[tkreuzer] 58434: [WIN32K] - Fix a bug in EngLoadModuleEx - Fix a bug in co_IntLoadSysMenuTemplate - Fix / improve a number of annotations - Improve code in NtGdiExtGetObjectW - Check return value ... - Ros-diffs

5 Mar 2013

Author: tkreuzer
Date: Tue Mar  5 08:47:51 2013
New Revision: 58434
URL: http://svn.reactos.org/svn/reactos?rev=58434&view=rev
Log:
[WIN32K]
- Fix a bug in EngLoadModuleEx
- Fix a bug in co_IntLoadSysMenuTemplate
- Fix / improve a number of annotations
- Improve code in NtGdiExtGetObjectW
- Check return value of ZwAllocateVirtualMemory and handle error in GdiPoolAllocate
- Fix possible memory leaks in NtGdiPolyDraw
- Check for NtGdiExtCreatePen == NULL instead of passing it to ProbeForRead in NtGdiExtCreatePen
- Simplify code in NtGdiGetTextMetricsW
- Fix a number of format specifiers
Modified:
    trunk/reactos/include/psdk/ntgdi.h
    trunk/reactos/win32ss/gdi/eng/bitblt.c
    trunk/reactos/win32ss/gdi/eng/engevent.c
    trunk/reactos/win32ss/gdi/eng/float.c
    trunk/reactos/win32ss/gdi/eng/mapping.c
    trunk/reactos/win32ss/gdi/eng/surface.c
    trunk/reactos/win32ss/gdi/eng/xlateobj.c
    trunk/reactos/win32ss/gdi/eng/xlateobj.h
    trunk/reactos/win32ss/gdi/ntgdi/gdiobj.c
    trunk/reactos/win32ss/gdi/ntgdi/gdipool.c
    trunk/reactos/win32ss/gdi/ntgdi/line.c
    trunk/reactos/win32ss/gdi/ntgdi/pen.c
    trunk/reactos/win32ss/gdi/ntgdi/text.c
    trunk/reactos/win32ss/reactx/ntddraw/dxeng.c
    trunk/reactos/win32ss/user/ntuser/callback.c
Modified: trunk/reactos/include/psdk/ntgdi.h
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/include/psdk/ntgdi.h?rev=58...
==============================================================================

--- trunk/reactos/include/psdk/ntgdi.h [iso-8859-1] (original)
+++ trunk/reactos/include/psdk/ntgdi.h [iso-8859-1] Tue Mar  5 08:47:51 2013
@@ -1169,6 +1169,7 @@
 NtGdiGetColorSpaceforBitmap(
     _In_ HBITMAP hsurf);
+_Success_(return != FALSE)
 W32KAPI
 BOOL
 APIENTRY
@@ -2253,6 +2254,7 @@
     _Out_ LPSIZE psize,
     _In_ UINT flOpts);
+_Success_(return != FALSE)
 W32KAPI
 BOOL
 APIENTRY
@@ -2372,6 +2374,7 @@
     _In_ INT y,
     _Out_opt_ LPPOINT pptOut);
+_Success_(return != 0)
 W32KAPI
 INT
 APIENTRY
Modified: trunk/reactos/win32ss/gdi/eng/bitblt.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/win32ss/gdi/eng/bitblt.c?re...
==============================================================================
--- trunk/reactos/win32ss/gdi/eng/bitblt.c [iso-8859-1] (original)
+++ trunk/reactos/win32ss/gdi/eng/bitblt.c [iso-8859-1] Tue Mar  5 08:47:51 2013
@@ -305,10 +305,10 @@
     _In_opt_ CLIPOBJ *pco,
     _In_opt_ XLATEOBJ *pxlo,
     _In_ RECTL *prclTrg,
-    _When_(psoSrc, _In_) POINTL *pptlSrc,
-    _When_(psoMask, _In_) POINTL *pptlMask,
+    _In_opt_ POINTL *pptlSrc,
+    _In_opt_ POINTL *pptlMask,
     _In_opt_ BRUSHOBJ *pbo,
-    _When_(pbo, _In_) POINTL *pptlBrush,
+    _In_opt_ POINTL *pptlBrush,
     _In_ ROP4 rop4)
 {
     BYTE               clippingType;
Modified: trunk/reactos/win32ss/gdi/eng/engevent.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/win32ss/gdi/eng/engevent.c?...
