[ros-diffs] [khornicek] 62684: [DESK] - fix a bunch of buffer overruns, negative array index accesses and uninitialized variables CID #1102296 CID #501468 CID #716755 CID #716756 CID #1102323

Author: khornicek Date: Mon Apr 7 23:36:39 2014 New Revision: 62684 URL: http://svn.reactos.org/svn/reactos?rev=62684&view=rev Log: [DESK] - fix a bunch of buffer overruns, negative array index accesses and uninitialized variables CID #1102296 CID #501468 CID #716755 CID #716756 CID #1102323 Modified: trunk/reactos/dll/cpl/desk/advappdlg.c trunk/reactos/dll/cpl/desk/draw.c trunk/reactos/dll/cpl/desk/general.c trunk/reactos/dll/cpl/desk/screensaver.c Modified: trunk/reactos/dll/cpl/desk/advappdlg.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/cpl/desk/advappdlg.c?r… ============================================================================== --- trunk/reactos/dll/cpl/desk/advappdlg.c [iso-8859-1] (original) +++ trunk/reactos/dll/cpl/desk/advappdlg.c [iso-8859-1] Mon Apr 7 23:36:39 2014 @@ -275,7 +275,7 @@ plfFont->lfHeight = -MulDiv(GetDlgItemInt(hwndDlg, IDC_ADVAPPEARANCE_FONTSIZE_E, &bTranslated, FALSE), GetDeviceCaps(hdcDlg, LOGPIXELSY), 72); plfFont->lfWeight = (SendDlgItemMessage(hwndDlg, IDC_ADVAPPEARANCE_FONTBOLD, BM_GETCHECK, 0, 0) == 1) ? FW_BOLD : FW_NORMAL; plfFont->lfItalic = (BYTE)SendDlgItemMessage(hwndDlg, IDC_ADVAPPEARANCE_FONTITALIC, BM_GETCHECK, 0, 0); - GetDlgItemText(hwndDlg, IDC_ADVAPPEARANCE_FONT_C, plfFont->lfFaceName, LF_FACESIZE * sizeof(TCHAR)); + GetDlgItemText(hwndDlg, IDC_ADVAPPEARANCE_FONT_C, plfFont->lfFaceName, LF_FACESIZE); } ReleaseDC(hwndDlg, hdcDlg); Modified: trunk/reactos/dll/cpl/desk/draw.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/cpl/desk/draw.c?rev=62… ============================================================================== --- trunk/reactos/dll/cpl/desk/draw.c [iso-8859-1] (original) +++ trunk/reactos/dll/cpl/desk/draw.c [iso-8859-1] Mon Apr 7 23:36:39 2014 @@ -69,6 +69,8 @@ int LTpenplus = 0; int RTpenplus = 0; int RBpenplus = 0; + HBRUSH hbr; + /* Init some vars */ LTInnerPen = LTOuterPen = RBInnerPen = RBOuterPen = (HPEN)GetStockObject(NULL_PEN); SavePen = (HPEN)SelectObject(hdc, LTInnerPen); @@ -88,76 +90,84 @@ if((uFlags & BF_TOPLEFT) == BF_TOPLEFT) LTpenplus = 1; + if((uFlags & MY_BF_ACTIVEBORDER)) + hbr = CreateSolidBrush(scheme->crColor[COLOR_ACTIVEBORDER]); + else + hbr = CreateSolidBrush(scheme->crColor[COLOR_BTNFACE]); + + FillRect(hdc, &InnerRect, hbr); + DeleteObject(hbr); + + MoveToEx(hdc, 0, 0, &SavePoint); + + /* Draw the outer edge */ + if(LTOuterI != -1) + { + LTOuterPen = GetStockObject(DC_PEN); + SelectObject(hdc, LTOuterPen); + SetDCPenColor(hdc, scheme->crColor[LTOuterI]); + if(uFlags & BF_TOP) + { + MoveToEx(hdc, InnerRect.left, InnerRect.top, NULL); + LineTo(hdc, InnerRect.right, InnerRect.top); + } + if(uFlags & BF_LEFT) + { + MoveToEx(hdc, InnerRect.left, InnerRect.top, NULL); + LineTo(hdc, InnerRect.left, InnerRect.bottom); + } + } + + if(RBOuterI != -1) + { + RBOuterPen = GetStockObject(DC_PEN); + SelectObject(hdc, RBOuterPen); + SetDCPenColor(hdc, scheme->crColor[RBOuterI]); + if(uFlags & BF_BOTTOM) + { + MoveToEx(hdc, InnerRect.left, InnerRect.bottom-1, NULL); + LineTo(hdc, InnerRect.right, InnerRect.bottom-1); + } + if(uFlags & BF_RIGHT) + { + MoveToEx(hdc, InnerRect.right-1, InnerRect.top, NULL); + LineTo(hdc, InnerRect.right-1, InnerRect.bottom); + } + } + + /* Draw the inner edge */ if(LTInnerI != -1) + { LTInnerPen = GetStockObject(DC_PEN); - if(LTOuterI != -1) - LTOuterPen = GetStockObject(DC_PEN); + SelectObject(hdc, LTInnerPen); + SetDCPenColor(hdc, scheme->crColor[LTInnerI]); + if(uFlags & BF_TOP) + { + MoveToEx(hdc, InnerRect.left+LTpenplus, InnerRect.top+1, NULL); + LineTo(hdc, InnerRect.right-RTpenplus, InnerRect.top+1); + } + if(uFlags & BF_LEFT) + { + MoveToEx(hdc, InnerRect.left+1, InnerRect.top+LTpenplus, NULL); + LineTo(hdc, InnerRect.left+1, InnerRect.bottom-LBpenplus); + } + } + if(RBInnerI != -1) + { RBInnerPen = GetStockObject(DC_PEN); - if(RBOuterI != -1) - RBOuterPen = GetStockObject(DC_PEN); - { - HBRUSH hbr; - - if((uFlags & MY_BF_ACTIVEBORDER)) - hbr = CreateSolidBrush(scheme->crColor[COLOR_ACTIVEBORDER]); - else - hbr = CreateSolidBrush(scheme->crColor[COLOR_BTNFACE]); - FillRect(hdc, &InnerRect, hbr); - DeleteObject(hbr); - } - MoveToEx(hdc, 0, 0, &SavePoint); - - /* Draw the outer edge */ - SelectObject(hdc, LTOuterPen); - SetDCPenColor(hdc, scheme->crColor[LTOuterI]); - if(uFlags & BF_TOP) - { - MoveToEx(hdc, InnerRect.left, InnerRect.top, NULL); - LineTo(hdc, InnerRect.right, InnerRect.top); - } - if(uFlags & BF_LEFT) - { - MoveToEx(hdc, InnerRect.left, InnerRect.top, NULL); - LineTo(hdc, InnerRect.left, InnerRect.bottom); - } - SelectObject(hdc, RBOuterPen); - SetDCPenColor(hdc, scheme->crColor[RBOuterI]); - if(uFlags & BF_BOTTOM) - { - MoveToEx(hdc, InnerRect.left, InnerRect.bottom-1, NULL); - LineTo(hdc, InnerRect.right, InnerRect.bottom-1); - } - if(uFlags & BF_RIGHT) - { - MoveToEx(hdc, InnerRect.right-1, InnerRect.top, NULL); - LineTo(hdc, InnerRect.right-1, InnerRect.bottom); - } - - /* Draw the inner edge */ - SelectObject(hdc, LTInnerPen); - SetDCPenColor(hdc, scheme->crColor[LTInnerI]); - if(uFlags & BF_TOP) - { - MoveToEx(hdc, InnerRect.left+LTpenplus, InnerRect.top+1, NULL); - LineTo(hdc, InnerRect.right-RTpenplus, InnerRect.top+1); - } - if(uFlags & BF_LEFT) - { - MoveToEx(hdc, InnerRect.left+1, InnerRect.top+LTpenplus, NULL); - LineTo(hdc, InnerRect.left+1, InnerRect.bottom-LBpenplus); - } - SelectObject(hdc, RBInnerPen); - SetDCPenColor(hdc, scheme->crColor[RBInnerI]); - if(uFlags & BF_BOTTOM) - { - MoveToEx(hdc, InnerRect.left+LBpenplus, InnerRect.bottom-2, NULL); - LineTo(hdc, InnerRect.right-RBpenplus, InnerRect.bottom-2); - } - if(uFlags & BF_RIGHT) - { - MoveToEx(hdc, InnerRect.right-2, InnerRect.top+RTpenplus, NULL); - LineTo(hdc, InnerRect.right-2, InnerRect.bottom-RBpenplus); + SelectObject(hdc, RBInnerPen); + SetDCPenColor(hdc, scheme->crColor[RBInnerI]); + if(uFlags & BF_BOTTOM) + { + MoveToEx(hdc, InnerRect.left+LBpenplus, InnerRect.bottom-2, NULL); + LineTo(hdc, InnerRect.right-RBpenplus, InnerRect.bottom-2); + } + if(uFlags & BF_RIGHT) + { + MoveToEx(hdc, InnerRect.right-2, InnerRect.top+RTpenplus, NULL); + LineTo(hdc, InnerRect.right-2, InnerRect.bottom-RBpenplus); + } } if (uFlags & BF_ADJUST) @@ -245,6 +255,8 @@ case DFCS_CAPTIONRESTORE: Symbol = '2'; break; + default: + return FALSE; } MyIntDrawRectEdge(dc, r, (uFlags & DFCS_PUSHED) ? EDGE_SUNKEN : EDGE_RAISED, BF_RECT | BF_MIDDLE | BF_SOFT, scheme); ZeroMemory(&lf, sizeof(LOGFONT)); @@ -313,6 +325,9 @@ case DFCS_SCROLLRIGHT: Symbol = '4'; break; + + default: + return FALSE; } MyIntDrawRectEdge(dc, r, (uFlags & DFCS_PUSHED) ? EDGE_SUNKEN : EDGE_RAISED, (uFlags&DFCS_FLAT) | BF_MIDDLE | BF_RECT, scheme); ZeroMemory(&lf, sizeof(LOGFONT)); Modified: trunk/reactos/dll/cpl/desk/general.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/cpl/desk/general.c?rev… ============================================================================== --- trunk/reactos/dll/cpl/desk/general.c [iso-8859-1] (original) +++ trunk/reactos/dll/cpl/desk/general.c [iso-8859-1] Mon Apr 7 23:36:39 2014 @@ -33,7 +33,7 @@ TCHAR Buffer[LINE_LEN]; TCHAR Desc[LINE_LEN]; - if (SetupGetStringField(&Context, 0, Buffer, sizeof(Buffer), NULL) && + if (SetupGetStringField(&Context, 0, Buffer, sizeof(Buffer) / sizeof(TCHAR), NULL) && SetupGetIntField(&Context, 1, &ci)) { _stprintf(Desc, _T("%s (%d DPI)"), Buffer, ci); Modified: trunk/reactos/dll/cpl/desk/screensaver.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/cpl/desk/screensaver.c… ============================================================================== --- trunk/reactos/dll/cpl/desk/screensaver.c [iso-8859-1] (original) +++ trunk/reactos/dll/cpl/desk/screensaver.c [iso-8859-1] Mon Apr 7 23:36:39 2014 @@ -340,7 +340,6 @@ ScreenSaverCount = pData->ScreenSaverCount; - hr = StringCbCopy(szSearchPath, sizeof(szSearchPath), pszSearchPath); if (FAILED(hr)) return;