Author: rharabien Date: Wed Mar 23 15:33:13 2011 New Revision: 51125
URL: http://svn.reactos.org/svn/reactos?rev=51125&view=rev Log: [WIN32K] Check for failed allocations when creating window See issue #6021 for more details.
Modified: trunk/reactos/subsystems/win32/win32k/ntuser/window.c
Modified: trunk/reactos/subsystems/win32/win32k/ntuser/window.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/subsystems/win32/win32k/ntu... ============================================================================== --- trunk/reactos/subsystems/win32/win32k/ntuser/window.c [iso-8859-1] (original) +++ trunk/reactos/subsystems/win32/win32k/ntuser/window.c [iso-8859-1] Wed Mar 23 15:33:13 2011 @@ -1940,7 +1940,7 @@ DWORD dwShowMode = SW_SHOW; CREATESTRUCTW *pCsw = NULL; PVOID pszClass = NULL, pszName = NULL; - DECLARE_RETURN(PWND); + PWND ret = NULL;
/* Get the current window station and reference it */ pti = GetW32ThreadInfo(); @@ -1960,7 +1960,7 @@ if(!Class) { DPRINT1("Failed to find class %wZ\n", ClassName); - RETURN(NULL); + goto cleanup; }
/* Now find the parent and the owner window */ @@ -1982,7 +1982,7 @@ { DPRINT1("Cannot create a child window without a parrent!\n"); EngSetLastError(ERROR_TLW_WITH_WSCHILD); - RETURN(NULL); /* WS_CHILD needs a parent, but WS_POPUP doesn't */ + goto cleanup; /* WS_CHILD needs a parent, but WS_POPUP doesn't */ }
ParentWindow = hWndParent ? UserGetWindowObject(hWndParent): NULL; @@ -2008,7 +2008,7 @@ if(!Window) { DPRINT1("IntCreateWindow failed!\n"); - RETURN(0); + goto cleanup; }
hWnd = UserHMGetHandle(Window); @@ -2023,6 +2023,11 @@ // Allocate the calling structures Justin Case this goes Global. pCsw = ExAllocatePoolWithTag(NonPagedPool, sizeof(CREATESTRUCTW), TAG_HOOK); pCbtCreate = ExAllocatePoolWithTag(NonPagedPool, sizeof(CBT_CREATEWNDW), TAG_HOOK); + if (!pCsw || !pCbtCreate) + { + DPRINT1("UserHeapAlloc() failed!\n"); + goto cleanup; + }
/* Fill the new CREATESTRUCTW */ RtlCopyMemory(pCsw, Cs, sizeof(CREATESTRUCTW)); @@ -2036,6 +2041,11 @@ ANSI_STRING AnsiString; AnsiString.MaximumLength = RtlUnicodeStringToAnsiSize(ClassName)+sizeof(CHAR); pszClass = UserHeapAlloc(AnsiString.MaximumLength); + if (!pszClass) + { + DPRINT1("UserHeapAlloc() failed!\n"); + goto cleanup; + } RtlZeroMemory(pszClass, AnsiString.MaximumLength); AnsiString.Buffer = (PCHAR)pszClass; RtlUnicodeStringToAnsiString(&AnsiString, ClassName, FALSE); @@ -2045,11 +2055,16 @@ UNICODE_STRING UnicodeString; UnicodeString.MaximumLength = ClassName->Length + sizeof(UNICODE_NULL); pszClass = UserHeapAlloc(UnicodeString.MaximumLength); + if (!pszClass) + { + DPRINT1("UserHeapAlloc() failed!\n"); + goto cleanup; + } RtlZeroMemory(pszClass, UnicodeString.MaximumLength); UnicodeString.Buffer = (PWSTR)pszClass; RtlCopyUnicodeString(&UnicodeString, ClassName); } - if (pszClass) pCsw->lpszClass = UserHeapAddressToUser(pszClass); + pCsw->lpszClass = UserHeapAddressToUser(pszClass); } if (WindowName->Length) { @@ -2061,8 +2076,13 @@ if (Window->state & WNDS_ANSICREATOR) { ANSI_STRING AnsiString; - AnsiString.MaximumLength = RtlUnicodeStringToAnsiSize(&Name)+sizeof(CHAR); + AnsiString.MaximumLength = RtlUnicodeStringToAnsiSize(&Name) + sizeof(CHAR); pszName = UserHeapAlloc(AnsiString.MaximumLength); + if (!pszName) + { + DPRINT1("UserHeapAlloc() failed!\n"); + goto cleanup; + } RtlZeroMemory(pszName, AnsiString.MaximumLength); AnsiString.Buffer = (PCHAR)pszName; RtlUnicodeStringToAnsiString(&AnsiString, &Name, FALSE); @@ -2072,11 +2092,16 @@ UNICODE_STRING UnicodeString; UnicodeString.MaximumLength = Name.Length + sizeof(UNICODE_NULL); pszName = UserHeapAlloc(UnicodeString.MaximumLength); + if (!pszName) + { + DPRINT1("UserHeapAlloc() failed!\n"); + goto cleanup; + } RtlZeroMemory(pszName, UnicodeString.MaximumLength); UnicodeString.Buffer = (PWSTR)pszName; RtlCopyUnicodeString(&UnicodeString, &Name); } - if (pszName) pCsw->lpszName = UserHeapAddressToUser(pszName); + pCsw->lpszName = UserHeapAddressToUser(pszName); }
pCbtCreate->lpcs = pCsw; @@ -2087,7 +2112,7 @@ if (Result != 0) { DPRINT1("WH_CBT HCBT_CREATEWND hook failed! 0x%x\n", Result); - RETURN( (PWND) NULL); + goto cleanup; } // Write back changes. Cs->cx = pCsw->cx; @@ -2143,7 +2168,7 @@ if (!Result) { DPRINT1("co_UserCreateWindowEx(): NCCREATE message failed\n"); - RETURN((PWND)0); + goto cleanup; }
/* Send the WM_NCCALCSIZE message */ @@ -2161,7 +2186,7 @@ if (Result == (LRESULT)-1) { DPRINT1("co_UserCreateWindowEx(): WM_CREATE message failed\n"); - RETURN((PWND)0); + goto cleanup; }
/* Send the EVENT_OBJECT_CREATE event*/ @@ -2234,10 +2259,10 @@ }
DPRINT("co_UserCreateWindowEx(): Created window %X\n", hWnd); - RETURN( Window); - -CLEANUP: - if (!_ret_) + ret = Window; + +cleanup: + if (!ret) { DPRINT("co_UserCreateWindowEx(): Error Created window!\n"); /* If the window was created, the class will be dereferenced by co_UserDestroyWindow */ @@ -2258,8 +2283,8 @@ UserDereferenceObject(Window); } if (ParentWindow) UserDerefObjectCo(ParentWindow); - - END_CLEANUP; + + return ret; }
NTSTATUS