[ros-diffs] [greatlrd] 33415: fixing a memory overwrite bug I miskate intrudes the private size of stackobject list contain 22 object, and we do not want mix up the private size and the user mode size for different version.

Author: greatlrd Date: Sat May 10 13:07:41 2008 New Revision: 33415 URL: http://svn.reactos.org/svn/reactos?rev=33415&view=rev Log: fixing a memory overwrite bug I miskate intrudes the private size of stackobject list contain 22 object, and we do not want mix up the private size and the user mode size for different version. Modified: trunk/reactos/subsystems/win32/win32k/include/object.h trunk/reactos/subsystems/win32/win32k/objects/stockobj.c Modified: trunk/reactos/subsystems/win32/win32k/include/object.h URL: http://svn.reactos.org/svn/reactos/trunk/reactos/subsystems/win32/win32k/in… ============================================================================== --- trunk/reactos/subsystems/win32/win32k/include/object.h [iso-8859-1] (original) +++ trunk/reactos/subsystems/win32/win32k/include/object.h [iso-8859-1] Sat May 10 13:07:41 2008 @@ -8,6 +8,10 @@ #define FIRST_USER_HANDLE 0x0020 /* first possible value for low word of user handle */ #define LAST_USER_HANDLE 0xffef /* last possible value for low word of user handle */ +/* Comments from reserve two extra entry for the stock default bitmap this is what Windows does too + * and verify if it is true it is not. in XP/2003 it is 22 stockobjects for each bitmap + */ +#define PRV_STOCK_LAST 22 #define USER_HEADER_TO_BODY(ObjectHeader) \ ((PVOID)(((PUSER_OBJECT_HEADER)ObjectHeader) + 1)) Modified: trunk/reactos/subsystems/win32/win32k/objects/stockobj.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/subsystems/win32/win32k/ob… ============================================================================== --- trunk/reactos/subsystems/win32/win32k/objects/stockobj.c [iso-8859-1] (original) +++ trunk/reactos/subsystems/win32/win32k/objects/stockobj.c [iso-8859-1] Sat May 10 13:07:41 2008 @@ -107,10 +107,10 @@ { 11, 0, 0, 0, FW_NORMAL, FALSE, FALSE, FALSE, ANSI_CHARSET, 0, 0, DEFAULT_QUALITY, VARIABLE_PITCH | FF_SWISS, L"MS Sans Serif" }; //Bitstream Vera Sans -/* Comments from wine reserve two extra entry for the stock default bitmap this is what Windows does too - * and verify if it it is true it is not. in XP/2003 it is 22 stockobjects for each bitmap +/* Comments from reserve two extra entry for the stock default bitmap this is what Windows does too + * and verify if it is true it is not. in XP/2003 it is 22 stockobjects for each bitmap */ -#define NB_STOCK_OBJECTS (STOCK_LAST + 3) +#define NB_STOCK_OBJECTS (PRV_STOCK_LAST) static HGDIOBJ StockObjects[NB_STOCK_OBJECTS]; @@ -139,6 +139,7 @@ StockObjects[DC_PEN] = IntGdiExtCreatePen(BlackPen.lopnStyle, BlackPen.lopnWidth.x, BS_SOLID, BlackPen.lopnColor, 0, 0, 0, NULL, 0, TRUE, NULL); StockObjects[NULL_PEN] = IntGdiExtCreatePen(NullPen.lopnStyle, NullPen.lopnWidth.x, BS_SOLID, NullPen.lopnColor, 0, 0, 0, NULL, 0, TRUE, NULL); + StockObjects[20] = NULL; StockObjects[DC_BITMAP] = IntGdiCreateBitmap (1, 1, 1, 1, NULL); (void) TextIntCreateFontIndirect(&OEMFixedFont, (HFONT*)&StockObjects[OEM_FIXED_FONT]);