From e61a4d3fcbf12661a7e635d9e2d585722b57265f Mon Sep 17 00:00:00 2001 From: Timo Kreuzer Date: Tue, 18 Dec 2012 21:44:58 +0000 Subject: [PATCH] [WIN32K] - Add/improve some annotations - Improve code in EngpGetPDEV and NtGdiGetRegionData - Simplify SEH exception handling - Fix possible NULL pointer dereferences - Fix wrong variable usage in UnpackParam - Fix a possible bufer overrun - Check return value of ExAllocatePool and RtlCreateUnicodeString - Fix & vs && typo All detected with VS11 analyse svn path=/trunk/; revision=57948 --- reactos/include/psdk/ntgdi.h | 11 ++- reactos/win32ss/gdi/eng/pdevobj.c | 53 ++++++------- reactos/win32ss/gdi/eng/pdevobj.h | 4 +- reactos/win32ss/gdi/eng/xlateobj.c | 27 +++++++ reactos/win32ss/gdi/eng/xlateobj.h | 9 +-- reactos/win32ss/gdi/ntgdi/cliprgn.c | 10 ++- reactos/win32ss/gdi/ntgdi/coord.c | 10 +-- reactos/win32ss/gdi/ntgdi/dibobj.c | 14 ++-- reactos/win32ss/gdi/ntgdi/region.c | 84 +++++++++++--------- reactos/win32ss/include/ntuser.h | 9 ++- reactos/win32ss/user/ntuser/class.c | 2 +- reactos/win32ss/user/ntuser/class.h | 2 +- reactos/win32ss/user/ntuser/cursoricon.c | 98 +++++++++++++----------- reactos/win32ss/user/ntuser/desktop.c | 8 +- reactos/win32ss/user/ntuser/focus.c | 9 ++- reactos/win32ss/user/ntuser/hook.c | 4 + reactos/win32ss/user/ntuser/kbdlayout.c | 3 +- reactos/win32ss/user/ntuser/keyboard.c | 4 +- reactos/win32ss/user/ntuser/menu.c | 17 ++-- reactos/win32ss/user/ntuser/menu.h | 2 +- reactos/win32ss/user/ntuser/message.c | 16 ++-- reactos/win32ss/user/ntuser/monitor.c | 4 +- reactos/win32ss/user/ntuser/msgqueue.c | 4 +- reactos/win32ss/user/ntuser/msgqueue.h | 2 +- reactos/win32ss/user/ntuser/scrollbar.c | 2 +- reactos/win32ss/user/ntuser/sysparams.c | 2 +- reactos/win32ss/user/ntuser/sysparams.h | 2 +- reactos/win32ss/user/ntuser/timer.c | 9 ++- reactos/win32ss/user/ntuser/windc.c | 2 +- reactos/win32ss/user/ntuser/window.c | 11 +-- reactos/win32ss/user/ntuser/winsta.c | 67 +++++++++------- 31 files changed, 290 insertions(+), 211 deletions(-) diff --git a/reactos/include/psdk/ntgdi.h b/reactos/include/psdk/ntgdi.h index c1410594e84..e18291ef92a 100644 --- a/reactos/include/psdk/ntgdi.h +++ b/reactos/include/psdk/ntgdi.h @@ -1996,6 +1996,7 @@ NtGdiGetDCDword( OUT DWORD *Result ); +_Success_(return!=FALSE) W32KAPI BOOL APIENTRY @@ -2046,6 +2047,7 @@ NtGdiSetSizeDevice( _In_ INT cxVirtualDevice, _In_ INT cyVirtualDevice); +_Success_(return !=FALSE) W32KAPI BOOL APIENTRY @@ -2508,6 +2510,7 @@ NtGdiOffsetRgn( _In_ INT cx, _In_ INT cy); +_Success_(return!=ERROR) W32KAPI INT APIENTRY @@ -2523,6 +2526,7 @@ NtGdiRectInRegion( IN OUT LPRECT prcl ); +_Success_(return!=0) W32KAPI DWORD APIENTRY @@ -2559,13 +2563,14 @@ NtGdiSetSystemPaletteUse( _In_ HDC hdc, _In_ UINT ui); +_Success_(return!=0) W32KAPI -DWORD +ULONG APIENTRY NtGdiGetRegionData( _In_ HRGN hrgn, - _In_ DWORD nCount, - _Out_opt_ LPRGNDATA lpRgnData); + _In_ ULONG cjBuffer, + _Out_opt_bytecap_(cjBuffer) LPRGNDATA lpRgnData); W32KAPI BOOL diff --git a/reactos/win32ss/gdi/eng/pdevobj.c b/reactos/win32ss/gdi/eng/pdevobj.c index 77ee756570b..5214e0b7e78 100644 --- a/reactos/win32ss/gdi/eng/pdevobj.c +++ b/reactos/win32ss/gdi/eng/pdevobj.c @@ -472,7 +472,7 @@ leave: PPDEVOBJ NTAPI EngpGetPDEV( - _In_ PUNICODE_STRING pustrDeviceName) + _In_opt_ PUNICODE_STRING pustrDeviceName) { UNICODE_STRING ustrCurrent; PPDEVOBJ ppdev; @@ -481,37 +481,39 @@ EngpGetPDEV( /* Acquire PDEV lock */ EngAcquireSemaphore(ghsemPDEV); - /* If no device name is given, ... */ - if (!pustrDeviceName && gppdevPrimary) + /* Did the caller pass a device name? */ + if (pustrDeviceName) { - /* ... use the primary PDEV */ - ppdev = gppdevPrimary; - - /* Reference the pdev */ - InterlockedIncrement(&ppdev->cPdevRefs); - goto leave; - } - - /* Loop all present PDEVs */ - for (ppdev = gppdevList; ppdev; ppdev = ppdev->ppdevNext) - { - /* Get a pointer to the GRAPHICS_DEVICE */ - pGraphicsDevice = ppdev->pGraphicsDevice; - - /* Compare the name */ - RtlInitUnicodeString(&ustrCurrent, pGraphicsDevice->szWinDeviceName); - if (RtlEqualUnicodeString(pustrDeviceName, &ustrCurrent, FALSE)) + /* Loop all present PDEVs */ + for (ppdev = gppdevList; ppdev; ppdev = ppdev->ppdevNext) { - /* Found! Reference the PDEV */ - InterlockedIncrement(&ppdev->cPdevRefs); - break; + /* Get a pointer to the GRAPHICS_DEVICE */ + pGraphicsDevice = ppdev->pGraphicsDevice; + + /* Compare the name */ + RtlInitUnicodeString(&ustrCurrent, pGraphicsDevice->szWinDeviceName); + if (RtlEqualUnicodeString(pustrDeviceName, &ustrCurrent, FALSE)) + { + /* Found! */ + break; + } } } + else + { + /* Otherwise use the primary PDEV */ + ppdev = gppdevPrimary; + } /* Did we find one? */ - if (!ppdev) + if (ppdev) { - /* No, create a new PDEV */ + /* Yes, reference the PDEV */ + InterlockedIncrement(&ppdev->cPdevRefs); + } + else + { + /* No, create a new PDEV for the given device */ ppdev = EngpCreatePDEV(pustrDeviceName, NULL); if (ppdev) { @@ -528,7 +530,6 @@ EngpGetPDEV( } } -leave: /* Release PDEV lock */ EngReleaseSemaphore(ghsemPDEV); diff --git a/reactos/win32ss/gdi/eng/pdevobj.h b/reactos/win32ss/gdi/eng/pdevobj.h index 491abc9c53b..d319078b043 100644 --- a/reactos/win32ss/gdi/eng/pdevobj.h +++ b/reactos/win32ss/gdi/eng/pdevobj.h @@ -161,7 +161,7 @@ extern PPDEVOBJ gppdevPrimary; PPDEVOBJ NTAPI EngpGetPDEV( - _In_ PUNICODE_STRING pustrDevice); + _In_opt_ PUNICODE_STRING pustrDevice); VOID NTAPI @@ -188,6 +188,6 @@ PSIZEL FASTCALL PDEVOBJ_sizl( _In_ PPDEVOBJ ppdev, - _In_ PSIZEL psizl); + _Out_ PSIZEL psizl); #endif /* !