Author: tkreuzer Date: Tue Dec 18 21:44:58 2012 New Revision: 57948 URL: http://svn.reactos.org/svn/reactos?rev=57948&view=rev Log: [WIN32K] - Add/improve some annotations - Improve code in EngpGetPDEV and NtGdiGetRegionData - Simplify SEH exception handling - Fix possible NULL pointer dereferences - Fix wrong variable usage in UnpackParam - Fix a possible bufer overrun - Check return value of ExAllocatePool and RtlCreateUnicodeString - Fix & vs && typo All detected with VS11 analyse Modified: trunk/reactos/include/psdk/ntgdi.h trunk/reactos/win32ss/gdi/eng/pdevobj.c trunk/reactos/win32ss/gdi/eng/pdevobj.h trunk/reactos/win32ss/gdi/eng/xlateobj.c trunk/reactos/win32ss/gdi/eng/xlateobj.h trunk/reactos/win32ss/gdi/ntgdi/cliprgn.c trunk/reactos/win32ss/gdi/ntgdi/coord.c trunk/reactos/win32ss/gdi/ntgdi/dibobj.c trunk/reactos/win32ss/gdi/ntgdi/region.c trunk/reactos/win32ss/include/ntuser.h trunk/reactos/win32ss/user/ntuser/class.c trunk/reactos/win32ss/user/ntuser/class.h trunk/reactos/win32ss/user/ntuser/cursoricon.c trunk/reactos/win32ss/user/ntuser/desktop.c trunk/reactos/win32ss/user/ntuser/focus.c trunk/reactos/win32ss/user/ntuser/hook.c trunk/reactos/win32ss/user/ntuser/kbdlayout.c trunk/reactos/win32ss/user/ntuser/keyboard.c trunk/reactos/win32ss/user/ntuser/menu.c trunk/reactos/win32ss/user/ntuser/menu.h trunk/reactos/win32ss/user/ntuser/message.c trunk/reactos/win32ss/user/ntuser/monitor.c trunk/reactos/win32ss/user/ntuser/msgqueue.c trunk/reactos/win32ss/user/ntuser/msgqueue.h trunk/reactos/win32ss/user/ntuser/scrollbar.c trunk/reactos/win32ss/user/ntuser/sysparams.c trunk/reactos/win32ss/user/ntuser/sysparams.h trunk/reactos/win32ss/user/ntuser/timer.c trunk/reactos/win32ss/user/ntuser/windc.c trunk/reactos/win32ss/user/ntuser/window.c trunk/reactos/win32ss/user/ntuser/winsta.c Modified: trunk/reactos/include/psdk/ntgdi.h URL: http://svn.reactos.org/svn/reactos/trunk/reactos/include/psdk/ntgdi.h?rev=5… ============================================================================== --- trunk/reactos/include/psdk/ntgdi.h [iso-8859-1] (original) +++ trunk/reactos/include/psdk/ntgdi.h [iso-8859-1] Tue Dec 18 21:44:58 2012 @@ -1996,6 +1996,7 @@ OUT DWORD *Result ); +_Success_(return!=FALSE) W32KAPI BOOL APIENTRY @@ -2046,6 +2047,7 @@ _In_ INT cxVirtualDevice, _In_ INT cyVirtualDevice); +_Success_(return !=FALSE) W32KAPI BOOL APIENTRY @@ -2508,6 +2510,7 @@ _In_ INT cx, _In_ INT cy); +_Success_(return!=ERROR) W32KAPI INT APIENTRY @@ -2523,6 +2526,7 @@ IN OUT LPRECT prcl ); +_Success_(return!=0) W32KAPI DWORD APIENTRY @@ -2559,13 +2563,14 @@ _In_ HDC hdc, _In_ UINT ui); -W32KAPI -DWORD +_Success_(return!=0) +W32KAPI +ULONG APIENTRY NtGdiGetRegionData( _In_ HRGN hrgn, - _In_ DWORD nCount, - _Out_opt_ LPRGNDATA lpRgnData); + _In_ ULONG cjBuffer, + _Out_opt_bytecap_(cjBuffer) LPRGNDATA lpRgnData); W32KAPI BOOL Modified: trunk/reactos/win32ss/gdi/eng/pdevobj.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/win32ss/gdi/eng/pdevobj.c?… ============================================================================== --- trunk/reactos/win32ss/gdi/eng/pdevobj.c [iso-8859-1] (original) +++ trunk/reactos/win32ss/gdi/eng/pdevobj.c [iso-8859-1] Tue Dec 18 21:44:58 2012 @@ -472,7 +472,7 @@ PPDEVOBJ NTAPI EngpGetPDEV( - _In_ PUNICODE_STRING pustrDeviceName) + _In_opt_ PUNICODE_STRING pustrDeviceName) { UNICODE_STRING ustrCurrent; PPDEVOBJ ppdev; @@ -481,37 +481,39 @@ /* Acquire PDEV lock */ EngAcquireSemaphore(ghsemPDEV); - /* If no device name is given, ... */ - if (!pustrDeviceName && gppdevPrimary) - { - /* ... use the primary PDEV */ + /* Did the caller pass a device name? */ + if (pustrDeviceName) + { + /* Loop all present PDEVs */ + for (ppdev = gppdevList; ppdev; ppdev = ppdev->ppdevNext) + { + /* Get a pointer to the GRAPHICS_DEVICE */ + pGraphicsDevice = ppdev->pGraphicsDevice; + + /* Compare the name */ + RtlInitUnicodeString(&ustrCurrent, pGraphicsDevice->szWinDeviceName); + if (RtlEqualUnicodeString(pustrDeviceName, &ustrCurrent, FALSE)) + { + /* Found! */ + break; + } + } + } + else + { + /* Otherwise use the primary PDEV */ ppdev = gppdevPrimary; - - /* Reference the pdev */ + } + + /* Did we find one? */ + if (ppdev) + { + /* Yes, reference the PDEV */ InterlockedIncrement(&ppdev->cPdevRefs); - goto leave; - } - - /* Loop all present PDEVs */ - for (ppdev = gppdevList; ppdev; ppdev = ppdev->ppdevNext) - { - /* Get a pointer to the GRAPHICS_DEVICE */ - pGraphicsDevice = ppdev->pGraphicsDevice; - - /* Compare the name */ - RtlInitUnicodeString(&ustrCurrent, pGraphicsDevice->szWinDeviceName); - if (RtlEqualUnicodeString(pustrDeviceName, &ustrCurrent, FALSE)) - { - /* Found! Reference the PDEV */ - InterlockedIncrement(&ppdev->cPdevRefs); - break; - } - } - - /* Did we find one? */ - if (!ppdev) - { - /* No, create a new PDEV */ + } + else + { + /* No, create a new PDEV for the given device */ ppdev = EngpCreatePDEV(pustrDeviceName, NULL); if (ppdev) { @@ -528,7 +530,6 @@ } } -leave: /* Release PDEV lock */ EngReleaseSemaphore(ghsemPDEV); Modified: trunk/reactos/win32ss/gdi/eng/pdevobj.h URL: http://svn.reactos.org/svn/reactos/trunk/reactos/win32ss/gdi/eng/pdevobj.h?… ============================================================================== --- trunk/reactos/win32ss/gdi/eng/pdevobj.h [iso-8859-1] (original) +++ trunk/reactos/win32ss/gdi/eng/pdevobj.h [iso-8859-1] Tue Dec 18 21:44:58 2012 @@ -161,7 +161,7 @@ PPDEVOBJ NTAPI EngpGetPDEV( - _In_ PUNICODE_STRING pustrDevice); + _In_opt_ PUNICODE_STRING pustrDevice); VOID NTAPI @@ -188,6 +188,6 @@ FASTCALL PDEVOBJ_sizl( _In_ PPDEVOBJ ppdev, - _In_ PSIZEL psizl); + _Out_ PSIZEL psizl); #endif /* !__WIN32K_PDEVOBJ_H */ Modified: trunk/reactos/win32ss/gdi/eng/xlateobj.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/win32ss/gdi/eng/xlateobj.c… ============================================================================== --- trunk/reactos/win32ss/gdi/eng/xlateobj.c [iso-8859-1] (original) +++ trunk/reactos/win32ss/gdi/eng/xlateobj.c [iso-8859-1] Tue Dec 18 21:44:58 2012 @@ -11,6 +11,13 @@ #define NDEBUG #include <debug.h> +_Always_(_Post_satisfies_(return==iColor)) +_Function_class_(FN_XLATE) +ULONG +FASTCALL +EXLATEOBJ_iXlateTrivial( + _In_ PEXLATEOBJ pexlo, + _In_ ULONG iColor); /** Globals *******************************************************************/ @@ -31,6 +38,8 @@ /** iXlate functions **********************************************************/ +_Always_(_Post_satisfies_(return==iColor)) +_Function_class_(FN_XLATE) ULONG FASTCALL EXLATEOBJ_iXlateTrivial(PEXLATEOBJ pexlo, ULONG iColor) @@ -38,6 +47,7 @@ return iColor; } +_Function_class_(FN_XLATE) ULONG FASTCALL EXLATEOBJ_iXlateToMono(PEXLATEOBJ pexlo, ULONG iColor) @@ -45,6 +55,7 @@ return (iColor == pexlo->xlo.pulXlate[0]); } +_Function_class_(FN_XLATE) ULONG FASTCALL EXLATEOBJ_iXlateTable(PEXLATEOBJ pexlo, ULONG iColor) @@ -53,6 +64,7 @@ return pexlo->xlo.pulXlate[iColor]; } +_Function_class_(FN_XLATE) ULONG FASTCALL EXLATEOBJ_iXlateRGBtoBGR(PEXLATEOBJ pxlo, ULONG iColor) @@ -72,6 +84,7 @@ return iNewColor; } +_Function_class_(FN_XLATE) ULONG FASTCALL EXLATEOBJ_iXlateRGBto555(PEXLATEOBJ pxlo, ULONG iColor) @@ -93,6 +106,7 @@ return iNewColor; } +_Function_class_(FN_XLATE) ULONG FASTCALL EXLATEOBJ_iXlateBGRto555(PEXLATEOBJ pxlo, ULONG iColor) @@ -114,6 +128,7 @@ return iNewColor; } +_Function_class_(FN_XLATE) ULONG FASTCALL EXLATEOBJ_iXlateRGBto565(PEXLATEOBJ pxlo, ULONG iColor) @@ -135,6 +150,7 @@ return iNewColor; } +_Function_class_(FN_XLATE) ULONG FASTCALL EXLATEOBJ_iXlateBGRto565(PEXLATEOBJ pxlo, ULONG iColor) @@ -156,6 +172,7 @@ return iNewColor; } +_Function_class_(FN_XLATE) ULONG FASTCALL EXLATEOBJ_iXlateRGBtoPal(PEXLATEOBJ pexlo, ULONG iColor) @@ -163,6 +180,7 @@ return PALETTE_ulGetNearestPaletteIndex(pexlo->ppalDst, iColor); } +_Function_class_(FN_XLATE) ULONG FASTCALL EXLATEOBJ_iXlate555toRGB(PEXLATEOBJ pxlo, ULONG iColor) @@ -183,6 +201,7 @@ return iNewColor; } +_Function_class_(FN_XLATE) ULONG FASTCALL EXLATEOBJ_iXlate555toBGR(PEXLATEOBJ pxlo, ULONG iColor) @@ -203,6 +222,7 @@ return iNewColor; } +_Function_class_(FN_XLATE) ULONG FASTCALL EXLATEOBJ_iXlate555to565(PEXLATEOBJ pxlo, ULONG iColor) @@ -223,6 +243,7 @@ return iNewColor; } +_Function_class_(FN_XLATE) ULONG FASTCALL EXLATEOBJ_iXlate555toPal(PEXLATEOBJ pexlo, ULONG iColor) @@ -232,6 +253,7 @@ return PALETTE_ulGetNearestPaletteIndex(pexlo->ppalDst, iColor); } +_Function_class_(FN_XLATE) ULONG FASTCALL EXLATEOBJ_iXlate565to555(PEXLATEOBJ pxlo, ULONG iColor) @@ -248,6 +270,7 @@ return iNewColor; } +_Function_class_(FN_XLATE) ULONG FASTCALL EXLATEOBJ_iXlate565toRGB(PEXLATEOBJ pexlo, ULONG iColor) @@ -268,6 +291,7 @@ return iNewColor; } +_Function_class_(FN_XLATE) ULONG FASTCALL EXLATEOBJ_iXlate565toBGR(PEXLATEOBJ pexlo, ULONG iColor) @@ -288,6 +312,7 @@ return iNewColor; } +_Function_class_(FN_XLATE) ULONG FASTCALL EXLATEOBJ_iXlate565toPal(EXLATEOBJ *pexlo, ULONG