==============================================================================
--- trunk/reactos/win32ss/gdi/eng/engevent.c [iso-8859-1] (original)
+++ trunk/reactos/win32ss/gdi/eng/engevent.c [iso-8859-1] Tue Mar  5 08:47:51 2013
@@ -15,10 +15,12 @@
/* PUBLIC FUNCTIONS ***********************************************************/
+_Must_inspect_result_
+_Success_(return != FALSE)
 BOOL
 APIENTRY
 EngCreateEvent(
-    _Deref_out_opt_ PEVENT* Event)
+    _Outptr_ PEVENT *ppEvent)
 {
     BOOLEAN Result = TRUE;
     PENG_EVENT EngEvent;
@@ -39,7 +41,7 @@
                           FALSE);
/* Pass pointer to our structure to the caller */
-        *Event = EngEvent;
+        *ppEvent = EngEvent;
         DPRINT("EngCreateEvent() created %p\n", EngEvent);
     }
     else
Modified: trunk/reactos/win32ss/gdi/eng/float.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/win32ss/gdi/eng/float.c?rev...
==============================================================================
--- trunk/reactos/win32ss/gdi/eng/float.c [iso-8859-1] (original)
+++ trunk/reactos/win32ss/gdi/eng/float.c [iso-8859-1] Tue Mar  5 08:47:51 2013
@@ -18,7 +18,7 @@
 BOOL
 APIENTRY
 EngRestoreFloatingPointState(
-    _In_ VOID *Buffer)
+    PVOID Buffer)
 {
     NTSTATUS Status;
@@ -34,7 +34,7 @@
 ULONG
 APIENTRY
 EngSaveFloatingPointState(
-    VOID *Buffer,
+    PVOID Buffer,
     ULONG BufferSize)
 {
     KFLOATING_SAVE TempBuffer;
Modified: trunk/reactos/win32ss/gdi/eng/mapping.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/win32ss/gdi/eng/mapping.c?r...
==============================================================================
--- trunk/reactos/win32ss/gdi/eng/mapping.c [iso-8859-1] (original)
+++ trunk/reactos/win32ss/gdi/eng/mapping.c [iso-8859-1] Tue Mar  5 08:47:51 2013
@@ -393,7 +393,7 @@
     Status = MmCreateSection(&pFileView->pSection,
                              SECTION_ALL_ACCESS,
                              NULL,
-                             cjSizeOfModule ? &liSize : NULL,
+                             &liSize,
                              fl & FVF_READONLY ? PAGE_EXECUTE_READ : PAGE_EXECUTE_READWRITE,
                              SEC_COMMIT,
                              hFile,
Modified: trunk/reactos/win32ss/gdi/eng/surface.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/win32ss/gdi/eng/surface.c?r...
==============================================================================
--- trunk/reactos/win32ss/gdi/eng/surface.c [iso-8859-1] (original)
+++ trunk/reactos/win32ss/gdi/eng/surface.c [iso-8859-1] Tue Mar  5 08:47:51 2013
@@ -279,7 +279,7 @@
     _In_ LONG lWidth,
     _In_ ULONG iFormat,
     _In_ ULONG fl,
-    _In_ PVOID pvBits)
+    _In_opt_ PVOID pvBits)
 {
     PSURFACE psurf;
     HBITMAP hbmp;
@@ -479,7 +479,7 @@
 BOOL
 APIENTRY
 EngDeleteSurface(
-    _In_ HSURF hsurf)
+    _In_ _Post_ptr_invalid_ HSURF hsurf)
 {
     PSURFACE psurf;
@@ -537,7 +537,7 @@
 VOID
 APIENTRY
 EngUnlockSurface(
-    _In_ SURFOBJ *pso)
+    _In_ _Post_ptr_invalid_ SURFOBJ *pso)
 {
     if (pso != NULL)
     {
Modified: trunk/reactos/win32ss/gdi/eng/xlateobj.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/win32ss/gdi/eng/xlateobj.c?...
==============================================================================
--- trunk/reactos/win32ss/gdi/eng/xlateobj.c [iso-8859-1] (original)
+++ trunk/reactos/win32ss/gdi/eng/xlateobj.c [iso-8859-1] Tue Mar  5 08:47:51 2013
@@ -11,7 +11,7 @@
 #define NDEBUG
 #include <debug.h>
-_Always_(_Post_satisfies_(return==iColor))
+_Post_satisfies_(return==iColor)
 _Function_class_(FN_XLATE)
 ULONG
 FASTCALL
@@ -38,7 +38,7 @@
/** iXlate functions **********************************************************/
-_Always_(_Post_satisfies_(return==iColor))
+_Post_satisfies_(return==iColor)
 _Function_class_(FN_XLATE)
 ULONG
 FASTCALL
Modified: trunk/reactos/win32ss/gdi/eng/xlateobj.h
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/win32ss/gdi/eng/xlateobj.h?...
==============================================================================
--- trunk/reactos/win32ss/gdi/eng/xlateobj.h [iso-8859-1] (original)
+++ trunk/reactos/win32ss/gdi/eng/xlateobj.h [iso-8859-1] Tue Mar  5 08:47:51 2013
@@ -58,8 +58,8 @@
 NTAPI
 EXLATEOBJ_vInitialize(
     _Out_ PEXLATEOBJ pexlo,
-    _In_ PPALETTE ppalSrc,
-    _In_ PPALETTE ppalDst,
+    _In_opt_ PPALETTE ppalSrc,
+    _In_opt_ PPALETTE ppalDst,
     _In_ COLORREF crSrcBackColor,
     _In_ COLORREF crDstBackColor,
     _In_ COLORREF crDstForeColor);
Modified: trunk/reactos/win32ss/gdi/ntgdi/gdiobj.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/win32ss/gdi/ntgdi/gdiobj.c?...
==============================================================================
--- trunk/reactos/win32ss/gdi/ntgdi/gdiobj.c [iso-8859-1] (original)
+++ trunk/reactos/win32ss/gdi/ntgdi/gdiobj.c [iso-8859-1] Tue Mar  5 08:47:51 2013
@@ -1066,11 +1066,10 @@
 APIENTRY
 NtGdiExtGetObjectW(
     IN HANDLE hobj,
-    IN INT cbCount,
+    IN INT cjBufferSize,
     OUT LPVOID lpBuffer)
 {
-    INT iRetCount = 0;
-    INT cbCopyCount;
+    UINT iResult, cjMaxSize;
     union
     {
         BITMAP bitmap;
@@ -1083,33 +1082,33 @@
     } object;
/* Normalize to the largest supported object size */
-    cbCount = min((UINT)cbCount, sizeof(object));
+    cjMaxSize = min((UINT)cjBufferSize, sizeof(object));
/* Now do the actual call */
-    iRetCount = GreGetObject(hobj, cbCount, lpBuffer ? &object : NULL);
-    cbCopyCount = min((UINT)cbCount, (UINT)iRetCount);
-
-    /* Make sure we have a buffer and a copy size */
-    if ((cbCopyCount) && (lpBuffer))
+    iResult = GreGetObject(hobj, cjMaxSize, lpBuffer ? &object : NULL);
+
+    /* Check if we have a buffer and data */
+    if ((lpBuffer != NULL) && (iResult != 0))
     {
         /* Enter SEH for buffer transfer */
         _SEH2_TRY
         {
             /* Probe the buffer and copy it */
-            ProbeForWrite(lpBuffer, cbCopyCount, sizeof(WORD));
-            RtlCopyMemory(lpBuffer, &object, cbCopyCount);
+            cjMaxSize = min(cjMaxSize, iResult);
+            ProbeForWrite(lpBuffer, cjMaxSize, sizeof(WORD));
+            RtlCopyMemory(lpBuffer, &object, cjMaxSize);
         }
         _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
         {
             /* Clear the return value.
              * Do *NOT* set last error here! */
-            iRetCount = 0;
+            iResult = 0;
         }
         _SEH2_END;
     }
/* Return the count */
-    return iRetCount;
+    return iResult;
 }
W32KAPI
Modified: trunk/reactos/win32ss/gdi/ntgdi/gdipool.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/win32ss/gdi/ntgdi/gdipool.c...
