3 Mar
2022
3 Mar
'22
12:43 a.m.
https://git.reactos.org/?p=reactos.git;a=commitdiff;h=cfeb498e4f2ed0eaef6d2…
commit cfeb498e4f2ed0eaef6d29cd4332c60120347b10
Author: Katayama Hirofumi MZ <katayama.hirofumi.mz(a)gmail.com>
AuthorDate: Thu Mar 3 09:43:05 2022 +0900
Commit: GitHub <noreply(a)github.com>
CommitDate: Thu Mar 3 09:43:05 2022 +0900
[NTUSER][IMM32] Fix ValidateHandleNoErr (#4377)
- Add DesktopPtrToUser helper function.
- Fix imm32.ValidateHandleNoErr function.
- Use DesktopHeapAlloc to allocate the IMC, instead of ExAllocatePoolWithTag.
- Use DesktopHeapFree to free the IMC, instead of ExFreePoolWithTag.
CORE-11700, CORE-18049
---
dll/win32/imm32/utils.c | 27 ++++++++++++++++++++++++---
win32ss/user/ntuser/ime.c | 11 ++++++++---
2 files changed, 32 insertions(+), 6 deletions(-)
diff --git a/dll/win32/imm32/utils.c b/dll/win32/imm32/utils.c
index 8c3d8ad3c11..e96f80528ae 100644
--- a/dll/win32/imm32/utils.c
+++ b/dll/win32/imm32/utils.c
@@ -149,12 +149,26 @@ VOID APIENTRY LogFontWideToAnsi(const LOGFONTW *plfW, LPLOGFONTA
plfA)
plfA->lfFaceName[cch] = 0;
}
+static PVOID FASTCALL DesktopPtrToUser(PVOID ptr)
+{
+ PCLIENTINFO pci = GetWin32ClientInfo();
+ PDESKTOPINFO pdi = pci->pDeskInfo;
+
+ ASSERT(ptr != NULL);
+ ASSERT(pdi != NULL);
+ if (pdi->pvDesktopBase <= ptr && ptr < pdi->pvDesktopLimit)
+ return (PVOID)((ULONG_PTR)ptr - pci->ulClientDelta);
+ else
+ return (PVOID)NtUserCallOneParam((DWORD_PTR)ptr,
ONEPARAM_ROUTINE_GETDESKTOPMAPPING);
+}
+
LPVOID FASTCALL ValidateHandleNoErr(HANDLE hObject, UINT uType)
{
- INT index;
+ UINT index;
PUSER_HANDLE_TABLE ht;
PUSER_HANDLE_ENTRY he;
WORD generation;
+ LPVOID ptr;
if (!NtUserValidateHandleSecure(hObject))
return NULL;
@@ -166,14 +180,21 @@ LPVOID FASTCALL ValidateHandleNoErr(HANDLE hObject, UINT uType)
he = (PUSER_HANDLE_ENTRY)((ULONG_PTR)ht->handles - g_SharedInfo.ulSharedDelta);
index = (LOWORD(hObject) - FIRST_USER_HANDLE) >> 1;
- if (index < 0 || ht->nb_handles <= index || he[index].type != uType)
+ if ((INT)index < 0 || ht->nb_handles <= index || he[index].type != uType)
+ return NULL;
+
+ if (he[index].flags & HANDLEENTRY_DESTROY)
return NULL;
generation = HIWORD(hObject);
if (generation != he[index].generation && generation && generation !=
0xFFFF)
return NULL;
- return &he[index];
+ ptr = he[index].ptr;
+ if (ptr)
+ ptr = DesktopPtrToUser(ptr);
+
+ return ptr;
}
PWND FASTCALL ValidateHwndNoErr(HWND hwnd)
diff --git a/win32ss/user/ntuser/ime.c b/win32ss/user/ntuser/ime.c
index f29f4e4cfa4..124e5667c88 100644
--- a/win32ss/user/ntuser/ime.c
+++ b/win32ss/user/ntuser/ime.c
@@ -1200,7 +1200,10 @@ AllocInputContextObject(PDESKTOP pDesk,
ASSERT(Size > sizeof(*ObjHead));
ASSERT(pti != NULL);
- ObjHead = ExAllocatePoolWithTag(PagedPool, Size, USERTAG_IME);
+ if (!pDesk)
+ pDesk = pti->rpdesk;
+
+ ObjHead = DesktopHeapAlloc(pDesk, Size);
if (!ObjHead)
return NULL;
@@ -1218,6 +1221,8 @@ AllocInputContextObject(PDESKTOP pDesk,
VOID UserFreeInputContext(PVOID Object)
{
+ PTHRDESKHEAD ObjHead = Object;
+ PDESKTOP pDesk = ObjHead->rpdesk;
PIMC pIMC = Object, *ppIMC;
PTHREADINFO pti;
@@ -1235,7 +1240,7 @@ VOID UserFreeInputContext(PVOID Object)
}
}
- ExFreePoolWithTag(pIMC, USERTAG_IME);
+ DesktopHeapFree(pDesk, Object);
pti->ppi->UserHandleCount--;
IntDereferenceThreadInfo(pti);
@@ -1250,7 +1255,7 @@ BOOLEAN UserDestroyInputContext(PVOID Object)
UserMarkObjectDestroy(pIMC);
- return UserDeleteObject(pIMC->head.h, TYPE_INPUTCONTEXT);
+ return UserDeleteObject(UserHMGetHandle(pIMC), TYPE_INPUTCONTEXT);
}
BOOL NTAPI NtUserDestroyInputContext(HIMC hIMC)
978
days inactive
978
days old
0 comments
1 participants
participants (1)
-
Katayama Hirofumi MZ