iColor) @@ -297,6 +322,7 @@ return PALETTE_ulGetNearestPaletteIndex(pexlo->ppalDst, iColor); } +_Function_class_(FN_XLATE) ULONG FASTCALL EXLATEOBJ_iXlateShiftAndMask(PEXLATEOBJ pexlo, ULONG iColor) @@ -310,6 +336,7 @@ return iNewColor; } +_Function_class_(FN_XLATE) ULONG FASTCALL EXLATEOBJ_iXlateBitfieldsToPal(PEXLATEOBJ pexlo, ULONG iColor) Modified: trunk/reactos/win32ss/gdi/eng/xlateobj.h URL: http://svn.reactos.org/svn/reactos/trunk/reactos/win32ss/gdi/eng/xlateobj.h… ============================================================================== --- trunk/reactos/win32ss/gdi/eng/xlateobj.h [iso-8859-1] (original) +++ trunk/reactos/win32ss/gdi/eng/xlateobj.h [iso-8859-1] Tue Dec 18 21:44:58 2012 @@ -11,7 +11,7 @@ _Function_class_(FN_XLATE) typedef -ULONG +ULONG (FASTCALL *PFN_XLATE)( _In_ struct _EXLATEOBJ *pexlo, _In_ ULONG iColor); @@ -84,10 +84,3 @@ EXLATEOBJ_vCleanup( _Inout_ PEXLATEOBJ pexlo); -_Always_(_Post_satisfies_(return==iColor)) -ULONG -FASTCALL -EXLATEOBJ_iXlateTrivial( - _In_ PEXLATEOBJ pexlo, - _In_ ULONG iColor); - Modified: trunk/reactos/win32ss/gdi/ntgdi/cliprgn.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/win32ss/gdi/ntgdi/cliprgn.… ============================================================================== --- trunk/reactos/win32ss/gdi/ntgdi/cliprgn.c [iso-8859-1] (original) +++ trunk/reactos/win32ss/gdi/ntgdi/cliprgn.c [iso-8859-1] Tue Dec 18 21:44:58 2012 @@ -555,6 +555,11 @@ pDC->prgnRao = IntSysCreateRectpRgn(0,0,0,0); } + if (!pDC->prgnRao) + { + return ERROR; + } + if (pDC->dclevel.prgnMeta && pDC->dclevel.prgnClip) { IntGdiCombineRgn( pDC->prgnAPI, @@ -585,7 +590,6 @@ pDC->prgnAPI, RGN_AND); - // FIXME: pDC->prgnRao may be NULL RtlCopyMemory(&pDC->erclClip, &pDC->prgnRao->rdh.rcBound, sizeof(RECTL)); @@ -599,8 +603,8 @@ // With pDC->co.pClipRgn->Buffer, // pDC->co.pClipRgn = pDC->prgnRao ? pDC->prgnRao : pDC->prgnVis; - co = IntEngCreateClipRegion( ((PROSRGNDATA)pDC->prgnRao)->rdh.nCount, - ((PROSRGNDATA)pDC->prgnRao)->Buffer, + co = IntEngCreateClipRegion(pDC->prgnRao->rdh.nCount, + pDC->prgnRao->Buffer, &pDC->erclClip); if (co) { Modified: trunk/reactos/win32ss/gdi/ntgdi/coord.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/win32ss/gdi/ntgdi/coord.c?… ============================================================================== --- trunk/reactos/win32ss/gdi/ntgdi/coord.c [iso-8859-1] (original) +++ trunk/reactos/win32ss/gdi/ntgdi/coord.c [iso-8859-1] Tue Dec 18 21:44:58 2012 @@ -430,6 +430,7 @@ _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) { /* Do not set last error */ + ret = 0; } _SEH2_END; @@ -1232,7 +1233,6 @@ POINTL SafePoint; SIZE Size; PSIZEL pszlViewportExt; - NTSTATUS Status = STATUS_SUCCESS; if (!Point) { @@ -1293,15 +1293,9 @@ } _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) { - Status = _SEH2_GetExceptionCode(); + Ret = FALSE; } _SEH2_END; - - if (!NT_SUCCESS(Status)) - { - SetLastNtError(Status); - Ret = FALSE; - } } DC_UnlockDc(pdc); Modified: trunk/reactos/win32ss/gdi/ntgdi/dibobj.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/win32ss/gdi/ntgdi/dibobj.c… ============================================================================== --- trunk/reactos/win32ss/gdi/ntgdi/dibobj.c [iso-8859-1] (original) +++ trunk/reactos/win32ss/gdi/ntgdi/dibobj.c [iso-8859-1] Tue Dec 18 21:44:58 2012 @@ -867,7 +867,7 @@ } psurfDest = SURFACE_ShareLockSurface(hBmpDest); - + RECTL_vSetRect(&rcDest, 0, 0, ScanLines, psurf->SurfObj.sizlBitmap.cx); srcPoint.x = 0; @@ -1014,7 +1014,7 @@ _SEH2_TRY { /* Copy the data back */ - ProbeForWrite(pbmiUser, cjMaxInfo, 1); + ProbeForWrite(pbmiUser, cjMaxInfo, 1); RtlCopyMemory(pbmiUser, pbmi, cjMaxInfo); } _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) @@ -1646,7 +1646,7 @@ GreDeleteObject(res); res = 0; } - + if(ppalDIB) { PALETTE_ShareUnlockPalette(ppalDIB); @@ -1862,23 +1862,23 @@ BITMAPCOREINFO* pbmci; if(converted == orig) return; - + if(usage == -1) { /* Caller don't want any conversion */ ExFreePoolWithTag(converted, TAG_DIB); return; } - + /* Perform inverse conversion */ pbmci = (BITMAPCOREINFO*)orig; - + ASSERT(pbmci->bmciHeader.bcSize == sizeof(BITMAPCOREHEADER)); pbmci->bmciHeader.bcBitCount = converted->bmiHeader.biBitCount; pbmci->bmciHeader.bcWidth = converted->bmiHeader.biWidth; pbmci->bmciHeader.bcHeight = converted->bmiHeader.biHeight; pbmci->bmciHeader.bcPlanes = converted->bmiHeader.biPlanes; - + if(pbmci->bmciHeader.bcBitCount <= 8) { UINT numColors = converted->bmiHeader.biClrUsed; Modified: trunk/reactos/win32ss/gdi/ntgdi/region.