pdm->dmSize + pdm->dmDriverExtra) */
|
|
||||||
ProbeForRead(pdmInit, sizeof(DEVMODEW), 1);
|
ProbeForRead(pdmInit, sizeof(DEVMODEW), 1);
|
||||||
RtlCopyMemory(&dmInit, pdmInit, sizeof(DEVMODEW));
|
|
||||||
|
dmSize = pdmInit->dmSize;
|
||||||
|
dmDriverExtra = pdmInit->dmDriverExtra;
|
||||||
|
Size = dmSize + dmDriverExtra;
|
||||||
|
ProbeForRead(pdmInit, Size, 1);
|
||||||
|
|
||||||
|
pdmAllocated = ExAllocatePoolWithTag(PagedPool | POOL_RAISE_IF_ALLOCATION_FAILURE,
|
||||||
|
Size,
|
||||||
|
TAG_DC);
|
||||||
|
RtlCopyMemory(pdmAllocated, pdmInit, Size);
|
||||||
|
pdmAllocated->dmSize = dmSize;
|
||||||
|
pdmAllocated->dmDriverExtra = dmDriverExtra;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (pUMdhpdev)
|
if (pUMdhpdev)
|
||||||
|
|
@ -727,6 +738,10 @@ NtGdiOpenDCW(
|
||||||
}
|
}
|
||||||
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
|
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
|
||||||
{
|
{
|
||||||
|
if (pdmAllocated)
|
||||||
|
{
|
||||||
|
ExFreePoolWithTag(pdmAllocated, TAG_DC);
|
||||||
|
}
|
||||||
SetLastNtError(_SEH2_GetExceptionCode());
|
SetLastNtError(_SEH2_GetExceptionCode());
|
||||||
_SEH2_YIELD(return NULL);
|
_SEH2_YIELD(return NULL);
|
||||||
}
|
}
|
||||||
|
|
@ -750,7 +765,7 @@ NtGdiOpenDCW(
|
||||||
|
|
||||||
/* Call the internal function */
|
/* Call the internal function */
|
||||||
hdc = GreOpenDCW(pustrDevice ? &ustrDevice : NULL,
|
hdc = GreOpenDCW(pustrDevice ? &ustrDevice : NULL,
|
||||||
pdmInit ? &dmInit : NULL,
|
pdmAllocated,
|
||||||
NULL, // FIXME: pwszLogAddress
|
NULL, // FIXME: pwszLogAddress
|
||||||
iType,
|
iType,
|
||||||
bDisplay,
|
bDisplay,
|
||||||
|
|
@ -775,6 +790,12 @@ NtGdiOpenDCW(
|
||||||
_SEH2_END
|
_SEH2_END
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* Free the allocated */
|
||||||
|
if (pdmAllocated)
|
||||||
|
{
|
||||||
|
ExFreePoolWithTag(pdmAllocated, TAG_DC);
|
||||||
|
}
|
||||||
|
|
||||||
return hdc;
|
return hdc;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue