From d746c66d9450fd9179e9c42a36a6613762c44654 Mon Sep 17 00:00:00 2001
From: Magnus Olsen <magnus@greatlord.com>
Date: Mon, 21 May 2007 20:51:55 +0000
Subject: [PATCH] Fixing another memory crash bug this time for GetFourCCCodes

svn path=/trunk/; revision=26860
---
 reactos/dll/directx/ddraw/Ddraw/ddraw_main.c | 33 +++++++++++---------
 reactos/dll/directx/ddraw/startup.c          |  4 ++-
 2 files changed, 21 insertions(+), 16 deletions(-)

diff --git a/reactos/dll/directx/ddraw/Ddraw/ddraw_main.c b/reactos/dll/directx/ddraw/Ddraw/ddraw_main.c
index 45005560f44..467ef24f695 100644
--- a/reactos/dll/directx/ddraw/Ddraw/ddraw_main.c
+++ b/reactos/dll/directx/ddraw/Ddraw/ddraw_main.c
@@ -146,28 +146,31 @@ HRESULT WINAPI
 Main_DirectDraw_GetFourCCCodes(LPDIRECTDRAW7 iface, LPDWORD lpNumCodes, LPDWORD lpCodes)
 {
     LPDDRAWI_DIRECTDRAW_INT This = (LPDDRAWI_DIRECTDRAW_INT)iface;
+    HRESULT retVal = DD_OK;
+
     DX_WINDBG_trace();
 
     /* FIXME protect with SEH or something else if lpCodes or lpNumCodes for bad user pointers */
     EnterCriticalSection(&ddcs);
 
-   if(!lpNumCodes)
-   {
-      LeaveCriticalSection(&ddcs);
-      return DDERR_INVALIDPARAMS;
-   }
-
-   if(lpCodes)
-   {
-      memcpy(lpCodes, This->lpLcl->lpGbl->lpdwFourCC, sizeof(DWORD)* min(This->lpLcl->lpGbl->dwNumFourCC, *lpNumCodes));
-   }
-   else
-   {
-      *lpNumCodes = This->lpLcl->lpGbl->dwNumFourCC;
-   }
+    if(!lpNumCodes)
+    {
+       retVal = DDERR_INVALIDPARAMS;
+    }
+    else
+    {
+       if ((lpCodes) && (*lpCodes))
+       {
+            memcpy(lpCodes, This->lpLcl->lpGbl->lpdwFourCC, sizeof(DWORD)* min(This->lpLcl->lpGbl->dwNumFourCC, *lpNumCodes));
+       }
+       else
+       {
+            *lpNumCodes = This->lpLcl->lpGbl->dwNumFourCC;
+       }
+    }
 
     LeaveCriticalSection(&ddcs);
-    return DD_OK;
+    return retVal;
 }
 
 HRESULT WINAPI 
diff --git a/reactos/dll/directx/ddraw/startup.c b/reactos/dll/directx/ddraw/startup.c
index 67c55c8c12c..b11a642c84e 100644
--- a/reactos/dll/directx/ddraw/startup.c
+++ b/reactos/dll/directx/ddraw/startup.c
@@ -188,7 +188,7 @@ StartDirectDraw(LPDIRECTDRAW iface, LPGUID lpGuid, BOOL reenable)
 
     if (reenable == FALSE)
     {
-        if (This->lpLink == NULL)
+        if ((!IsBadReadPtr(This->lpLink,sizeof(LPDIRECTDRAW))) && (This->lpLink == NULL))
         {
             RtlZeroMemory(&ddgbl, sizeof(DDRAWI_DIRECTDRAW_GBL));
             This->lpLcl->lpGbl->dwRefCnt++;
@@ -470,6 +470,8 @@ StartDirectDrawHal(LPDIRECTDRAW iface, BOOL reenable)
       // FIXME Close DX fristcall and second call
       return DD_FALSE;
     }
+    
+    DX_STUB_str("Here\n");
 
     /* Alloc mpFourCC */
     mpFourCC = NULL;