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/win32ss/gdi/ntgdi/region.c… ============================================================================== --- trunk/reactos/win32ss/gdi/ntgdi/region.c [iso-8859-1] (original) +++ trunk/reactos/win32ss/gdi/ntgdi/region.c [iso-8859-1] Tue Dec 18 21:44:58 2012 @@ -3988,51 +3988,59 @@ * * If the function fails, the return value is zero." */ -DWORD APIENTRY +_Success_(return!=0) +ULONG +APIENTRY NtGdiGetRegionData( - HRGN hrgn, - DWORD count, - LPRGNDATA rgndata -) -{ - DWORD size; - PROSRGNDATA obj = RGNOBJAPI_Lock(hrgn, NULL); - NTSTATUS Status = STATUS_SUCCESS; - - if (!obj) + _In_ HRGN hrgn, + _In_ ULONG cjBuffer, + _Out_opt_bytecap_(cjBuffer) LPRGNDATA lpRgnData) +{ + ULONG cjSize; + PREGION prgn; + + /* Lock the region */ + prgn = RGNOBJAPI_Lock(hrgn, NULL); + if (!prgn) + { + EngSetLastError(ERROR_INVALID_HANDLE); return 0; - - size = obj->rdh.nCount * sizeof(RECT); - if (count < (size + sizeof(RGNDATAHEADER)) || rgndata == NULL) - { - RGNOBJAPI_Unlock(obj); - if (rgndata) /* Buffer is too small, signal it by return 0 */ - return 0; - else /* User requested buffer size with rgndata NULL */ - return size + sizeof(RGNDATAHEADER); - } - - _SEH2_TRY - { - ProbeForWrite(rgndata, count, 1); - RtlCopyMemory(rgndata, &obj->rdh, sizeof(RGNDATAHEADER)); - RtlCopyMemory(rgndata->Buffer, obj->Buffer, size); - } - _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) - { - Status = _SEH2_GetExceptionCode(); - } - _SEH2_END; - - if (!NT_SUCCESS(Status)) - { - SetLastNtError(Status); - RGNOBJAPI_Unlock(obj); - return 0; - } - - RGNOBJAPI_Unlock(obj); - return size + sizeof(RGNDATAHEADER); + } + + /* Calculate the region size */ + cjSize = prgn->rdh.nCount * sizeof(RECT) + sizeof(RGNDATAHEADER); + + /* Check if region data is requested */ + if (lpRgnData) + { + /* Check if the buffer is large enough */ + if (cjBuffer >= cjSize) + { + /* Probe the buffer and copy the data */ + _SEH2_TRY + { + ProbeForWrite(lpRgnData, cjSize, sizeof(ULONG)); + RtlCopyMemory(lpRgnData, &prgn->rdh, sizeof(RGNDATAHEADER)); + RtlCopyMemory(lpRgnData->Buffer, prgn->Buffer, cjSize); + } + _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) + { + EngSetLastError(ERROR_INVALID_PARAMETER); + cjSize = 0; + } + _SEH2_END; + } + else + { + /* Buffer is too small */ + EngSetLastError(ERROR_INVALID_PARAMETER); + cjSize = 0; + } + } + + /* Unlock the region and return the size */ + RGNOBJAPI_Unlock(prgn); + return cjSize; } /* EOF */ Modified: trunk/reactos/win32ss/include/ntuser.h URL: http://svn.reactos.org/svn/reactos/trunk/reactos/win32ss/include/ntuser.h?r… ============================================================================== --- trunk/reactos/win32ss/include/ntuser.h [iso-8859-1] (original) +++ trunk/reactos/win32ss/include/ntuser.h [iso-8859-1] Tue Dec 18 21:44:58 2012 @@ -2024,13 +2024,14 @@ DWORD idThread, LPGUITHREADINFO lpgui); +_Success_(return!=FALSE) BOOL NTAPI NtUserGetIconInfo( _In_ HANDLE hCurIcon, _Out_opt_ PICONINFO IconInfo, - _Out_opt_ PUNICODE_STRING lpInstName, - _Out_opt_ PUNICODE_STRING lpResName, + _Inout_opt_ PUNICODE_STRING lpInstName, + _Inout_opt_ PUNICODE_STRING lpResName, _Out_opt_ LPDWORD pbpp, _In_ BOOL bInternal); @@ -2782,7 +2783,7 @@ LONG cx; LONG cy; } FINDEXISTINGCURICONPARAM; - + HICON NTAPI NtUserFindExistingCursorIcon( @@ -2799,7 +2800,7 @@ HMODULE hModule, HRSRC hRsrc, HRSRC hGroupRsrc); - + HICON NTAPI NtUserFindExistingCursorIcon( Modified: trunk/reactos/win32ss/user/ntuser/class.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/win32ss/user/ntuser/class.… ============================================================================== --- trunk/reactos/win32ss/user/ntuser/class.c [iso-8859-1] (original) +++ trunk/reactos/win32ss/user/ntuser/class.c [iso-8859-1] Tue Dec 18 21:44:58 2012 @@ -125,7 +125,7 @@ NTSTATUS NTAPI ProbeAndCaptureUnicodeStringOrAtom( - _Out_ PUNICODE_STRING pustrOut, + _Out_ _When_(return>=0, _At_(pustrOut->Buffer, _Post_ _Notnull_)) PUNICODE_STRING pustrOut, __in_data_source(USER_MODE) _In_ PUNICODE_STRING pustrUnsafe) { NTSTATUS Status = STATUS_SUCCESS; Modified: trunk/reactos/win32ss/user/ntuser/class.h URL: http://svn.reactos.org/svn/reactos/trunk/reactos/win32ss/user/ntuser/class.