Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2025-02-25 01:39:30 +00:00
Code Issues Projects Releases Packages Wiki Activity

fixed crashes caused by an invalid pointer

Browse source 
svn path=/trunk/; revision=9125
This commit is contained in:
Thomas Bluemel 2004-04-13 18:40:00 +00:00
parent 2a3a6e1dda
commit e2cebfc8d6
1 changed files with 28 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

32
reactos/subsys/win32k/ntuser/window.c
View file

@ -16,7 +16,7 @@
* along with this program; if not, write to the Free Software * along with this program; if not, write to the Free Software
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/ */
/* $Id: window.c,v 1.213 2004/04/13 16:55:54 weiden Exp $ /* $Id: window.c,v 1.214 2004/04/13 18:40:00 weiden Exp $
* *
* COPYRIGHT: See COPYING in the top level directory * COPYRIGHT: See COPYING in the top level directory
* PROJECT: ReactOS kernel * PROJECT: ReactOS kernel
@ -1344,21 +1344,45 @@ NtUserCreateWindowEx(DWORD dwExStyle,
CBT_CREATEWNDW CbtCreate; CBT_CREATEWNDW CbtCreate;
LRESULT Result; LRESULT Result;
BOOL MenuChanged; BOOL MenuChanged;
LPWSTR OrigWindowName = NULL;
DPRINT("NtUserCreateWindowEx(): (%d,%d-%d,%d)\n", x, y, nWidth, nHeight); DPRINT("NtUserCreateWindowEx(): (%d,%d-%d,%d)\n", x, y, nWidth, nHeight);
/* safely copy the window name */
if(lpWindowName) if(lpWindowName)
{ {
Status = IntSafeCopyUnicodeString(&WindowName, lpWindowName); Status = MmCopyFromCaller(&WindowName, lpWindowName, sizeof(UNICODE_STRING));
if (!NT_SUCCESS(Status)) if (!NT_SUCCESS(Status))
{ {
SetLastNtError(Status); SetLastNtError(Status);
return((HWND)0); return((HWND)0);
} }
if(WindowName.Buffer)
{
/* safe the original pointer to the window name */
OrigWindowName = WindowName.Buffer;
if(!(WindowName.Buffer = ExAllocatePoolWithTag(NonPagedPool, WindowName.MaximumLength, TAG_STRING)))
{
SetLastNtError(STATUS_NO_MEMORY);
return((HWND)0);
}
Status = MmCopyFromCaller(WindowName.Buffer, OrigWindowName, WindowName.MaximumLength);
if(!NT_SUCCESS(Status))
{
ExFreePool(WindowName.Buffer);
SetLastNtError(Status);
return((HWND)0);
}
}
if(!WindowName.Buffer)
RtlInitUnicodeString(&WindowName, NULL);
} }
else else
RtlInitUnicodeString(&WindowName, NULL); RtlInitUnicodeString(&WindowName, NULL);
ParentWindowHandle = PsGetWin32Thread()->Desktop->DesktopWindow; ParentWindowHandle = PsGetWin32Thread()->Desktop->DesktopWindow;
OwnerWindowHandle = NULL; OwnerWindowHandle = NULL;
@ -1580,7 +1604,7 @@ NtUserCreateWindowEx(DWORD dwExStyle,
Cs.x = x; Cs.x = x;
Cs.y = y; Cs.y = y;
Cs.style = dwStyle; Cs.style = dwStyle;
Cs.lpszName = lpWindowName->Buffer; Cs.lpszName = OrigWindowName; /* pass the original pointer to usermode! */
Cs.lpszClass = lpClassName->Buffer; Cs.lpszClass = lpClassName->Buffer;
Cs.dwExStyle = dwExStyle; Cs.dwExStyle = dwExStyle;
CbtCreate.lpcs = &Cs; CbtCreate.lpcs = &Cs;