__WIN32K_PDEVOBJ_H */ diff --git a/reactos/win32ss/gdi/eng/xlateobj.c b/reactos/win32ss/gdi/eng/xlateobj.c index 98a1b0248a3..2308022b922 100644 --- a/reactos/win32ss/gdi/eng/xlateobj.c +++ b/reactos/win32ss/gdi/eng/xlateobj.c @@ -11,6 +11,13 @@ #define NDEBUG #include +_Always_(_Post_satisfies_(return==iColor)) +_Function_class_(FN_XLATE) +ULONG +FASTCALL +EXLATEOBJ_iXlateTrivial( + _In_ PEXLATEOBJ pexlo, + _In_ ULONG iColor); /** Globals *******************************************************************/ @@ -31,6 +38,8 @@ static const BYTE gajXlate6to8[64] = /** iXlate functions **********************************************************/ +_Always_(_Post_satisfies_(return==iColor)) +_Function_class_(FN_XLATE) ULONG FASTCALL EXLATEOBJ_iXlateTrivial(PEXLATEOBJ pexlo, ULONG iColor) @@ -38,6 +47,7 @@ EXLATEOBJ_iXlateTrivial(PEXLATEOBJ pexlo, ULONG iColor) return iColor; } +_Function_class_(FN_XLATE) ULONG FASTCALL EXLATEOBJ_iXlateToMono(PEXLATEOBJ pexlo, ULONG iColor) @@ -45,6 +55,7 @@ EXLATEOBJ_iXlateToMono(PEXLATEOBJ pexlo, ULONG iColor) return (iColor == pexlo->xlo.pulXlate[0]); } +_Function_class_(FN_XLATE) ULONG FASTCALL EXLATEOBJ_iXlateTable(PEXLATEOBJ pexlo, ULONG iColor) @@ -53,6 +64,7 @@ EXLATEOBJ_iXlateTable(PEXLATEOBJ pexlo, ULONG iColor) return pexlo->xlo.pulXlate[iColor]; } +_Function_class_(FN_XLATE) ULONG FASTCALL EXLATEOBJ_iXlateRGBtoBGR(PEXLATEOBJ pxlo, ULONG iColor) @@ -72,6 +84,7 @@ EXLATEOBJ_iXlateRGBtoBGR(PEXLATEOBJ pxlo, ULONG iColor) return iNewColor; } +_Function_class_(FN_XLATE) ULONG FASTCALL EXLATEOBJ_iXlateRGBto555(PEXLATEOBJ pxlo, ULONG iColor) @@ -93,6 +106,7 @@ EXLATEOBJ_iXlateRGBto555(PEXLATEOBJ pxlo, ULONG iColor) return iNewColor; } +_Function_class_(FN_XLATE) ULONG FASTCALL EXLATEOBJ_iXlateBGRto555(PEXLATEOBJ pxlo, ULONG iColor) @@ -114,6 +128,7 @@ EXLATEOBJ_iXlateBGRto555(PEXLATEOBJ pxlo, ULONG iColor) return iNewColor; } +_Function_class_(FN_XLATE) ULONG FASTCALL EXLATEOBJ_iXlateRGBto565(PEXLATEOBJ pxlo, ULONG iColor) @@ -135,6 +150,7 @@ EXLATEOBJ_iXlateRGBto565(PEXLATEOBJ pxlo, ULONG iColor) return iNewColor; } +_Function_class_(FN_XLATE) ULONG FASTCALL EXLATEOBJ_iXlateBGRto565(PEXLATEOBJ pxlo, ULONG iColor) @@ -156,6 +172,7 @@ EXLATEOBJ_iXlateBGRto565(PEXLATEOBJ pxlo, ULONG iColor) return iNewColor; } +_Function_class_(FN_XLATE) ULONG FASTCALL EXLATEOBJ_iXlateRGBtoPal(PEXLATEOBJ pexlo, ULONG iColor) @@ -163,6 +180,7 @@ EXLATEOBJ_iXlateRGBtoPal(PEXLATEOBJ pexlo, ULONG iColor) return PALETTE_ulGetNearestPaletteIndex(pexlo->ppalDst, iColor); } +_Function_class_(FN_XLATE) ULONG FASTCALL EXLATEOBJ_iXlate555toRGB(PEXLATEOBJ pxlo, ULONG iColor) @@ -183,6 +201,7 @@ EXLATEOBJ_iXlate555toRGB(PEXLATEOBJ pxlo, ULONG iColor) return iNewColor; } +_Function_class_(FN_XLATE) ULONG FASTCALL EXLATEOBJ_iXlate555toBGR(PEXLATEOBJ pxlo, ULONG iColor) @@ -203,6 +222,7 @@ EXLATEOBJ_iXlate555toBGR(PEXLATEOBJ pxlo, ULONG iColor) return iNewColor; } +_Function_class_(FN_XLATE) ULONG FASTCALL EXLATEOBJ_iXlate555to565(PEXLATEOBJ pxlo, ULONG iColor) @@ -223,6 +243,7 @@ EXLATEOBJ_iXlate555to565(PEXLATEOBJ pxlo, ULONG iColor) return iNewColor; } +_Function_class_(FN_XLATE) ULONG FASTCALL EXLATEOBJ_iXlate555toPal(PEXLATEOBJ pexlo, ULONG iColor) @@ -232,6 +253,7 @@ EXLATEOBJ_iXlate555toPal(PEXLATEOBJ pexlo, ULONG iColor) return PALETTE_ulGetNearestPaletteIndex(pexlo->ppalDst, iColor); } +_Function_class_(FN_XLATE) ULONG FASTCALL EXLATEOBJ_iXlate565to555(PEXLATEOBJ pxlo, ULONG iColor) @@ -248,6 +270,7 @@ EXLATEOBJ_iXlate565to555(PEXLATEOBJ pxlo, ULONG iColor) return iNewColor; } +_Function_class_(FN_XLATE) ULONG FASTCALL EXLATEOBJ_iXlate565toRGB(PEXLATEOBJ pexlo, ULONG iColor) @@ -268,6 +291,7 @@ EXLATEOBJ_iXlate565toRGB(PEXLATEOBJ pexlo, ULONG iColor) return iNewColor; } +_Function_class_(FN_XLATE) ULONG FASTCALL EXLATEOBJ_iXlate565toBGR(PEXLATEOBJ pexlo, ULONG iColor) @@ -288,6 +312,7 @@ EXLATEOBJ_iXlate565toBGR(PEXLATEOBJ pexlo, ULONG iColor) return iNewColor; } +_Function_class_(FN_XLATE) ULONG FASTCALL EXLATEOBJ_iXlate565toPal(EXLATEOBJ *pexlo, ULONG iColor) @@ -297,6 +322,7 @@ EXLATEOBJ_iXlate565toPal(EXLATEOBJ *pexlo, ULONG iColor) return PALETTE_ulGetNearestPaletteIndex(pexlo->ppalDst, iColor); } +_Function_class_(FN_XLATE) ULONG FASTCALL EXLATEOBJ_iXlateShiftAndMask(PEXLATEOBJ pexlo, ULONG iColor) @@ -310,6 +336,7 @@ EXLATEOBJ_iXlateShiftAndMask(PEXLATEOBJ pexlo, ULONG iColor) return iNewColor; } +_Function_class_(FN_XLATE) ULONG FASTCALL EXLATEOBJ_iXlateBitfieldsToPal(PEXLATEOBJ pexlo, ULONG iColor) diff --git a/reactos/win32ss/gdi/eng/xlateobj.h b/reactos/win32ss/gdi/eng/xlateobj.h index fa4916ee96a..2906fa15e3e 100644 --- a/reactos/win32ss/gdi/eng/xlateobj.h +++ b/reactos/win32ss/gdi/eng/xlateobj.h @@ -11,7 +11,7 @@ struct _EXLATEOBJ; _Function_class_(FN_XLATE) typedef -ULONG +ULONG (FASTCALL *PFN_XLATE)( _In_ struct _EXLATEOBJ *pexlo, _In_ ULONG iColor); @@ -84,10 +84,3 @@ NTAPI EXLATEOBJ_vCleanup( _Inout_ PEXLATEOBJ pexlo); -_Always_(_Post_satisfies_(return==iColor)) -ULONG -FASTCALL -EXLATEOBJ_iXlateTrivial( - _In_ PEXLATEOBJ pexlo, - _In_ ULONG iColor); - diff --git a/reactos/win32ss/gdi/ntgdi/cliprgn.c b/reactos/win32ss/gdi/ntgdi/cliprgn.c index 41689bf91b6..a6dd20ee482 100644 --- a/reactos/win32ss/gdi/ntgdi/cliprgn.c +++ b/reactos/win32ss/gdi/ntgdi/cliprgn.c @@ -555,6 +555,11 @@ NEW_CLIPPING_UpdateGCRegion(PDC pDC) pDC->prgnRao = IntSysCreateRectpRgn(0,0,0,0); } + if (!pDC->prgnRao) + { + return ERROR; + } + if (pDC->dclevel.prgnMeta && pDC->dclevel.prgnClip) { IntGdiCombineRgn( pDC->prgnAPI, @@ -585,7 +590,6 @@ NEW_CLIPPING_UpdateGCRegion(PDC pDC) pDC->prgnAPI, RGN_AND); - // FIXME: pDC->prgnRao may be NULL RtlCopyMemory(&pDC->erclClip, &pDC->prgnRao->rdh.rcBound, sizeof(RECTL)); @@ -599,8 +603,8 @@ NEW_CLIPPING_UpdateGCRegion(PDC pDC) // With pDC->co.pClipRgn->Buffer, // pDC->co.pClipRgn = pDC->prgnRao ? pDC->prgnRao : pDC->prgnVis; - co = IntEngCreateClipRegion( ((PROSRGNDATA)pDC->prgnRao)->rdh.nCount, - ((PROSRGNDATA)pDC->prgnRao)->Buffer, + co = IntEngCreateClipRegion(pDC->prgnRao->rdh.nCount, + pDC->prgnRao->Buffer, &pDC->erclClip); if (co) { diff --git a/reactos/win32ss/gdi/ntgdi/coord.c b/reactos/win32ss/gdi/ntgdi/coord.c index f4fb6262478..f88dd029ac5 100644 --- a/reactos/win32ss/gdi/ntgdi/coord.c +++ b/reactos/win32ss/gdi/ntgdi/coord.c @@ -430,6 +430,7 @@ NtGdiTransformPoints( _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) { /* Do not set last error */ + ret = 0; } _SEH2_END; @@ -1232,7 +1233,6 @@ NtGdiGetDCPoint( POINTL SafePoint; SIZE Size; PSIZEL pszlViewportExt; - NTSTATUS Status = STATUS_SUCCESS; if (!Point) { @@ -1293,15 +1293,9 @@ NtGdiGetDCPoint( } _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) { - Status = _SEH2_GetExceptionCode(); - } - _SEH2_END; - - if (!NT_SUCCESS(Status)) - { - SetLastNtError(Status); Ret = FALSE; } + _SEH2_END; } DC_UnlockDc(pdc); diff --git a/reactos/win32ss/gdi/ntgdi/dibobj.c b/reactos/win32ss/gdi/ntgdi/dibobj.c index f1bd2489a18..1ae6311cc31 100644 --- a/reactos/win32ss/gdi/ntgdi/dibobj.c +++ b/reactos/win32ss/gdi/ntgdi/dibobj.c @@ -867,7 +867,7 @@ GreGetDIBitsInternal( } psurfDest = SURFACE_ShareLockSurface(hBmpDest); - + RECTL_vSetRect(&rcDest, 0, 0, ScanLines, psurf->SurfObj.sizlBitmap.cx); srcPoint.x = 0; @@ -1014,7 +1014,7 @@ NtGdiGetDIBitsInternal( _SEH2_TRY { /* Copy the data back */ - ProbeForWrite(pbmiUser, cjMaxInfo, 1); + ProbeForWrite(pbmiUser, cjMaxInfo, 1); RtlCopyMemory(pbmiUser, pbmi, cjMaxInfo); } _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) @@ -1646,7 +1646,7 @@ cleanup: GreDeleteObject(res); res = 0; } - + if(ppalDIB) { PALETTE_ShareUnlockPalette(ppalDIB); @@ -1862,23 +1862,23 @@ DIB_FreeConvertedBitmapInfo(BITMAPINFO* converted, BITMAPINFO* orig, DWORD usage BITMAPCOREINFO* pbmci; if(converted == orig) return; - + if(usage == -1) { /* Caller don't want any conversion */ ExFreePoolWithTag(converted, TAG_DIB); return; } - + /* Perform inverse conversion */ pbmci = (BITMAPCOREINFO*)orig; - + ASSERT(pbmci->bmciHeader.bcSize == sizeof(BITMAPCOREHEADER)); pbmci->bmciHeader.bcBitCount = converted->bmiHeader.biBitCount; pbmci->bmciHeader.bcWidth = converted->bmiHeader.biWidth; pbmci->bmciHeader.bcHeight = converted->bmiHeader.biHeight; pbmci->bmciHeader.bcPlanes = converted->bmiHeader.biPlanes; - + if(pbmci->bmciHeader.bcBitCount <= 8) { UINT numColors = converted->bmiHeader.biClrUsed; diff --git a/reactos/win32ss/gdi/ntgdi/region.c b/reactos/win32ss/gdi/ntgdi/region.c index 02dcf2bb134..80afaf12e4f 100644 --- a/reactos/win32ss/gdi/ntgdi/region.c +++ b/reactos/win32ss/gdi/ntgdi/region.c @@ -3988,51 +3988,59 @@ NtGdiUnionRectWithRgn( * * If the function fails, the return value is zero." */ -DWORD APIENTRY +_Success_(return!=0) +ULONG +APIENTRY NtGdiGetRegionData( - HRGN hrgn, - DWORD count, - LPRGNDATA rgndata -) + _In_ HRGN hrgn, + _In_ ULONG cjBuffer, + _Out_opt_bytecap_(cjBuffer) LPRGNDATA lpRgnData) { - DWORD size; - PROSRGNDATA obj = RGNOBJAPI_Lock(hrgn, NULL); - NTSTATUS Status = STATUS_SUCCESS; + ULONG cjSize; + PREGION prgn; - if (!obj) - return 0; - - size = obj->rdh.nCount * sizeof(RECT); - if (count < (size + sizeof(RGNDATAHEADER)) || rgndata == NULL) + /* Lock the region */ + prgn = RGNOBJAPI_Lock(hrgn, NULL); + if (!prgn) { - RGNOBJAPI_Unlock(obj); - if (rgndata) /* Buffer is too small, signal it by return 0 */ - return 0; - else /* User requested buffer size with rgndata NULL */ - return size + sizeof(RGNDATAHEADER); - } - - _SEH2_TRY - { - ProbeForWrite(rgndata, count, 1); - RtlCopyMemory(rgndata, &obj->rdh, sizeof(RGNDATAHEADER)); - RtlCopyMemory(rgndata->Buffer, obj->Buffer, size); - } - _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) - { - Status = _SEH2_GetExceptionCode(); - } - _SEH2_END; - - if (!NT_SUCCESS(Status)) - { - SetLastNtError(Status); - RGNOBJAPI_Unlock(obj); + EngSetLastError(ERROR_INVALID_HANDLE); return 0; } - RGNOBJAPI_Unlock(obj); - return size + sizeof(RGNDATAHEADER); + /* Calculate the region size */ + cjSize = prgn->rdh.nCount * sizeof(RECT) + sizeof(RGNDATAHEADER); + + /* Check if region data is requested */ + if (lpRgnData) + { + /* Check if the buffer is large enough */ + if (cjBuffer >= cjSize) + { + /* Probe the buffer and copy the data */ + _SEH2_TRY + { + ProbeForWrite(lpRgnData, cjSize, sizeof(ULONG)); + RtlCopyMemory(lpRgnData, &prgn->rdh, sizeof(RGNDATAHEADER)); + RtlCopyMemory(lpRgnData->Buffer, prgn->Buffer, cjSize); + } + _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) + { + EngSetLastError(ERROR_INVALID_PARAMETER); + cjSize = 0; + } + _SEH2_END; + } + else + { + /* Buffer is too small */ + EngSetLastError(ERROR_INVALID_PARAMETER); + cjSize = 0; + } + } + + /* Unlock the region and return the size */ + RGNOBJAPI_Unlock(prgn); + return cjSize; } /* EOF */ diff --git a/reactos/win32ss/include/ntuser.h b/reactos/win32ss/include/ntuser.h index 93b7ee9e540..1b1bb3d904a 100644 --- a/reactos/win32ss/include/ntuser.h +++ b/reactos/win32ss/include/ntuser.h @@ -2024,13 +2024,14 @@ NtUserGetGUIThreadInfo( DWORD idThread, LPGUITHREADINFO lpgui); +_Success_(return!