[ros-diffs] [fireball] 49110: [ADVAPI32] - Katayama Hirofumi: Use DataLength field in RegEnumValueW instead of DataOffset. - Roel Messiant: Test behaviour in Vista and apply same fix to RegEnumValueA. See issu...

Author: fireball Date: Mon Oct 11 07:47:52 2010 New Revision: 49110 URL: http://svn.reactos.org/svn/reactos?rev=49110&view=rev Log: [ADVAPI32] - Katayama Hirofumi: Use DataLength field in RegEnumValueW instead of DataOffset. - Roel Messiant: Test behaviour in Vista and apply same fix to RegEnumValueA. See issue #2492 for more details. Modified: trunk/reactos/dll/win32/advapi32/reg/reg.c Modified: trunk/reactos/dll/win32/advapi32/reg/reg.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/advapi32/reg/reg… ============================================================================== --- trunk/reactos/dll/win32/advapi32/reg/reg.c [iso-8859-1] (original) +++ trunk/reactos/dll/win32/advapi32/reg/reg.c [iso-8859-1] Mon Oct 11 07:47:52 2010 @@ -2793,14 +2793,14 @@ status = NtEnumerateValueKey( KeyHandle, index, KeyValueFullInformation, buffer, total_size, &total_size ); - if (status && status != STATUS_BUFFER_OVERFLOW) goto done; + if (status && (status != STATUS_BUFFER_OVERFLOW) && (status != STATUS_BUFFER_TOO_SMALL)) goto done; /* we need to fetch the contents for a string type even if not requested, * because we need to compute the length of the ASCII string. */ if (value || data || is_string(info->Type)) { /* retry with a dynamically allocated buffer */ - while (status == STATUS_BUFFER_OVERFLOW) + while ((status == STATUS_BUFFER_OVERFLOW) || (status == STATUS_BUFFER_TOO_SMALL)) { if (buf_ptr != buffer) HeapFree( GetProcessHeap(), 0, buf_ptr ); if (!(buf_ptr = HeapAlloc( GetProcessHeap(), 0, total_size ))) @@ -2819,14 +2819,14 @@ { ULONG len; RtlUnicodeToMultiByteSize( &len, (WCHAR *)(buf_ptr + info->DataOffset), - total_size - info->DataOffset ); + info->DataLength ); if (data && len) { if (len > *count) status = STATUS_BUFFER_OVERFLOW; else { RtlUnicodeToMultiByteN( (PCHAR)data, len, NULL, (WCHAR *)(buf_ptr + info->DataOffset), - total_size - info->DataOffset ); + info->DataLength ); /* if the type is REG_SZ and data is not 0-terminated * and there is enough space in the buffer NT appends a \0 */ if (len < *count && data[len-1]) data[len] = 0; @@ -2836,8 +2836,8 @@ } else if (data) { - if (total_size - info->DataOffset > *count) status = STATUS_BUFFER_OVERFLOW; - else memcpy( data, buf_ptr + info->DataOffset, total_size - info->DataOffset ); + if (info->DataLength > *count) status = STATUS_BUFFER_OVERFLOW; + else memcpy( data, buf_ptr + info->DataOffset, info->DataLength ); } if (value && !status) @@ -2962,17 +2962,17 @@ if (data) { - if (total_size - info->DataOffset > *count) + if (info->DataLength > *count) { status = STATUS_BUFFER_OVERFLOW; goto overflow; } - memcpy( data, buf_ptr + info->DataOffset, total_size - info->DataOffset ); - if (total_size - info->DataOffset <= *count-sizeof(WCHAR) && is_string(info->Type)) + memcpy( data, buf_ptr + info->DataOffset, info->DataLength ); + if (is_string(info->Type) && info->DataLength <= *count - sizeof(WCHAR)) { /* if the type is REG_SZ and data is not 0-terminated * and there is enough space in the buffer NT appends a \0 */ - WCHAR *ptr = (WCHAR *)(data + total_size - info->DataOffset); + WCHAR *ptr = (WCHAR *)(data + info->DataLength); if (ptr > (WCHAR *)data && ptr[-1]) *ptr = 0; } }