Author: greatlrd Date: Sat May 10 13:07:41 2008 New Revision: 33415
URL: http://svn.reactos.org/svn/reactos?rev=33415&view=rev Log: fixing a memory overwrite bug I miskate intrudes the private size of stackobject list contain 22 object, and we do not want mix up the private size and the user mode size for different version.
Modified: trunk/reactos/subsystems/win32/win32k/include/object.h trunk/reactos/subsystems/win32/win32k/objects/stockobj.c
Modified: trunk/reactos/subsystems/win32/win32k/include/object.h URL: http://svn.reactos.org/svn/reactos/trunk/reactos/subsystems/win32/win32k/inc... ============================================================================== --- trunk/reactos/subsystems/win32/win32k/include/object.h [iso-8859-1] (original) +++ trunk/reactos/subsystems/win32/win32k/include/object.h [iso-8859-1] Sat May 10 13:07:41 2008 @@ -8,6 +8,10 @@ #define FIRST_USER_HANDLE 0x0020 /* first possible value for low word of user handle */ #define LAST_USER_HANDLE 0xffef /* last possible value for low word of user handle */
+/* Comments from reserve two extra entry for the stock default bitmap this is what Windows does too + * and verify if it is true it is not. in XP/2003 it is 22 stockobjects for each bitmap + */ +#define PRV_STOCK_LAST 22
#define USER_HEADER_TO_BODY(ObjectHeader) \ ((PVOID)(((PUSER_OBJECT_HEADER)ObjectHeader) + 1))
Modified: trunk/reactos/subsystems/win32/win32k/objects/stockobj.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/subsystems/win32/win32k/obj... ============================================================================== --- trunk/reactos/subsystems/win32/win32k/objects/stockobj.c [iso-8859-1] (original) +++ trunk/reactos/subsystems/win32/win32k/objects/stockobj.c [iso-8859-1] Sat May 10 13:07:41 2008 @@ -107,10 +107,10 @@ { 11, 0, 0, 0, FW_NORMAL, FALSE, FALSE, FALSE, ANSI_CHARSET, 0, 0, DEFAULT_QUALITY, VARIABLE_PITCH | FF_SWISS, L"MS Sans Serif" }; //Bitstream Vera Sans
-/* Comments from wine reserve two extra entry for the stock default bitmap this is what Windows does too - * and verify if it it is true it is not. in XP/2003 it is 22 stockobjects for each bitmap +/* Comments from reserve two extra entry for the stock default bitmap this is what Windows does too + * and verify if it is true it is not. in XP/2003 it is 22 stockobjects for each bitmap */ -#define NB_STOCK_OBJECTS (STOCK_LAST + 3) +#define NB_STOCK_OBJECTS (PRV_STOCK_LAST)
static HGDIOBJ StockObjects[NB_STOCK_OBJECTS];
@@ -139,6 +139,7 @@ StockObjects[DC_PEN] = IntGdiExtCreatePen(BlackPen.lopnStyle, BlackPen.lopnWidth.x, BS_SOLID, BlackPen.lopnColor, 0, 0, 0, NULL, 0, TRUE, NULL); StockObjects[NULL_PEN] = IntGdiExtCreatePen(NullPen.lopnStyle, NullPen.lopnWidth.x, BS_SOLID, NullPen.lopnColor, 0, 0, 0, NULL, 0, TRUE, NULL);
+ StockObjects[20] = NULL; StockObjects[DC_BITMAP] = IntGdiCreateBitmap (1, 1, 1, 1, NULL);
(void) TextIntCreateFontIndirect(&OEMFixedFont, (HFONT*)&StockObjects[OEM_FIXED_FONT]);