=FALSE) BOOL NTAPI NtUserGetIconInfo( _In_ HANDLE hCurIcon, _Out_opt_ PICONINFO IconInfo, - _Out_opt_ PUNICODE_STRING lpInstName, - _Out_opt_ PUNICODE_STRING lpResName, + _Inout_opt_ PUNICODE_STRING lpInstName, + _Inout_opt_ PUNICODE_STRING lpResName, _Out_opt_ LPDWORD pbpp, _In_ BOOL bInternal); @@ -2782,7 +2783,7 @@ typedef struct _tagFINDEXISTINGCURICONPARAM LONG cx; LONG cy; } FINDEXISTINGCURICONPARAM; - + HICON NTAPI NtUserFindExistingCursorIcon( @@ -2799,7 +2800,7 @@ NtUserSetCursorIconData( HMODULE hModule, HRSRC hRsrc, HRSRC hGroupRsrc); - + HICON NTAPI NtUserFindExistingCursorIcon( diff --git a/reactos/win32ss/user/ntuser/class.c b/reactos/win32ss/user/ntuser/class.c index 209dccc674f..a71b88982c2 100644 --- a/reactos/win32ss/user/ntuser/class.c +++ b/reactos/win32ss/user/ntuser/class.c @@ -125,7 +125,7 @@ _Must_inspect_result_ NTSTATUS NTAPI ProbeAndCaptureUnicodeStringOrAtom( - _Out_ PUNICODE_STRING pustrOut, + _Out_ _When_(return>=0, _At_(pustrOut->Buffer, _Post_ _Notnull_)) PUNICODE_STRING pustrOut, __in_data_source(USER_MODE) _In_ PUNICODE_STRING pustrUnsafe) { NTSTATUS Status = STATUS_SUCCESS; diff --git a/reactos/win32ss/user/ntuser/class.h b/reactos/win32ss/user/ntuser/class.h index 901f2b4ce8d..8b82929a69b 100644 --- a/reactos/win32ss/user/ntuser/class.h +++ b/reactos/win32ss/user/ntuser/class.h @@ -63,7 +63,7 @@ _Must_inspect_result_ NTSTATUS NTAPI ProbeAndCaptureUnicodeStringOrAtom( - _Out_ PUNICODE_STRING pustrOut, + _Out_ _When_(return>=0, _At_(pustrOut->Buffer, _Post_ _Notnull_)) PUNICODE_STRING pustrOut, __in_data_source(USER_MODE) _In_ PUNICODE_STRING pustrUnsafe); /* EOF */ diff --git a/reactos/win32ss/user/ntuser/cursoricon.c b/reactos/win32ss/user/ntuser/cursoricon.c index f5086951d57..04431d78635 100644 --- a/reactos/win32ss/user/ntuser/cursoricon.c +++ b/reactos/win32ss/user/ntuser/cursoricon.c @@ -240,7 +240,7 @@ IntDestroyCurIconObject(PCURICON_OBJECT CurIcon, PPROCESSINFO ppi) HBITMAP bmpMask, bmpColor; BOOLEAN Ret, bListEmpty, bFound = FALSE; PCURICON_PROCESS Current = NULL; - + /* For handles created without any data (error handling) */ if(IsListEmpty(&CurIcon->ProcessList)) goto emptyList; @@ -256,7 +256,7 @@ IntDestroyCurIconObject(PCURICON_OBJECT CurIcon, PPROCESSINFO ppi) break; } } - + if(!bFound) { /* This object doesn't belong to this process */ @@ -386,6 +386,18 @@ NtUserGetIconInfo( ProbeForWrite(IconInfo, sizeof(ICONINFO), 1); RtlCopyMemory(IconInfo, &ii, sizeof(ICONINFO)); + /// @todo Implement support for lpInstName + if (lpInstName) + { + RtlInitEmptyUnicodeString(lpInstName, NULL, 0); + } + + /// @todo Implement support for lpResName + if (lpResName) + { + RtlInitEmptyUnicodeString(lpResName, NULL, 0); + } + if (pbpp) { ProbeForWrite(pbpp, sizeof(DWORD), 1); @@ -1049,7 +1061,7 @@ UserDrawIconEx( RECTL rcDest, rcSrc; CLIPOBJ* pdcClipObj = NULL; EXLATEOBJ exlo; - + /* Stupid case */ if((diFlags & DI_NORMAL) == 0) { @@ -1059,12 +1071,12 @@ UserDrawIconEx( hbmMask = pIcon->IconInfo.hbmMask; hbmColor = pIcon->IconInfo.hbmColor; - + if (istepIfAniCur) ERR("NtUserDrawIconEx: istepIfAniCur is not supported!\n"); - + /* - * Get our objects. + * Get our objects. * Shared locks are enough, we are only reading those bitmaps */ psurfMask = SURFACE_ShareLockSurface(hbmMask); @@ -1073,7 +1085,7 @@ UserDrawIconEx( ERR("Unable to lock the mask surface.\n"); return FALSE; } - + /* Color bitmap is not mandatory */ if(hbmColor == NULL) { @@ -1087,7 +1099,7 @@ UserDrawIconEx( SURFACE_ShareUnlockSurface(psurfMask); return FALSE; } - + /* Set source rect */ RECTL_vSetRect(&rcSrc, 0, 0, pIcon->Size.cx, pIcon->Size.cy); @@ -1119,17 +1131,17 @@ UserDrawIconEx( if (!cxWidth) { if(diFlags & DI_DEFAULTSIZE) - cxWidth = pIcon->IconInfo.fIcon ? + cxWidth = pIcon->IconInfo.fIcon ? UserGetSystemMetrics(SM_CXICON) : UserGetSystemMetrics(SM_CXCURSOR); else cxWidth = pIcon->Size.cx; } - + /* Fix height parameter, if needed */ if (!cyHeight) { if(diFlags & DI_DEFAULTSIZE) - cyHeight = pIcon->IconInfo.fIcon ? + cyHeight = pIcon->IconInfo.fIcon ? UserGetSystemMetrics(SM_CYICON) : UserGetSystemMetrics(SM_CYCURSOR); else cyHeight = pIcon->Size.cy; @@ -1143,9 +1155,9 @@ UserDrawIconEx( /* Yes: Allocate and paint the offscreen surface */ EBRUSHOBJ eboFill; PBRUSH pbrush = BRUSH_ShareLockBrush(hbrFlickerFreeDraw); - + TRACE("Performing off-screen rendering.\n"); - + if(!pbrush) { ERR("Failed to get brush object.\n"); @@ -1171,11 +1183,11 @@ UserDrawIconEx( BRUSH_ShareUnlockBrush(pbrush); return FALSE; } - + /* Paint the brush */ EBRUSHOBJ_vInit(&eboFill, pbrush, psurfOffScreen, 0x00FFFFFF, 0, NULL); RECTL_vSetRect(&rcDest, 0, 0, cxWidth, cyHeight); - + Ret = IntEngBitBlt(&psurfOffScreen->SurfObj, NULL, NULL, @@ -1191,7 +1203,7 @@ UserDrawIconEx( /* Clean up everything */ EBRUSHOBJ_vCleanup(&eboFill); BRUSH_ShareUnlockBrush(pbrush); - + if(!Ret) { ERR("Failed to paint the off-screen surface.\n"); @@ -1200,7 +1212,7 @@ UserDrawIconEx( GDIOBJ_vDeleteObject(&psurfOffScreen->BaseObject); return FALSE; } - + /* We now have our destination surface */ psurfDest = psurfOffScreen; } @@ -1208,7 +1220,7 @@ UserDrawIconEx( { /* We directly draw to the DC */ TRACE("Performing on screen rendering.