Author: hbelusca Date: Tue Jun 7 22:52:44 2016 New Revision: 71591
URL: http://svn.reactos.org/svn/reactos?rev=71591&view=rev Log: [CONSRV] - Remove a wrong assertion that I introduced in r70281 concerning Console->LinePos. - Fix some boundary conditions. - Completely reset line discipline variables when the line buffer is freed. - Fix a potential buffer overrun in the case ReadControl->nInitialChars was larger than Console->LineMaxSize (the size of Console->LineBuffer), which serves to initialize Console->LineSize, Console->LinePos, and copy nInitialChars characters from user buffer. CORE-11380 CORE-10997 #resolve
Modified: trunk/reactos/win32ss/user/winsrv/consrv/frontends/terminal.c
Modified: trunk/reactos/win32ss/user/winsrv/consrv/frontends/terminal.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/win32ss/user/winsrv/consrv/... ============================================================================== --- trunk/reactos/win32ss/user/winsrv/consrv/frontends/terminal.c [iso-8859-1] (original) +++ trunk/reactos/win32ss/user/winsrv/consrv/frontends/terminal.c [iso-8859-1] Tue Jun 7 22:52:44 2016 @@ -330,7 +330,13 @@ { /* Start a new line */ Console->LineMaxSize = max(256, NumCharsToRead); - ASSERT(ReadControl->nInitialChars <= Console->LineMaxSize); + + /* + * Fixup ReadControl->nInitialChars in case the number of initial + * characters is bigger than the number of characters to be read. + * It will always be, lesser than or equal to Console->LineMaxSize. + */ + ReadControl->nInitialChars = min(ReadControl->nInitialChars, NumCharsToRead);
Console->LineBuffer = ConsoleAllocHeap(0, Console->LineMaxSize * sizeof(WCHAR)); if (Console->LineBuffer == NULL) return STATUS_NO_MEMORY; @@ -346,7 +352,7 @@ * worry about ANSI <-> Unicode conversion. */ memcpy(Console->LineBuffer, Buffer, Console->LineSize * sizeof(WCHAR)); - if (Console->LineSize == Console->LineMaxSize) + if (Console->LineSize >= Console->LineMaxSize) { Console->LineComplete = TRUE; Console->LinePos = 0; @@ -356,7 +362,7 @@ /* If we don't have a complete line yet, process the pending input */ while (!Console->LineComplete && !IsListEmpty(&InputBuffer->InputEvents)) { - /* Remove input event from queue */ + /* Remove an input event from the queue */ CurrentEntry = RemoveHeadList(&InputBuffer->InputEvents); if (IsListEmpty(&InputBuffer->InputEvents)) { @@ -378,12 +384,14 @@ /* Check if we have a complete line to read from */ if (Console->LineComplete) { - // NOTE: I want to check whether we always set LinePos to zero - // when LineComplete is set to TRUE. - // Basically, we are going to use LinePos as 'i'. - ASSERT(Console->LinePos == 0); - - while (i < NumCharsToRead && Console->LinePos != Console->LineSize) + /* + * Console->LinePos keeps the next position of the character to read + * in the line buffer across the different calls of the function, + * so that the line buffer can be read by chunks after all the input + * has been buffered. + */ + + while (i < NumCharsToRead && Console->LinePos < Console->LineSize) { WCHAR Char = Console->LineBuffer[Console->LinePos++];
@@ -398,11 +406,14 @@ ++i; }
- if (Console->LinePos == Console->LineSize) - { - /* Entire line has been read */ + if (Console->LinePos >= Console->LineSize) + { + /* The entire line has been read */ ConsoleFreeHeap(Console->LineBuffer); Console->LineBuffer = NULL; + Console->LinePos = Console->LineMaxSize = Console->LineSize = 0; + // Console->LineComplete = Console->LineUpPressed = FALSE; + Console->LineComplete = FALSE; }
Status = STATUS_SUCCESS; @@ -415,7 +426,7 @@ /* Character input */ while (i < NumCharsToRead && !IsListEmpty(&InputBuffer->InputEvents)) { - /* Remove input event from queue */ + /* Remove an input event from the queue */ CurrentEntry = RemoveHeadList(&InputBuffer->InputEvents); if (IsListEmpty(&InputBuffer->InputEvents)) {