Author: tkreuzer
Date: Sun Sep 30 22:02:02 2012
New Revision: 57445
URL:
http://svn.reactos.org/svn/reactos?rev=57445&view=rev
Log:
[WIN32K]
Fix the hack, so it doesn't cause overwriting of usermode memory.
Modified:
trunk/reactos/win32ss/gdi/ntgdi/dibobj.c
Modified: trunk/reactos/win32ss/gdi/ntgdi/dibobj.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/win32ss/gdi/ntgdi/dibobj.c…
==============================================================================
--- trunk/reactos/win32ss/gdi/ntgdi/dibobj.c [iso-8859-1] (original)
+++ trunk/reactos/win32ss/gdi/ntgdi/dibobj.c [iso-8859-1] Sun Sep 30 22:02:02 2012
@@ -1007,6 +1007,7 @@
PBITMAPINFO pbmi;
HANDLE hSecure = NULL;
INT iResult = 0;
+ UINT cjAlloc;
/* Check for bad iUsage */
if (iUsage > 2) return 0;
@@ -1022,10 +1023,10 @@
// HACK: the underlying code sucks and doesn't care for the size, so we
// give it the maximum ever needed
- cjMaxInfo = sizeof(BITMAPV5HEADER) + 256 * sizeof(RGBQUAD);
+ cjAlloc = sizeof(BITMAPV5HEADER) + 256 * sizeof(RGBQUAD);
/* Allocate a buffer the bitmapinfo */
- pbmi = ExAllocatePoolWithTag(PagedPool, cjMaxInfo, 'imBG');
+ pbmi = ExAllocatePoolWithTag(PagedPool, cjAlloc, 'imBG');
if (!pbmi)
{
/* Fail */