Author: tfaber Date: Wed Nov 16 21:17:38 2011 New Revision: 54401
URL: http://svn.reactos.org/svn/reactos?rev=54401&view=rev Log: [ATL] - Fix buffer overflow in CComDynamicUnkArray::Add. Found by Coverity (CID 2474) [NDK] - Remove meaningless const attribute from pointer rvalues to make Coverity's life easier
Modified: trunk/reactos/include/ndk/i386/ketypes.h trunk/reactos/include/ndk/ketypes.h trunk/reactos/lib/atl/atlcom.h
Modified: trunk/reactos/include/ndk/i386/ketypes.h URL: http://svn.reactos.org/svn/reactos/trunk/reactos/include/ndk/i386/ketypes.h?... ============================================================================== --- trunk/reactos/include/ndk/i386/ketypes.h [iso-8859-1] (original) +++ trunk/reactos/include/ndk/i386/ketypes.h [iso-8859-1] Wed Nov 16 21:17:38 2011 @@ -27,10 +27,10 @@ // KPCR Access for non-IA64 builds // #define K0IPCR ((ULONG_PTR)(KIP0PCRADDRESS)) -#define PCR ((KPCR * const)K0IPCR) +#define PCR ((KPCR *)K0IPCR) #if defined(CONFIG_SMP) || defined(NT_BUILD) #undef KeGetPcr -#define KeGetPcr() ((KPCR * const)__readfsdword(FIELD_OFFSET(KPCR, SelfPcr))) +#define KeGetPcr() ((KPCR *)__readfsdword(FIELD_OFFSET(KPCR, SelfPcr))) #endif
//
Modified: trunk/reactos/include/ndk/ketypes.h URL: http://svn.reactos.org/svn/reactos/trunk/reactos/include/ndk/ketypes.h?rev=5... ============================================================================== --- trunk/reactos/include/ndk/ketypes.h [iso-8859-1] (original) +++ trunk/reactos/include/ndk/ketypes.h [iso-8859-1] Wed Nov 16 21:17:38 2011 @@ -128,7 +128,7 @@ // // Dereferencable pointer to KUSER_SHARED_DATA in User-Mode // -#define SharedUserData ((KUSER_SHARED_DATA *CONST)USER_SHARED_DATA) +#define SharedUserData ((KUSER_SHARED_DATA *)USER_SHARED_DATA)
// // Maximum WOW64 Entries in KUSER_SHARED_DATA
Modified: trunk/reactos/lib/atl/atlcom.h URL: http://svn.reactos.org/svn/reactos/trunk/reactos/lib/atl/atlcom.h?rev=54401&... ============================================================================== --- trunk/reactos/lib/atl/atlcom.h [iso-8859-1] (original) +++ trunk/reactos/lib/atl/atlcom.h [iso-8859-1] Wed Nov 16 21:17:38 2011 @@ -849,9 +849,10 @@ return 0; m_ppUnk = newArray; memset(&m_ppUnk[m_nSize], 0, (newSize - m_nSize) * sizeof(IUnknown *)); + curCookie = m_nSize + 1; m_nSize = newSize; - m_ppUnk[m_nSize] = pUnk; - return m_nSize + 1; + m_ppUnk[curCookie - 1] = pUnk; + return curCookie; }
BOOL Remove(DWORD dwCookie)