\n"); - + psurfOffScreen = NULL; pdc = DC_LockDc(hDc); if(!pdc) @@ -1222,16 +1234,16 @@ UserDrawIconEx( RECTL_vSetRect(&rcDest, xLeft, yTop, xLeft + cxWidth, yTop + cyHeight); IntLPtoDP(pdc, (LPPOINT)&rcDest, 2); RECTL_vOffsetRect(&rcDest, pdc->ptlDCOrig.x, pdc->ptlDCOrig.y); - + /* Prepare the underlying surface */ DC_vPrepareDCsForBlit(pdc, rcDest, NULL, rcDest); - + /* Get the clip object */ pdcClipObj = pdc->rosdc.CombinedClip; - + /* We now have our destination surface and rectangle */ psurfDest = pdc->dclevel.pSurface; - + if(psurfDest == NULL) { /* Empty DC */ @@ -1281,10 +1293,10 @@ UserDrawIconEx( ptr += 4; } } - + /* Initialize color translation object */ EXLATEOBJ_vInitialize(&exlo, psurf->ppal, psurfDest->ppal, 0xFFFFFFFF, 0xFFFFFFFF, 0); - + /* Now do it */ Ret = IntEngAlphaBlend(&psurfDest->SurfObj, &psurf->SurfObj, @@ -1293,9 +1305,9 @@ UserDrawIconEx( &rcDest, &rcSrc, &blendobj); - + EXLATEOBJ_vCleanup(&exlo); - + CleanupAlpha: if(psurf) SURFACE_ShareUnlockSurface(psurf); if(hsurfCopy) NtGdiDeleteObjectApp(hsurfCopy); @@ -1306,9 +1318,9 @@ UserDrawIconEx( if (diFlags & DI_MASK) { DWORD rop4 = (diFlags & DI_IMAGE) ? ROP4_SRCAND : ROP4_SRCCOPY; - + EXLATEOBJ_vInitSrcMonoXlate(&exlo, psurfDest->ppal, 0x00FFFFFF, 0); - + Ret = IntEngStretchBlt(&psurfDest->SurfObj, &psurfMask->SurfObj, NULL, @@ -1321,7 +1333,7 @@ UserDrawIconEx( NULL, NULL, rop4); - + EXLATEOBJ_vCleanup(&exlo); if(!Ret) @@ -1336,9 +1348,9 @@ UserDrawIconEx( if (psurfColor) { DWORD rop4 = (diFlags & DI_MASK) ? ROP4_SRCINVERT : ROP4_SRCCOPY ; - + EXLATEOBJ_vInitialize(&exlo, psurfColor->ppal, psurfDest->ppal, 0x00FFFFFF, 0x00FFFFFF, 0); - + Ret = IntEngStretchBlt(&psurfDest->SurfObj, &psurfColor->SurfObj, NULL, @@ -1351,7 +1363,7 @@ UserDrawIconEx( NULL, NULL, rop4); - + EXLATEOBJ_vCleanup(&exlo); if(!Ret) @@ -1365,9 +1377,9 @@ UserDrawIconEx( /* Mask bitmap holds the information in its bottom half */ DWORD rop4 = (diFlags & DI_MASK) ? ROP4_SRCINVERT : ROP4_SRCCOPY; RECTL_vOffsetRect(&rcSrc, 0, pIcon->Size.cy); - + EXLATEOBJ_vInitSrcMonoXlate(&exlo, psurfDest->ppal, 0x00FFFFFF, 0); - + Ret = IntEngStretchBlt(&psurfDest->SurfObj, &psurfMask->SurfObj, NULL, @@ -1380,7 +1392,7 @@ UserDrawIconEx( NULL, NULL, rop4); - + EXLATEOBJ_vCleanup(&exlo); if(!Ret) @@ -1407,13 +1419,13 @@ done: RECTL_vSetRect(&rcDest, xLeft, yTop, xLeft + cxWidth, yTop + cyHeight); IntLPtoDP(pdc, (LPPOINT)&rcDest, 2); RECTL_vOffsetRect(&rcDest, pdc->ptlDCOrig.x, pdc->ptlDCOrig.y); - + /* Prepare the underlying surface */ DC_vPrepareDCsForBlit(pdc, rcDest, NULL, rcDest); - + /* Get the clip object */ pdcClipObj = pdc->rosdc.CombinedClip; - + /* We now have our destination surface and rectangle */ psurfDest = pdc->dclevel.pSurface; if(!psurfDest) @@ -1422,10 +1434,10 @@ done: DC_UnlockDc(pdc); goto Cleanup2; } - + /* Color translation */ EXLATEOBJ_vInitialize(&exlo, psurfOffScreen->ppal, psurfDest->ppal, 0x00FFFFFF, 0x00FFFFFF, 0); - + /* Blt it! */ Ret = IntEngBitBlt(&psurfDest->SurfObj, &psurfOffScreen->SurfObj, @@ -1438,7 +1450,7 @@ done: NULL, NULL, ROP4_SRCCOPY); - + EXLATEOBJ_vCleanup(&exlo); } Cleanup: @@ -1447,12 +1459,12 @@ Cleanup: DC_vFinishBlit(pdc, NULL); DC_UnlockDc(pdc); } - + Cleanup2: /* Delete off screen rendering surface */ if(psurfOffScreen) GDIOBJ_vDeleteObject(&psurfOffScreen->BaseObject); - + /* Unlock other surfaces */ SURFACE_ShareUnlockSurface(psurfMask); if(psurfColor) SURFACE_ShareUnlockSurface(psurfColor); diff --git a/reactos/win32ss/user/ntuser/desktop.c b/reactos/win32ss/user/ntuser/desktop.c index 41f56ad1549..082f016e512 100644 --- a/reactos/win32ss/user/ntuser/desktop.c +++ b/reactos/win32ss/user/ntuser/desktop.c @@ -65,7 +65,9 @@ IntDesktopObjectParse(IN PVOID ParseObject, /* Get the current desktop */ Desktop = CONTAINING_RECORD(NextEntry, DESKTOP, ListEntry); + /// @todo Don't mess around with the object headers! /* Get its name */ + _PRAGMA_WARNING_SUPPRESS(__WARNING_DEREF_NULL_PTR) DesktopName = GET_DESKTOP_NAME(Desktop); if (DesktopName) { @@ -1262,7 +1264,7 @@ NtUserCreateDesktop( dwDesiredAccess, (PVOID)&Context, (HANDLE*)&hdesk); - if (!NT_SUCCESS(Status)) + if (!NT_SUCCESS(Status)) { ERR("ObOpenObjectByName failed to open/create desktop\n"); SetLastNtError(Status); @@ -1294,7 +1296,7 @@ NtUserCreateDesktop( /* Get the desktop window class. The thread desktop does not belong to any desktop * so the classes created there (including the desktop class) are allocated in the shared heap - * It would cause problems if we used a class that belongs to the caller + * It would cause problems if we used a class that belongs to the caller */ ClassName.Buffer = WC_DESKTOP; ClassName.Length = 0; @@ -1327,7 +1329,7 @@ NtUserCreateDesktop( pdesk->DesktopWindow = pWnd->head.h; pdesk->pDeskInfo->spwnd = pWnd; pWnd->fnid = FNID_DESKTOP; - + ClassName.Buffer = MAKEINTATOM(gpsi->atomSysClass[ICLS_HWNDMESSAGE]); ClassName.Length = 0; pcls = IntGetAndReferenceClass(&ClassName, 0, TRUE); diff --git a/reactos/win32ss/user/ntuser/focus.c b/reactos/win32ss/user/ntuser/focus.c index 6a1edfecb58..45025e92bc1 100644 --- a/reactos/win32ss/user/ntuser/focus.c +++ b/reactos/win32ss/user/ntuser/focus.c @@ -358,15 +358,20 @@ CanForceFG(PPROCESSINFO ppi) */ static BOOL FASTCALL -co_IntSetForegroundAndFocusWindow(PWND Wnd, BOOL MouseActivate) +co_IntSetForegroundAndFocusWindow( + _In_ PWND Wnd, + _In_ BOOL MouseActivate) { - HWND hWnd = UserHMGetHandle(Wnd); + HWND hWnd; HWND hWndPrev = NULL; PUSER_MESSAGE_QUEUE PrevForegroundQueue; PTHREADINFO pti; BOOL fgRet = FALSE, Ret = FALSE; ASSERT_REFS_CO(Wnd); + NT_ASSERT(Wnd != NULL); + + hWnd = UserHMGetHandle(Wnd); TRACE("SetForegroundAndFocusWindow(%x, %s)\n", hWnd, (MouseActivate ? "TRUE" : "FALSE")); diff --git a/reactos/win32ss/user/ntuser/hook.c b/reactos/win32ss/user/ntuser/hook.c index 2c436918d68..dc04ed878d5 100644 --- a/reactos/win32ss/user/ntuser/hook.c +++ b/reactos/win32ss/user/ntuser/hook.c @@ -1050,6 +1050,8 @@ IntRemoveHook(PHOOK Hook) } _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) { + /* Do nothing */ + (void)0; } _SEH2_END; } @@ -1241,6 +1243,8 @@ co_HOOK_CallHooks( INT HookId, } _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) { + /* Do nothing */ + (void)0; } _SEH2_END; } diff --git a/reactos/win32ss/user/ntuser/kbdlayout.c b/reactos/win32ss/user/ntuser/kbdlayout.c index 0aa11206085..a04c9627f86 100644 --- a/reactos/win32ss/user/ntuser/kbdlayout.c +++ b/reactos/win32ss/user/ntuser/kbdlayout.c @@ -254,9 +254,10 @@ UserLoadKbdLayout(PUNICODE_STRING pwszKLID, HKL hKL) */ static VOID -UnloadKbdFile(PKBDFILE pkf) +UnloadKbdFile(_In_ PKBDFILE pkf) { PKBDFILE *ppkfLink = &gpkfList; + NT_ASSERT(pkf != NULL); /* Find previous object */ while (*ppkfLink) diff --git a/reactos/win32ss/user/ntuser/keyboard.c b/reactos/win32ss/user/ntuser/keyboard.c index 4c906ed44a6..80b29e48ecb 100644 --- a/reactos/win32ss/user/ntuser/keyboard.c +++ b/reactos/win32ss/user/ntuser/keyboard.c @@ -385,7 +385,7 @@ IntTranslateChar(WORD wVirtKey, /* If nothing has been found in layout, check if this is ASCII control character. Note: we could add it to layout table, but windows does not have it there */ if (wVirtKey >= 'A' && wVirtKey <= 'Z' && - IS_KEY_DOWN(pKeyState, VK_CONTROL) && + pKeyState && IS_KEY_DOWN(pKeyState, VK_CONTROL) && !IS_KEY_DOWN(pKeyState, VK_MENU)) { *pwcTranslatedChar = (wVirtKey - 'A') + 1; /* ASCII control character */ @@ -1097,7 +1097,7 @@ IntTranslateKbdMessage(LPMSG lpMsg, { pti->KeyboardLayout = W32kGetDefaultKeyLayout(); pti->pClientInfo->hKL = pti->KeyboardLayout ? pti->KeyboardLayout->hkl : NULL; - pKbdTbl = pti->KeyboardLayout->spkf->pKbdTbl; + pKbdTbl = pti->KeyboardLayout ? pti->KeyboardLayout->spkf->pKbdTbl : NULL; } else pKbdTbl = pti->KeyboardLayout->spkf->pKbdTbl; diff --git a/reactos/win32ss/user/ntuser/menu.c b/reactos/win32ss/user/ntuser/menu.c index fe870b857cb..1f7683326f6 100644 --- a/reactos/win32ss/user/ntuser/menu.c +++ b/reactos/win32ss/user/ntuser/menu.c @@ -249,8 +249,8 @@ IntCreateMenu(PHANDLE Handle, BOOL IsMenuBar) PPROCESSINFO CurrentWin32Process; Menu = (PMENU_OBJECT)UserCreateObject( gHandleTable, - NULL, - NULL, + NULL, + NULL, Handle, otMenu, sizeof(MENU_OBJECT)); @@ -361,8 +361,8 @@ IntCloneMenu(PMENU_OBJECT Source) return NULL; Menu = (PMENU_OBJECT)UserCreateObject( gHandleTable, - NULL, - NULL, + NULL, + NULL, &hMenu, otMenu, sizeof(MENU_OBJECT)); @@ -803,13 +803,18 @@ IntSetMenuItemInfo(PMENU_OBJECT MenuObject, PMENU_ITEM MenuItem, PROSMENUITEMINF } BOOL FASTCALL -IntInsertMenuItem(PMENU_OBJECT MenuObject, UINT uItem, BOOL fByPosition, - PROSMENUITEMINFO ItemInfo) +IntInsertMenuItem( + _In_ PMENU_OBJECT MenuObject, + UINT uItem, + BOOL fByPosition, + PROSMENUITEMINFO ItemInfo) { int pos; PMENU_ITEM MenuItem; PMENU_OBJECT SubMenu = NULL; + NT_ASSERT(MenuObject != NULL); + if (MAX_MENU_ITEMS <= MenuObject->MenuInfo.MenuItemCount) { EngSetLastError(ERROR_NOT_ENOUGH_MEMORY); diff --git a/reactos/win32ss/user/ntuser/menu.h b/reactos/win32ss/user/ntuser/menu.h index b2e6b3594b7..1ca12747dbb 100644 --- a/reactos/win32ss/user/ntuser/menu.h +++ b/reactos/win32ss/user/ntuser/menu.h @@ -64,7 +64,7 @@ BOOL FASTCALL IntCleanupMenus(struct _EPROCESS *Process, PPROCESSINFO Win32Process); BOOL FASTCALL -IntInsertMenuItem(PMENU_OBJECT MenuObject, UINT uItem, BOOL fByPosition, +IntInsertMenuItem(_In_ PMENU_OBJECT MenuObject, UINT uItem, BOOL fByPosition, PROSMENUITEMINFO ItemInfo); PMENU_OBJECT FASTCALL diff --git a/reactos/win32ss/user/ntuser/message.c b/reactos/win32ss/user/ntuser/message.c index 5423442ce5d..ba4fd3a26f0 100644 --- a/reactos/win32ss/user/ntuser/message.c +++ b/reactos/win32ss/user/ntuser/message.c @@ -116,7 +116,7 @@ typedef struct tagMSGMEMORY } MSGMEMORY, *PMSGMEMORY; -static MSGMEMORY MsgMemory[] = +static MSGMEMORY g_MsgMemory[] = { { WM_CREATE, MMS_SIZE_SPECIAL, MMS_FLAG_READWRITE }, { WM_DDE_ACK, sizeof(KMDDELPARAM), MMS_FLAG_READ }, @@ -140,8 +140,8 @@ FindMsgMemory(UINT Msg) PMSGMEMORY MsgMemoryEntry; /* See if this message type is present in the table */ - for (MsgMemoryEntry = MsgMemory; - MsgMemoryEntry < MsgMemory + sizeof(MsgMemory) / sizeof(MSGMEMORY); + for (MsgMemoryEntry = g_MsgMemory; + MsgMemoryEntry < g_MsgMemory + sizeof(g_MsgMemory) / sizeof(MSGMEMORY); MsgMemoryEntry++) { if (Msg == MsgMemoryEntry->Message) @@ -225,9 +225,9 @@ MsgMemorySize(PMSGMEMORY MsgMemoryEntry, WPARAM wParam, LPARAM lParam) UINT lParamMemorySize(UINT Msg, WPARAM wParam, LPARAM lParam) { - PMSGMEMORY MsgMemory = FindMsgMemory(Msg); - if(MsgMemory == NULL) return 0; - return MsgMemorySize(MsgMemory, wParam, lParam); + PMSGMEMORY MsgMemoryEntry = FindMsgMemory(Msg); + if(MsgMemoryEntry == NULL) return 0; + return MsgMemorySize(MsgMemoryEntry, wParam, lParam); } static NTSTATUS @@ -388,9 +388,9 @@ UnpackParam(LPARAM lParamPacked, UINT Msg, WPARAM wParam, LPARAM lParam, BOOL No return STATUS_INVALID_PARAMETER; } - if (MsgMemory->Flags == MMS_FLAG_READWRITE) + if (MsgMemoryEntry->Flags == MMS_FLAG_READWRITE) { - //RtlCopyMemory((PVOID)lParam, (PVOID)lParamPacked, MsgMemory->Size); + //RtlCopyMemory((PVOID)lParam, (PVOID)lParamPacked, MsgMemoryEntry->Size); } ExFreePool((PVOID) lParamPacked); return STATUS_SUCCESS; diff --git a/reactos/win32ss/user/ntuser/monitor.c b/reactos/win32ss/user/ntuser/monitor.c index 03a4d65d2b8..aa5cedc19e8 100644 --- a/reactos/win32ss/user/ntuser/monitor.c +++ b/reactos/win32ss/user/ntuser/monitor.c @@ -139,7 +139,7 @@ UserAttachMonitor(IN HDEV hDev) TRACE("Couldnt create monitor