Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2025-08-05 19:12:57 +00:00
Code Issues Projects Releases Packages Wiki Activity
reactos/win32ss
History
Joachim Henze 065e47d87d [0.4.14][NTUSER] Scrollbar.c, Avoid potential out-of-bounds-accesses in co_IntSetScrollInfo() CORE-17777 
This is an addendum to
0.4.15-dev-3174-g dda9c3979e CORE-17769 and
0.4.15-dev-3147-g 3bf7e3ac13 CORE-17754 CORE-17755

We have not seen this happening in real-life yet, but some code-fragments within co_IntSetScrollInfo()
e.g. line 628 if (nBar == SB_CTL) do clearly indicate that nBar can be 2 (SB_CTL).
Some lines below we definitely must not access those 4 static arrays out of bounds then via nBar as access index!

Ftr with a bit of grepping I also found some calls like NtUserSetScrollInfo(Wnd, SB_CTL, &Info, FALSE);
e.g: in win32ss/user/user32/controls/scrollbar.c so I am pretty sure nBar == 2 can happen in practice within co_IntSetScrollInfo().

I question whether any of those reads/writes to those static arrays (or the comparisons) would make any sense on index 2,
so we should aim to eliminate them altogether in the future.

fix picked from 0.4.15-dev-3175-g 222acf5a3e
2021-09-20 03:14:01 +02:00
..
drivers [NTOS:IO] Fix parsing of resource lists 2020-04-24 13:58:09 +03:00
gdi [0.4.14][WIN32K] Revert NtGdiStretchDIBitsInternal to Previous Logic (#3774) 2021-07-03 08:25:26 +02:00
include [WIN32K:NTUSER] ntuser.h: Rename NtUserWaitForInputIdle() 3rd parameter (#2499) 2020-04-03 15:06:25 +02:00
printing [0.4.14][WINSPOOL] Properly fix a double free CORE-16715 2020-08-31 02:21:49 +02:00
reactx [CMAKE] Use modules instead of shared libraries 2019-04-06 17:43:38 +02:00
user [0.4.14][NTUSER] Scrollbar.c, Avoid potential out-of-bounds-accesses in co_IntSetScrollInfo() CORE-17777 2021-09-20 03:14:01 +02:00
CMakeLists.txt [CMAKE] Use modules instead of shared libraries 2019-04-06 17:43:38 +02:00
napi.h
pch.h [Win32SS] Fix build 2020-04-19 18:49:46 -05:00
sys-stubs.S
w32ksvc.db
w32ksvc.h [WIN32K] Implement NtUserSetWindowLongPtr for 64 bit builds 2018-02-19 22:36:36 +01:00
win32k.h
win32k.rc
win32k.spec
win32kp.h [NDK][NTOS] Add global definition of INIT_FUNCTION/INIT_SECTION (#779) 2018-12-30 12:19:11 +01:00