… ============================================================================== --- trunk/reactos/win32ss/user/ntuser/class.h [iso-8859-1] (original) +++ trunk/reactos/win32ss/user/ntuser/class.h [iso-8859-1] Tue Dec 18 21:44:58 2012 @@ -63,7 +63,7 @@ NTSTATUS NTAPI ProbeAndCaptureUnicodeStringOrAtom( - _Out_ PUNICODE_STRING pustrOut, + _Out_ _When_(return>=0, _At_(pustrOut->Buffer, _Post_ _Notnull_)) PUNICODE_STRING pustrOut, __in_data_source(USER_MODE) _In_ PUNICODE_STRING pustrUnsafe); /* EOF */ Modified: trunk/reactos/win32ss/user/ntuser/cursoricon.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/win32ss/user/ntuser/cursor… ============================================================================== --- trunk/reactos/win32ss/user/ntuser/cursoricon.c [iso-8859-1] (original) +++ trunk/reactos/win32ss/user/ntuser/cursoricon.c [iso-8859-1] Tue Dec 18 21:44:58 2012 @@ -240,7 +240,7 @@ HBITMAP bmpMask, bmpColor; BOOLEAN Ret, bListEmpty, bFound = FALSE; PCURICON_PROCESS Current = NULL; - + /* For handles created without any data (error handling) */ if(IsListEmpty(&CurIcon->ProcessList)) goto emptyList; @@ -256,7 +256,7 @@ break; } } - + if(!bFound) { /* This object doesn't belong to this process */ @@ -385,6 +385,18 @@ { ProbeForWrite(IconInfo, sizeof(ICONINFO), 1); RtlCopyMemory(IconInfo, &ii, sizeof(ICONINFO)); + + /// @todo Implement support for lpInstName + if (lpInstName) + { + RtlInitEmptyUnicodeString(lpInstName, NULL, 0); + } + + /// @todo Implement support for lpResName + if (lpResName) + { + RtlInitEmptyUnicodeString(lpResName, NULL, 0); + } if (pbpp) { @@ -1049,7 +1061,7 @@ RECTL rcDest, rcSrc; CLIPOBJ* pdcClipObj = NULL; EXLATEOBJ exlo; - + /* Stupid case */ if((diFlags & DI_NORMAL) == 0) { @@ -1059,12 +1071,12 @@ hbmMask = pIcon->IconInfo.hbmMask; hbmColor = pIcon->IconInfo.hbmColor; - + if (istepIfAniCur) ERR("NtUserDrawIconEx: istepIfAniCur is not supported!\n"); - + /* - * Get our objects. + * Get our objects. * Shared locks are enough, we are only reading those bitmaps */ psurfMask = SURFACE_ShareLockSurface(hbmMask); @@ -1073,7 +1085,7 @@ ERR("Unable to lock the mask surface.\n"); return FALSE; } - + /* Color bitmap is not mandatory */ if(hbmColor == NULL) { @@ -1087,7 +1099,7 @@ SURFACE_ShareUnlockSurface(psurfMask); return FALSE; } - + /* Set source rect */ RECTL_vSetRect(&rcSrc, 0, 0, pIcon->Size.cx, pIcon->Size.cy); @@ -1119,17 +1131,17 @@ if (!cxWidth) { if(diFlags & DI_DEFAULTSIZE) - cxWidth = pIcon->IconInfo.fIcon ? + cxWidth = pIcon->IconInfo.fIcon ? UserGetSystemMetrics(SM_CXICON) : UserGetSystemMetrics(SM_CXCURSOR); else cxWidth = pIcon->Size.cx; } - + /* Fix height parameter, if needed */ if (!cyHeight) { if(diFlags & DI_DEFAULTSIZE) - cyHeight = pIcon->IconInfo.fIcon ? + cyHeight = pIcon->IconInfo.fIcon ? UserGetSystemMetrics(SM_CYICON) : UserGetSystemMetrics(SM_CYCURSOR); else cyHeight = pIcon->Size.cy; @@ -1143,9 +1155,9 @@ /* Yes: Allocate and paint the offscreen surface */ EBRUSHOBJ eboFill; PBRUSH pbrush = BRUSH_ShareLockBrush(hbrFlickerFreeDraw); - + TRACE("Performing off-screen rendering.\n"); - + if(!pbrush) { ERR("Failed to get brush object.\n"); @@ -1171,11 +1183,11 @@ BRUSH_ShareUnlockBrush(pbrush); return FALSE; } - + /* Paint the brush */ EBRUSHOBJ_vInit(&eboFill, pbrush, psurfOffScreen, 0x00FFFFFF, 0, NULL); RECTL_vSetRect(&rcDest, 0, 0, cxWidth, cyHeight); - + Ret = IntEngBitBlt(&psurfOffScreen->SurfObj, NULL, NULL, @@ -1191,7 +1203,7 @@ /* Clean up everything */ EBRUSHOBJ_vCleanup(&eboFill); BRUSH_ShareUnlockBrush(pbrush); - + if(!Ret) { ERR("Failed to paint the off-screen surface.\n"); @@ -1200,7 +1212,7 @@ GDIOBJ_vDeleteObject(&psurfOffScreen->BaseObject); return FALSE; } - + /* We now have our destination surface */ psurfDest = psurfOffScreen; } @@ -1208,7 +1220,7 @@ { /* We directly draw to the DC */ TRACE("Performing on screen rendering.\n"); - + psurfOffScreen = NULL; pdc = DC_LockDc(hDc); if(!pdc) @@ -1222,16 +1234,16 @@ RECTL_vSetRect(&rcDest, xLeft, yTop, xLeft + cxWidth, yTop + cyHeight); IntLPtoDP(pdc, (LPPOINT)&rcDest, 2); RECTL_vOffsetRect(&rcDest, pdc->ptlDCOrig.x, pdc->ptlDCOrig.y); - + /* Prepare the underlying surface */ DC_vPrepareDCsForBlit(pdc, rcDest, NULL, rcDest); - + /* Get the clip object */ pdcClipObj = pdc->rosdc.CombinedClip; - + /* We now have our destination surface and rectangle */ psurfDest = pdc->dclevel.pSurface; - + if(psurfDest == NULL) { /* Empty DC */ @@ -1281,10 +1293,10 @@ ptr += 4; } } - + /* Initialize color translation object */ EXLATEOBJ_vInitialize(&exlo, psurf->ppal, psurfDest->ppal, 