object\n"); return STATUS_INSUFFICIENT_RESOURCES; } - + pMonitor->hDev = hDev; pMonitor->cWndStack = 0; @@ -185,7 +185,7 @@ UserDetachMonitor(IN HDEV hDev) { if (pMonitor->hDev == hDev) break; - + pLink = &pMonitor->pMonitorNext; pMonitor = pMonitor->pMonitorNext; } diff --git a/reactos/win32ss/user/ntuser/msgqueue.c b/reactos/win32ss/user/ntuser/msgqueue.c index b6bbfdf534d..1d5627ee498 100644 --- a/reactos/win32ss/user/ntuser/msgqueue.c +++ b/reactos/win32ss/user/ntuser/msgqueue.c @@ -704,7 +704,7 @@ MsqDestroyMessage(PUSER_MESSAGE Message) } BOOLEAN FASTCALL -co_MsqDispatchOneSentMessage(PUSER_MESSAGE_QUEUE MessageQueue) +co_MsqDispatchOneSentMessage(_In_ PUSER_MESSAGE_QUEUE MessageQueue) { PUSER_SENT_MESSAGE SaveMsg, Message; PLIST_ENTRY Entry; @@ -1331,7 +1331,7 @@ FASTCALL IntTrackMouseMove(PWND pwndTrack, PDESKTOP pDesk, PMSG msg, USHORT hittest) { // PWND pwndTrack = IntChildrenWindowFromPoint(pwndMsg, msg->pt.x, msg->pt.y); - hittest = GetNCHitEx(pwndTrack, msg->pt); + hittest = (USHORT)GetNCHitEx(pwndTrack, msg->pt); /// @todo WTF is this??? if ( pDesk->spwndTrack != pwndTrack || // Change with tracking window or msg->message != WM_MOUSEMOVE || // Mouse click changes or diff --git a/reactos/win32ss/user/ntuser/msgqueue.h b/reactos/win32ss/user/ntuser/msgqueue.h index 2708aabcaac..759ddd944b5 100644 --- a/reactos/win32ss/user/ntuser/msgqueue.h +++ b/reactos/win32ss/user/ntuser/msgqueue.h @@ -188,7 +188,7 @@ BOOLEAN FASTCALL MsqInitializeMessageQueue(PTHREADINFO, PUSER_MESSAGE_QUEUE); PUSER_MESSAGE_QUEUE FASTCALL MsqCreateMessageQueue(PTHREADINFO); VOID FASTCALL MsqDestroyMessageQueue(PTHREADINFO); INIT_FUNCTION NTSTATUS NTAPI MsqInitializeImpl(VOID); -BOOLEAN FASTCALL co_MsqDispatchOneSentMessage(PUSER_MESSAGE_QUEUE MessageQueue); +BOOLEAN FASTCALL co_MsqDispatchOneSentMessage(_In_ PUSER_MESSAGE_QUEUE MessageQueue); NTSTATUS FASTCALL co_MsqWaitForNewMessages(PUSER_MESSAGE_QUEUE MessageQueue, PWND WndFilter, UINT MsgFilterMin, UINT MsgFilterMax); diff --git a/reactos/win32ss/user/ntuser/scrollbar.c b/reactos/win32ss/user/ntuser/scrollbar.c index 23c005b2e42..202caa820dc 100644 --- a/reactos/win32ss/user/ntuser/scrollbar.c +++ b/reactos/win32ss/user/ntuser/scrollbar.c @@ -345,7 +345,7 @@ co_IntSetScrollInfo(PWND Window, INT nBar, LPCSCROLLINFO lpsi, BOOL bRedraw) UINT new_flags; INT action = 0; PSBDATA pSBData; - DWORD OldPos; + DWORD OldPos = 0; BOOL bChangeParams = FALSE; /* Don't show/hide scrollbar if params don't change */ ASSERT_REFS_CO(Window); diff --git a/reactos/win32ss/user/ntuser/sysparams.c b/reactos/win32ss/user/ntuser/sysparams.c index 8d637317375..8a9576b4ea3 100644 --- a/reactos/win32ss/user/ntuser/sysparams.c +++ b/reactos/win32ss/user/ntuser/sysparams.c @@ -617,7 +617,7 @@ SpiSetWallpaper(PVOID pvParam, FLONG fl) } /* Capture UNICODE_STRING */ - bResult = SpiMemCopy(&ustr, pvParam, sizeof(UNICODE_STRING), fl & SPIF_PROTECT, 0); + bResult = SpiMemCopy(&ustr, pvParam, sizeof(ustr), fl & SPIF_PROTECT, 0); if (!bResult) return 0; if (ustr.Length > MAX_PATH * sizeof(WCHAR)) return 0; diff --git a/reactos/win32ss/user/ntuser/sysparams.h b/reactos/win32ss/user/ntuser/sysparams.h index e331577988e..6641627310d 100644 --- a/reactos/win32ss/user/ntuser/sysparams.h +++ b/reactos/win32ss/user/ntuser/sysparams.h @@ -141,7 +141,7 @@ typedef struct _SPIVALUES ULONG cxWallpaper, cyWallpaper; WALLPAPER_MODE WallpaperMode; UNICODE_STRING ustrWallpaper; - WCHAR awcWallpaper[MAX_PATH]; + WCHAR awcWallpaper[MAX_PATH + 1]; BOOL bHandHeld; BOOL bFastTaskSwitch; diff --git a/reactos/win32ss/user/ntuser/timer.c b/reactos/win32ss/user/ntuser/timer.c index 8b43dd3b1a3..9271eddf1d7 100644 --- a/reactos/win32ss/user/ntuser/timer.c +++ b/reactos/win32ss/user/ntuser/timer.c @@ -359,7 +359,7 @@ FASTCALL StartTheTimers(VOID) { // Need to start gdi syncro timers then start timer with Hang App proc - // that calles Idle process so the screen savers will know to run...... + // that calles Idle process so the screen savers will know to run...... IntSetTimer(NULL, 0, 1000, HungAppSysTimerProc, TMRF_RIT); // Test Timers // IntSetTimer(NULL, 0, 1000, SystemTimerProc, TMRF_RIT); @@ -584,9 +584,14 @@ NTAPI InitTimerImpl(VOID) { ULONG BitmapBytes; - + /* Allocate FAST_MUTEX from non paged pool */ Mutex = ExAllocatePoolWithTag(NonPagedPool, sizeof(FAST_MUTEX), TAG_INTERNAL_SYNC); + if (!Mutex) + { + return STATUS_INSUFFICIENT_RESOURCES; + } + ExInitializeFastMutex(Mutex); BitmapBytes = ROUND_UP(NUM_WINDOW_LESS_TIMERS, sizeof(ULONG) * 8) / 8; diff --git a/reactos/win32ss/user/ntuser/windc.c b/reactos/win32ss/user/ntuser/windc.c index 756b453e29c..393891c536c 100644 --- a/reactos/win32ss/user/ntuser/windc.c +++ b/reactos/win32ss/user/ntuser/windc.c @@ -852,7 +852,7 @@ DceResetActiveDCEs(PWND Window) { if (!pDCE->hwndCurrent) CurrentWindow = NULL; - else + else CurrentWindow = UserGetWindowObject(pDCE->hwndCurrent); if (NULL == CurrentWindow) { diff --git a/reactos/win32ss/user/ntuser/window.c b/reactos/win32ss/user/ntuser/window.c index af76bc5a7da..db4f50f9fa4 100644 --- a/reactos/win32ss/user/ntuser/window.c +++ b/reactos/win32ss/user/ntuser/window.c @@ -497,6 +497,7 @@ static LRESULT co_UserFreeWindow(PWND Window, /* flush the message queue */ MsqRemoveWindowMessagesFromQueue(Window); + NT_ASSERT(Window->head.pti); IntDereferenceMessageQueue(Window->head.pti->MessageQueue); /* from now on no messages can be sent to this window anymore */ @@ -1987,7 +1988,7 @@ co_UserCreateWindowEx(CREATESTRUCTW* Cs, PWINSTATION_OBJECT WinSta; PCLS Class = NULL; SIZE Size; - POINT MaxPos; + POINT MaxSize, MaxPos, MinTrack, MaxTrack; CBT_CREATEWNDW * pCbtCreate; LRESULT Result; USER_REFERENCE_ENTRY ParentRef, Ref; @@ -2190,8 +2191,6 @@ co_UserCreateWindowEx(CREATESTRUCTW* Cs, if ((Cs->style & WS_THICKFRAME) || !