==============================================================================
--- trunk/reactos/win32ss/gdi/ntgdi/gdipool.c [iso-8859-1] (original)
+++ trunk/reactos/win32ss/gdi/ntgdi/gdipool.c [iso-8859-1] Tue Mar  5 08:47:51 2013
@@ -127,6 +127,7 @@
     PLIST_ENTRY ple;
     PVOID pvAlloc, pvBaseAddress;
     SIZE_T cjSize;
+    NTSTATUS status;
/* Disable APCs and acquire the pool lock */
     KeEnterCriticalRegion();
@@ -191,12 +192,17 @@
         /* Commit the pages */
         pvBaseAddress = PAGE_ALIGN(pvAlloc);
         cjSize = ADDRESS_AND_SIZE_TO_SPAN_PAGES(pvAlloc, pPool->cjAllocSize) * PAGE_SIZE;
-        ZwAllocateVirtualMemory(NtCurrentProcess(),
-                                &pvBaseAddress,
-                                0,
-                                &cjSize,
-                                MEM_COMMIT,
-                                PAGE_READWRITE);
+        status = ZwAllocateVirtualMemory(NtCurrentProcess(),
+                                         &pvBaseAddress,
+                                         0,
+                                         &cjSize,
+                                         MEM_COMMIT,
+                                         PAGE_READWRITE);
+        if (!NT_SUCCESS(status))
+        {
+            pvAlloc = NULL;
+            goto done;
+        }
pSection->ulCommitBitmap |= ulPageBit;
     }
Modified: trunk/reactos/win32ss/gdi/ntgdi/line.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/win32ss/gdi/ntgdi/line.c?re...
==============================================================================
--- trunk/reactos/win32ss/gdi/ntgdi/line.c [iso-8859-1] (original)
+++ trunk/reactos/win32ss/gdi/ntgdi/line.c [iso-8859-1] Tue Mar  5 08:47:51 2013
@@ -420,7 +420,8 @@
 {
     PDC dc;
     PDC_ATTR pdcattr;
-    POINT *line_pts = NULL, *line_pts_old, *bzr_pts = NULL, bzr[4];
+    POINT bzr[4];
+    volatile PPOINT line_pts, line_pts_old, bzr_pts;
     INT num_pts, num_bzr_pts, space, space_old, size;
     ULONG i;
     BOOL result = FALSE;
@@ -440,6 +441,10 @@
        DC_UnlockDc(dc);
        return TRUE;
     }
+
+    line_pts = NULL;
+    line_pts_old = NULL;
+    bzr_pts = NULL;
_SEH2_TRY
     {
@@ -475,6 +480,12 @@
space = cCount + 300;
         line_pts = ExAllocatePoolWithTag(PagedPool, space * sizeof(POINT), TAG_SHAPE);
+        if (line_pts == NULL)
+        {
+            result = FALSE;
+            _SEH2_LEAVE;
+        }
+
         num_pts = 1;
line_pts[0].x = pdcattr->ptlCurrent.x;
@@ -510,10 +521,12 @@
                       if (!line_pts) _SEH2_LEAVE;
                       RtlCopyMemory(line_pts, line_pts_old, space_old * sizeof(POINT));
                       ExFreePoolWithTag(line_pts_old, TAG_SHAPE);
+                      line_pts_old = NULL;
                    }
                    RtlCopyMemory( &line_pts[num_pts], &bzr_pts[1], (num_bzr_pts - 1) * sizeof(POINT) );
                    num_pts += num_bzr_pts - 1;
                    ExFreePoolWithTag(bzr_pts, TAG_BEZIER);
+                   bzr_pts = NULL;
                }
                i += 2;
                break;
@@ -523,14 +536,28 @@
if (num_pts >= 2) IntGdiPolyline( dc, line_pts, num_pts );
         IntGdiMoveToEx( dc, line_pts[num_pts - 1].x, line_pts[num_pts - 1].y, NULL, TRUE );
+        result = TRUE;
+    }
+    _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
+    {
+        SetLastNtError(_SEH2_GetExceptionCode());
+    }
+    _SEH2_END;
+
+    if (line_pts != NULL)
+    {
         ExFreePoolWithTag(line_pts, TAG_SHAPE);
-        result = TRUE;
-    }
-    _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
-    {
-        SetLastNtError(_SEH2_GetExceptionCode());
-    }
-    _SEH2_END;
+    }
+
+    if ((line_pts_old != NULL) && (line_pts_old != line_pts))
+    {
+        ExFreePoolWithTag(line_pts_old, TAG_SHAPE);
+    }
+
+    if (bzr_pts != NULL)
+    {
+        ExFreePoolWithTag(bzr_pts, TAG_BEZIER);
+    }
DC_UnlockDc(dc);
Modified: trunk/reactos/win32ss/gdi/ntgdi/pen.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/win32ss/gdi/ntgdi/pen.c?rev...