0xFFFFFFFF, 0xFFFFFFFF, 0); - + /* Now do it */ Ret = IntEngAlphaBlend(&psurfDest->SurfObj, &psurf->SurfObj, @@ -1293,9 +1305,9 @@ &rcDest, &rcSrc, &blendobj); - + EXLATEOBJ_vCleanup(&exlo); - + CleanupAlpha: if(psurf) SURFACE_ShareUnlockSurface(psurf); if(hsurfCopy) NtGdiDeleteObjectApp(hsurfCopy); @@ -1306,9 +1318,9 @@ if (diFlags & DI_MASK) { DWORD rop4 = (diFlags & DI_IMAGE) ? ROP4_SRCAND : ROP4_SRCCOPY; - + EXLATEOBJ_vInitSrcMonoXlate(&exlo, psurfDest->ppal, 0x00FFFFFF, 0); - + Ret = IntEngStretchBlt(&psurfDest->SurfObj, &psurfMask->SurfObj, NULL, @@ -1321,7 +1333,7 @@ NULL, NULL, rop4); - + EXLATEOBJ_vCleanup(&exlo); if(!Ret) @@ -1336,9 +1348,9 @@ if (psurfColor) { DWORD rop4 = (diFlags & DI_MASK) ? ROP4_SRCINVERT : ROP4_SRCCOPY ; - + EXLATEOBJ_vInitialize(&exlo, psurfColor->ppal, psurfDest->ppal, 0x00FFFFFF, 0x00FFFFFF, 0); - + Ret = IntEngStretchBlt(&psurfDest->SurfObj, &psurfColor->SurfObj, NULL, @@ -1351,7 +1363,7 @@ NULL, NULL, rop4); - + EXLATEOBJ_vCleanup(&exlo); if(!Ret) @@ -1365,9 +1377,9 @@ /* Mask bitmap holds the information in its bottom half */ DWORD rop4 = (diFlags & DI_MASK) ? ROP4_SRCINVERT : ROP4_SRCCOPY; RECTL_vOffsetRect(&rcSrc, 0, pIcon->Size.cy); - + EXLATEOBJ_vInitSrcMonoXlate(&exlo, psurfDest->ppal, 0x00FFFFFF, 0); - + Ret = IntEngStretchBlt(&psurfDest->SurfObj, &psurfMask->SurfObj, NULL, @@ -1380,7 +1392,7 @@ NULL, NULL, rop4); - + EXLATEOBJ_vCleanup(&exlo); if(!Ret) @@ -1407,13 +1419,13 @@ RECTL_vSetRect(&rcDest, xLeft, yTop, xLeft + cxWidth, yTop + cyHeight); IntLPtoDP(pdc, (LPPOINT)&rcDest, 2); RECTL_vOffsetRect(&rcDest, pdc->ptlDCOrig.x, pdc->ptlDCOrig.y); - + /* Prepare the underlying surface */ DC_vPrepareDCsForBlit(pdc, rcDest, NULL, rcDest); - + /* Get the clip object */ pdcClipObj = pdc->rosdc.CombinedClip; - + /* We now have our destination surface and rectangle */ psurfDest = pdc->dclevel.pSurface; if(!psurfDest) @@ -1422,10 +1434,10 @@ DC_UnlockDc(pdc); goto Cleanup2; } - + /* Color translation */ EXLATEOBJ_vInitialize(&exlo, psurfOffScreen->ppal, psurfDest->ppal, 0x00FFFFFF, 0x00FFFFFF, 0); - + /* Blt it! */ Ret = IntEngBitBlt(&psurfDest->SurfObj, &psurfOffScreen->SurfObj, @@ -1438,7 +1450,7 @@ NULL, NULL, ROP4_SRCCOPY); - + EXLATEOBJ_vCleanup(&exlo); } Cleanup: @@ -1447,12 +1459,12 @@ DC_vFinishBlit(pdc, NULL); DC_UnlockDc(pdc); } - + Cleanup2: /* Delete off screen rendering surface */ if(psurfOffScreen) GDIOBJ_vDeleteObject(&psurfOffScreen->BaseObject); - + /* Unlock other surfaces */ SURFACE_ShareUnlockSurface(psurfMask); if(psurfColor) SURFACE_ShareUnlockSurface(psurfColor); Modified: trunk/reactos/win32ss/user/ntuser/desktop.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/win32ss/user/ntuser/deskto… ============================================================================== --- trunk/reactos/win32ss/user/ntuser/desktop.c [iso-8859-1] (original) +++ trunk/reactos/win32ss/user/ntuser/desktop.c [iso-8859-1] Tue Dec 18 21:44:58 2012 @@ -65,7 +65,9 @@ /* Get the current desktop */ Desktop = CONTAINING_RECORD(NextEntry, DESKTOP, ListEntry); + /// @todo Don't mess around with the object headers! /* Get its name */ + _PRAGMA_WARNING_SUPPRESS(__WARNING_DEREF_NULL_PTR) DesktopName = GET_DESKTOP_NAME(Desktop); if (DesktopName) { @@ -1262,7 +1264,7 @@ dwDesiredAccess, (PVOID)&Context, (HANDLE*)&hdesk); - if (!NT_SUCCESS(Status)) + if (!NT_SUCCESS(Status)) { ERR("ObOpenObjectByName failed to open/create desktop\n"); SetLastNtError(Status); @@ -1294,7 +1296,7 @@ /* Get the desktop window class. The thread desktop does not belong to any desktop * so the classes created there (including the desktop class) are allocated in the shared heap - * It would cause problems if we used a class that belongs to the caller + * It would cause problems if we used a class that belongs to the caller */ ClassName.Buffer = WC_DESKTOP; ClassName.Length = 0; @@ -1327,7 +1329,7 @@ pdesk->DesktopWindow = pWnd->head.h; pdesk->pDeskInfo->spwnd = pWnd; pWnd->fnid = FNID_DESKTOP; - + ClassName.Buffer = MAKEINTATOM(gpsi->atomSysClass[ICLS_HWNDMESSAGE]); ClassName.Length = 0; pcls = IntGetAndReferenceClass(&ClassName, 0, TRUE); Modified: trunk/reactos/win32ss/user/ntuser/focus.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/win32ss/user/ntuser/focus.