(Cs->style & (WS_POPUP | WS_CHILD))) { - POINT MaxSize, MaxPos, MinTrack, MaxTrack; - co_WinPosGetMinMaxInfo(Window, &MaxSize, &MaxPos, &MinTrack, &MaxTrack); if (Size.cx > MaxTrack.x) Size.cx = MaxTrack.x; if (Size.cy > MaxTrack.y) Size.cy = MaxTrack.y; @@ -2542,7 +2541,7 @@ BOOLEAN FASTCALL co_UserDestroyWindow(PWND Window) TRACE("co_UserDestroyWindow \n"); - /* Check for owner thread */ + /* Check for owner thread */ if ( Window->head.pti != PsGetCurrentThreadWin32Thread()) { /* Check if we are destroying the desktop window */ @@ -2627,7 +2626,7 @@ BOOLEAN FASTCALL co_UserDestroyWindow(PWND Window) * Check if this window is the Shell's Desktop Window. If so set hShellWindow to NULL */ - if ((ti != NULL) & (ti->pDeskInfo != NULL)) + if ((ti != NULL) && (ti->pDeskInfo != NULL)) { if (ti->pDeskInfo->hShellWindow == hWnd) { @@ -3074,8 +3073,6 @@ PWND FASTCALL UserGetAncestor(PWND Wnd, UINT Type) for (;;) { - PWND Parent; - Parent = IntGetParent(WndAncestor); if (!Parent) diff --git a/reactos/win32ss/user/ntuser/winsta.c b/reactos/win32ss/user/ntuser/winsta.c index 13adc556057..1f174ba73a4 100644 --- a/reactos/win32ss/user/ntuser/winsta.c +++ b/reactos/win32ss/user/ntuser/winsta.c @@ -57,7 +57,10 @@ UserCreateWinstaDirectoy() Peb = NtCurrentPeb(); if(Peb->SessionId == 0) { - RtlCreateUnicodeString(&gustrWindowStationsDir, WINSTA_OBJ_DIR); + if (!RtlCreateUnicodeString(&gustrWindowStationsDir, WINSTA_OBJ_DIR)) + { + return STATUS_INSUFFICIENT_RESOURCES; + } } else { @@ -67,7 +70,10 @@ UserCreateWinstaDirectoy() Peb->SessionId, WINSTA_OBJ_DIR); - RtlCreateUnicodeString( &gustrWindowStationsDir, wstrWindowStationsDir); + if (!RtlCreateUnicodeString(&gustrWindowStationsDir, wstrWindowStationsDir)) + { + return STATUS_INSUFFICIENT_RESOURCES; + } } InitializeObjectAttributes(&ObjectAttributes, @@ -1024,27 +1030,30 @@ BuildWindowStationNameList( &ReturnLength); if (STATUS_BUFFER_TOO_SMALL == Status) { - BufferSize = ReturnLength; - Buffer = ExAllocatePoolWithTag(PagedPool, BufferSize, TAG_WINSTA); - if (NULL == Buffer) - { - ObDereferenceObject(DirectoryHandle); - return STATUS_NO_MEMORY; - } + ObDereferenceObject(DirectoryHandle); + return STATUS_NO_MEMORY; + } - /* We should have a sufficiently large buffer now */ - Context = 0; - Status = ZwQueryDirectoryObject(DirectoryHandle, Buffer, BufferSize, - FALSE, TRUE, &Context, &ReturnLength); - if (! NT_SUCCESS(Status) || - STATUS_NO_MORE_ENTRIES != ZwQueryDirectoryObject(DirectoryHandle, NULL, 0, FALSE, - FALSE, &Context, NULL)) - { - /* Something went wrong, maybe someone added a directory entry? Just give up. */ - ExFreePoolWithTag(Buffer, TAG_WINSTA); - ObDereferenceObject(DirectoryHandle); - return NT_SUCCESS(Status) ? STATUS_INTERNAL_ERROR : Status; - } + BufferSize = ReturnLength; + Buffer = ExAllocatePoolWithTag(PagedPool, BufferSize, TAG_WINSTA); + if (NULL == Buffer) + { + ObDereferenceObject(DirectoryHandle); + return STATUS_NO_MEMORY; + } + + /* We should have a sufficiently large buffer now */ + Context = 0; + Status = ZwQueryDirectoryObject(DirectoryHandle, Buffer, BufferSize, + FALSE, TRUE, &Context, &ReturnLength); + if (! NT_SUCCESS(Status) || + STATUS_NO_MORE_ENTRIES != ZwQueryDirectoryObject(DirectoryHandle, NULL, 0, FALSE, + FALSE, &Context, NULL)) + { + /* Something went wrong, maybe someone added a directory entry? Just give up. */ + ExFreePoolWithTag(Buffer, TAG_WINSTA); + ObDereferenceObject(DirectoryHandle); + return NT_SUCCESS(Status) ? STATUS_INTERNAL_ERROR : Status; } } @@ -1130,7 +1139,7 @@ BuildWindowStationNameList( /* * Clean up */ - if (NULL != Buffer && Buffer != InitialBuffer) + if (Buffer != InitialBuffer) { ExFreePoolWithTag(Buffer, TAG_WINSTA); } @@ -1153,6 +1162,7 @@ BuildDesktopNameList( DWORD EntryCount; ULONG ReturnLength; WCHAR NullWchar; + PUNICODE_STRING DesktopName; Status = IntValidateWindowStationHandle(hWindowStation, KernelMode, @@ -1175,7 +1185,8 @@ BuildDesktopNameList( DesktopEntry = DesktopEntry->Flink) { DesktopObject = CONTAINING_RECORD(DesktopEntry, DESKTOP, ListEntry); - ReturnLength += ((PUNICODE_STRING)GET_DESKTOP_NAME(DesktopObject))->Length + sizeof(WCHAR); + DesktopName = GET_DESKTOP_NAME(DesktopObject); + if (DesktopName) ReturnLength += DesktopName->Length + sizeof(WCHAR); EntryCount++; } TRACE("Required size: %d Entry count: %d\n", ReturnLength, EntryCount); @@ -1218,14 +1229,18 @@ BuildDesktopNameList( DesktopEntry = DesktopEntry->Flink) { DesktopObject = CONTAINING_RECORD(DesktopEntry, DESKTOP, ListEntry); - Status = MmCopyToCaller(lpBuffer, ((PUNICODE_STRING)GET_DESKTOP_NAME(DesktopObject))->Buffer, ((PUNICODE_STRING)GET_DESKTOP_NAME(DesktopObject))->Length); + _PRAGMA_WARNING_SUPPRESS(__WARNING_DEREF_NULL_PTR) + DesktopName = GET_DESKTOP_NAME(DesktopObject);/// @todo Don't mess around with the object headers! + if (!DesktopName) continue; + + Status = MmCopyToCaller(lpBuffer, DesktopName->Buffer, DesktopName->Length); if (! NT_SUCCESS(Status)) { KeReleaseSpinLock(&WindowStation->Lock, OldLevel); ObDereferenceObject(WindowStation); return Status; } - lpBuffer = (PVOID) ((PCHAR) lpBuffer + ((PUNICODE_STRING)GET_DESKTOP_NAME(DesktopObject))->Length); + lpBuffer = (PVOID) ((PCHAR)lpBuffer + DesktopName->Length); Status = MmCopyToCaller(lpBuffer, &NullWchar, sizeof(WCHAR)); if (! NT_SUCCESS(Status)) {