Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2025-02-23 00:45:24 +00:00
Code Issues Projects Releases Packages Wiki Activity
reactos/win32ss/user
History
Joachim Henze 222acf5a3e [NTUSER] Scrollbar.c, Avoid potential out-of-bounds-accesses in co_IntSetScrollInfo() CORE-17777 
This is an addendum to
0.4.15-dev-3174-g dda9c3979e CORE-17769 and
0.4.15-dev-3147-g 3bf7e3ac13 CORE-17754 CORE-17755

We have not seen this happening in real-life yet, but some code-fragments within co_IntSetScrollInfo()
e.g. line 628 if (nBar == SB_CTL) do clearly indicate that nBar can be 2 (SB_CTL).
Some lines below we definitely must not access those 4 static arrays out of bounds then via nBar as access index!

Ftr with a bit of grepping I also found some calls like NtUserSetScrollInfo(Wnd, SB_CTL, &Info, FALSE);
e.g: in win32ss/user/user32/controls/scrollbar.c so I am pretty sure nBar == 2 can happen in practice within co_IntSetScrollInfo().

I question whether any of those reads/writes to those static arrays (or the comparisons) would make any sense on index 2,
so we should aim to eliminate them altogether in the future.
2021-09-20 03:05:05 +02:00
..
ntuser [NTUSER] Scrollbar.c, Avoid potential out-of-bounds-accesses in co_IntSetScrollInfo() CORE-17777 2021-09-20 03:05:05 +02:00
rtl [WIN32K:NTUSER] Zero allocated memory in IntCbAllocateMemory. 2020-06-24 09:15:27 +02:00
user32 [FORMATTING] Remove trailing whitespace. Addendum to 34593d93. 2021-09-13 03:52:22 +02:00
winsrv [FORMATTING] Remove trailing whitespace. Addendum to 34593d93. 2021-09-13 03:52:22 +02:00