reactos/win32ss
Joachim Henze 222acf5a3e [NTUSER] Scrollbar.c, Avoid potential out-of-bounds-accesses in co_IntSetScrollInfo() CORE-17777
This is an addendum to
0.4.15-dev-3174-g dda9c3979e CORE-17769 and
0.4.15-dev-3147-g 3bf7e3ac13 CORE-17754 CORE-17755

We have not seen this happening in real-life yet, but some code-fragments within co_IntSetScrollInfo()
e.g. line 628 if (nBar == SB_CTL) do clearly indicate that nBar can be 2 (SB_CTL).
Some lines below we definitely must not access those 4 static arrays out of bounds then via nBar as access index!

Ftr with a bit of grepping I also found some calls like NtUserSetScrollInfo(Wnd, SB_CTL, &Info, FALSE);
e.g: in win32ss/user/user32/controls/scrollbar.c so I am pretty sure nBar == 2 can happen in practice within co_IntSetScrollInfo().

I question whether any of those reads/writes to those static arrays (or the comparisons) would make any sense on index 2,
so we should aim to eliminate them altogether in the future.
2021-09-20 03:05:05 +02:00
..
drivers [FORMATTING] Remove trailing whitespace. Addendum to 34593d93. 2021-09-13 03:52:22 +02:00
gdi [WIN32SS:GDI] Add a sanity assert 2021-09-14 17:58:23 +03:00
include [IMM32] Rewrite ImmAssociateContextEx (#3961) 2021-09-16 19:29:49 +09:00
printing [FORMATTING] Remove trailing whitespace. Addendum to 34593d93. 2021-09-13 03:52:22 +02:00
reactx [WIN32SS][NTDDRAW] Get complexity of visible region in DxEngGetDCState (#2604) 2020-05-01 15:57:11 +02:00
user [NTUSER] Scrollbar.c, Avoid potential out-of-bounds-accesses in co_IntSetScrollInfo() CORE-17777 2021-09-20 03:05:05 +02:00
CMakeLists.txt [WIN32K] Fix getting long value from float object 2021-03-31 18:35:31 +02:00
napi.h
pch.h [Win32SS] Fix build 2020-04-19 18:49:46 -05:00
sys-stubs.S
w32ksvc.db
w32ksvc.h
win32k.h
win32k.rc
win32k.spec [WIN32K] Add x64/arm exports 2021-06-12 14:11:14 +02:00
win32kp.h [WIN32K:NTUSER] Assert global user lock is held exclusively when using global & desktop heaps 2021-08-03 23:13:19 +02:00