==============================================================================
--- trunk/reactos/win32ss/gdi/ntgdi/pen.c [iso-8859-1] (original)
+++ trunk/reactos/win32ss/gdi/ntgdi/pen.c [iso-8859-1] Tue Mar  5 08:47:51 2013
@@ -312,6 +312,12 @@
if (dwStyleCount > 0)
     {
+        if (pUnsafeStyle == NULL)
+        {
+            EngSetLastError(ERROR_INVALID_PARAMETER);
+            return 0;
+        }
+
         pSafeStyle = ExAllocatePoolWithTag(NonPagedPool,
                                            dwStyleCount * sizeof(DWORD),
                                            GDITAG_PENSTYLE);
Modified: trunk/reactos/win32ss/gdi/ntgdi/text.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/win32ss/gdi/ntgdi/text.c?re...
==============================================================================
--- trunk/reactos/win32ss/gdi/ntgdi/text.c [iso-8859-1] (original)
+++ trunk/reactos/win32ss/gdi/ntgdi/text.c [iso-8859-1] Tue Mar  5 08:47:51 2013
@@ -523,11 +523,9 @@
 NtGdiGetTextMetricsW(
     IN HDC hDC,
     OUT TMW_INTERNAL * pUnsafeTmwi,
-    IN ULONG cj
-)
+    IN ULONG cj)
 {
     TMW_INTERNAL Tmwi;
-    NTSTATUS Status = STATUS_SUCCESS;
if ( cj <= sizeof(TMW_INTERNAL) )
     {
@@ -540,15 +538,11 @@
             }
             _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
             {
-                Status = _SEH2_GetExceptionCode();
+                SetLastNtError(_SEH2_GetExceptionCode());
+                return FALSE;
             }
             _SEH2_END
-            if (!NT_SUCCESS(Status))
-            {
-                SetLastNtError(Status);
-                return FALSE;
-            }
             return TRUE;
         }
     }
Modified: trunk/reactos/win32ss/reactx/ntddraw/dxeng.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/win32ss/reactx/ntddraw/dxen...
==============================================================================
--- trunk/reactos/win32ss/reactx/ntddraw/dxeng.c [iso-8859-1] (original)
+++ trunk/reactos/win32ss/reactx/ntddraw/dxeng.c [iso-8859-1] Tue Mar  5 08:47:51 2013
@@ -286,7 +286,7 @@
     DPRINT1("ReactX Calling : DxEngGetHdevData DXEGSHDEVDATA : %ld\n", Type);
#if 1
-    DPRINT1("HDEV hDev %08lx\n", hDev);
+    DPRINT1("HDEV hDev %p\n", hDev);
 #endif
switch ( Type )
@@ -454,7 +454,7 @@
     PDC pDC = DC_LockDc(hDC);
     DWORD_PTR retVal = 0;
-    DPRINT1("ReactX Calling : DxEngGetDCState type : %ld\n", type);
+    DPRINT1("ReactX Calling : DxEngGetDCState type : %lu\n", type);
if (pDC)
     {
@@ -474,7 +474,7 @@
             }
             default:
                 /* If a valid type is not found, zero is returned */
-                DPRINT1("Warning: did not find type %d\n",type);
+                DPRINT1("Warning: did not find type %lu\n", type);
                 break;
         }
         DC_UnlockDc(pDC);
@@ -531,7 +531,7 @@
DPRINT1("ReactX Calling : DxEngLockHdev \n");
-    DPRINT1("hDev                   : 0x%08lx\n",hDev);
+    DPRINT1("hDev                   : 0x%p\n",hDev);
Resource = (PERESOURCE)ppdev->hsemDevLock;
Modified: trunk/reactos/win32ss/user/ntuser/callback.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/win32ss/user/ntuser/callbac...
==============================================================================
--- trunk/reactos/win32ss/user/ntuser/callback.c [iso-8859-1] (original)
+++ trunk/reactos/win32ss/user/ntuser/callback.c [iso-8859-1] Tue Mar  5 08:47:51 2013
@@ -382,7 +382,7 @@
    UserLeaveCo();
Status = KeUserModeCallback(USER32_CALLBACK_LOADSYSMENUTEMPLATE,
-                               NULL,
+                               &ResultPointer,
                                0,
                                &ResultPointer,
                                &ResultLength);

    