… ============================================================================== --- trunk/reactos/win32ss/user/ntuser/focus.c [iso-8859-1] (original) +++ trunk/reactos/win32ss/user/ntuser/focus.c [iso-8859-1] Tue Dec 18 21:44:58 2012 @@ -358,15 +358,20 @@ */ static BOOL FASTCALL -co_IntSetForegroundAndFocusWindow(PWND Wnd, BOOL MouseActivate) -{ - HWND hWnd = UserHMGetHandle(Wnd); +co_IntSetForegroundAndFocusWindow( + _In_ PWND Wnd, + _In_ BOOL MouseActivate) +{ + HWND hWnd; HWND hWndPrev = NULL; PUSER_MESSAGE_QUEUE PrevForegroundQueue; PTHREADINFO pti; BOOL fgRet = FALSE, Ret = FALSE; ASSERT_REFS_CO(Wnd); + NT_ASSERT(Wnd != NULL); + + hWnd = UserHMGetHandle(Wnd); TRACE("SetForegroundAndFocusWindow(%x, %s)\n", hWnd, (MouseActivate ? "TRUE" : "FALSE")); Modified: trunk/reactos/win32ss/user/ntuser/hook.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/win32ss/user/ntuser/hook.c… ============================================================================== --- trunk/reactos/win32ss/user/ntuser/hook.c [iso-8859-1] (original) +++ trunk/reactos/win32ss/user/ntuser/hook.c [iso-8859-1] Tue Dec 18 21:44:58 2012 @@ -1050,6 +1050,8 @@ } _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) { + /* Do nothing */ + (void)0; } _SEH2_END; } @@ -1241,6 +1243,8 @@ } _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) { + /* Do nothing */ + (void)0; } _SEH2_END; } Modified: trunk/reactos/win32ss/user/ntuser/kbdlayout.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/win32ss/user/ntuser/kbdlay… ============================================================================== --- trunk/reactos/win32ss/user/ntuser/kbdlayout.c [iso-8859-1] (original) +++ trunk/reactos/win32ss/user/ntuser/kbdlayout.c [iso-8859-1] Tue Dec 18 21:44:58 2012 @@ -254,9 +254,10 @@ */ static VOID -UnloadKbdFile(PKBDFILE pkf) +UnloadKbdFile(_In_ PKBDFILE pkf) { PKBDFILE *ppkfLink = &gpkfList; + NT_ASSERT(pkf != NULL); /* Find previous object */ while (*ppkfLink) Modified: trunk/reactos/win32ss/user/ntuser/keyboard.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/win32ss/user/ntuser/keyboa… ============================================================================== --- trunk/reactos/win32ss/user/ntuser/keyboard.c [iso-8859-1] (original) +++ trunk/reactos/win32ss/user/ntuser/keyboard.c [iso-8859-1] Tue Dec 18 21:44:58 2012 @@ -385,7 +385,7 @@ /* If nothing has been found in layout, check if this is ASCII control character. Note: we could add it to layout table, but windows does not have it there */ if (wVirtKey >= 'A' && wVirtKey <= 'Z' && - IS_KEY_DOWN(pKeyState, VK_CONTROL) && + pKeyState && IS_KEY_DOWN(pKeyState, VK_CONTROL) && !IS_KEY_DOWN(pKeyState, VK_MENU)) { *pwcTranslatedChar = (wVirtKey - 'A') + 1; /* ASCII control character */ @@ -1097,7 +1097,7 @@ { pti->KeyboardLayout = W32kGetDefaultKeyLayout(); pti->pClientInfo->hKL = pti->KeyboardLayout ? pti->KeyboardLayout->hkl : NULL; - pKbdTbl = pti->KeyboardLayout->spkf->pKbdTbl; + pKbdTbl = pti->KeyboardLayout ? pti->KeyboardLayout->spkf->pKbdTbl : NULL; } else pKbdTbl = pti->KeyboardLayout->spkf->pKbdTbl; Modified: trunk/reactos/win32ss/user/ntuser/menu.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/win32ss/user/ntuser/menu.c… ============================================================================== --- trunk/reactos/win32ss/user/ntuser/menu.c [iso-8859-1] (original) +++ trunk/reactos/win32ss/user/ntuser/menu.c [iso-8859-1] Tue Dec 18 21:44:58 2012 @@ -249,8 +249,8 @@ PPROCESSINFO CurrentWin32Process; Menu = (PMENU_OBJECT)UserCreateObject( gHandleTable, - NULL, - NULL, + NULL, + NULL, Handle, otMenu, sizeof(MENU_OBJECT)); @@ -361,8 +361,8 @@ return NULL; Menu = (PMENU_OBJECT)UserCreateObject( gHandleTable, - NULL, - NULL, + NULL, + NULL, &hMenu, otMenu, sizeof(MENU_OBJECT)); @@ -803,12 +803,17 @@ } BOOL FASTCALL -IntInsertMenuItem(PMENU_OBJECT MenuObject, UINT uItem, BOOL fByPosition, - PROSMENUITEMINFO ItemInfo) +IntInsertMenuItem( + _In_ PMENU_OBJECT MenuObject, + UINT uItem, + BOOL fByPosition, + PROSMENUITEMINFO ItemInfo) { int pos; PMENU_ITEM MenuItem; PMENU_OBJECT SubMenu = NULL; + + NT_ASSERT(MenuObject != NULL); if (MAX_MENU_ITEMS <= MenuObject->MenuInfo.MenuItemCount) { Modified: trunk/reactos/win32ss/user/ntuser/menu.h URL: http://svn.reactos.org/svn/reactos/trunk/reactos/win32ss/user/ntuser/menu.h… ============================================================================== --- trunk/reactos/win32ss/user/ntuser/menu.h [iso-8859-1] (original) +++ trunk/reactos/win32ss/user/ntuser/menu.h [iso-8859-1] Tue Dec 18 21:44:58 2012 @@ -64,7 +64,7 @@ IntCleanupMenus(struct _EPROCESS *Process, PPROCESSINFO Win32Process); BOOL FASTCALL -IntInsertMenuItem(PMENU_OBJECT MenuObject, UINT uItem, BOOL fByPosition, +IntInsertMenuItem(_In_ PMENU_OBJECT MenuObject, UINT uItem, BOOL fByPosition, PROSMENUITEMINFO ItemInfo); PMENU_OBJECT FASTCALL Modified: trunk/reactos/win32ss/user/ntuser/message.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/win32ss/user/ntuser/messag… ============================================================================== --- trunk/reactos/win32ss/user/ntuser/message.c [iso-8859-1] (original) +++ trunk/reactos/win32ss/user/ntuser/message.c [iso-8859-1] Tue Dec 18 21:44:58 2012 @@ -116,7 +116,7 @@ } MSGMEMORY, *PMSGMEMORY; -static MSGMEMORY MsgMemory[] = +static MSGMEMORY g_MsgMemory[] = { { WM_CREATE, MMS_SIZE_SPECIAL, MMS_FLAG_READWRITE }, { WM_DDE_ACK, sizeof(KMDDELPARAM), MMS_FLAG_READ }, @@ -140,8 +140,8 @@ PMSGMEMORY MsgMemoryEntry; /* See if this message type is present in the table */ - for (MsgMemoryEntry = MsgMemory; - MsgMemoryEntry < MsgMemory + sizeof(MsgMemory) / sizeof(MSGMEMORY); + for (MsgMemoryEntry = g_MsgMemory; + MsgMemoryEntry < g_MsgMemory + sizeof(g_MsgMemory) / sizeof(MSGMEMORY); MsgMemoryEntry++) { if (Msg == MsgMemoryEntry->Message) @@ -225,9 +225,9 @@ UINT lParamMemorySize(UINT Msg, WPARAM wParam, LPARAM lParam) { - PMSGMEMORY MsgMemory = FindMsgMemory(Msg); - if(MsgMemory == NULL) return 0; - return MsgMemorySize(MsgMemory, wParam, lParam); + PMSGMEMORY MsgMemoryEntry = FindMsgMemory(Msg); + if(MsgMemoryEntry == NULL) return 0; + return MsgMemorySize(MsgMemoryEntry, wParam, lParam); } static NTSTATUS @@ -388,9 +388,9 @@ return STATUS_INVALID_PARAMETER; } - if (MsgMemory->Flags == MMS_FLAG_READWRITE) - { - //RtlCopyMemory((PVOID)lParam, (PVOID)lParamPacked, MsgMemory->Size); + if (MsgMemoryEntry->Flags == MMS_FLAG_READWRITE) + { + //RtlCopyMemory((PVOID)lParam, (PVOID)lParamPacked, MsgMemoryEntry->Size); } ExFreePool((PVOID) lParamPacked); return STATUS_SUCCESS; Modified: trunk/reactos/win32ss/user/ntuser/monitor.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/win32ss/user/ntuser/monito… ============================================================================== --- trunk/reactos/win32ss/user/ntuser/monitor.c [iso-8859-1] (original) +++ trunk/reactos/win32ss/user/ntuser/monitor.c [iso-8859-1] Tue Dec 18 21:44:58 2012 @@ -139,7 +139,7 @@ TRACE("Couldnt create monitor object\n"); return STATUS_INSUFFICIENT_RESOURCES; } - + pMonitor->hDev = hDev; pMonitor->cWndStack = 0; @@ -185,7 +185,7 @@ { if (pMonitor->hDev == hDev) break; - + pLink = &pMonitor->pMonitorNext; pMonitor = pMonitor->pMonitorNext; } Modified: trunk/reactos/win32ss/user/ntuser/msgqueue.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/win32ss/user/ntuser/msgque… ============================================================================== --- trunk/reactos/win32ss/user/ntuser/msgqueue.c [iso-8859-1] (original) +++ trunk/reactos/win32ss/user/ntuser/msgqueue.c [iso-8859-1] Tue Dec 18 21:44:58 2012 @@ -704,7 +704,7 @@ } BOOLEAN FASTCALL -co_MsqDispatchOneSentMessage(PUSER_MESSAGE_QUEUE MessageQueue) +co_MsqDispatchOneSentMessage(_In_ PUSER_MESSAGE_QUEUE MessageQueue) { PUSER_SENT_MESSAGE SaveMsg, Message; PLIST_ENTRY Entry; @@ -1331,7 +1331,7 @@ IntTrackMouseMove(PWND pwndTrack, PDESKTOP pDesk, PMSG msg, USHORT hittest) { // PWND pwndTrack = IntChildrenWindowFromPoint(pwndMsg, msg->pt.x, msg->pt.y); - hittest = GetNCHitEx(pwndTrack, msg->pt); + hittest = (USHORT)GetNCHitEx(pwndTrack, msg->pt); /// @todo WTF is this??? if ( pDesk->spwndTrack != pwndTrack || // Change with tracking window or msg->message != WM_MOUSEMOVE || // Mouse click changes or Modified: trunk/reactos/win32ss/user/ntuser/msgqueue.h URL: http://svn.reactos.org/svn/reactos/trunk/reactos/win32ss/user/ntuser/msgque… ============================================================================== --- trunk/reactos/win32ss/user/ntuser/msgqueue.h [iso-8859-1] (original) +++ trunk/reactos/win32ss/user/ntuser/msgqueue.h [iso-8859-1] Tue Dec 18 21:44:58 2012 @@ -188,7 +188,7 @@ PUSER_MESSAGE_QUEUE FASTCALL MsqCreateMessageQueue(PTHREADINFO); VOID FASTCALL MsqDestroyMessageQueue(PTHREADINFO); INIT_FUNCTION NTSTATUS NTAPI MsqInitializeImpl(VOID); -BOOLEAN FASTCALL co_MsqDispatchOneSentMessage(PUSER_MESSAGE_QUEUE MessageQueue); +BOOLEAN FASTCALL co_MsqDispatchOneSentMessage(_In_ PUSER_MESSAGE_QUEUE MessageQueue); NTSTATUS FASTCALL co_MsqWaitForNewMessages(PUSER_MESSAGE_QUEUE MessageQueue, PWND WndFilter, UINT MsgFilterMin, UINT MsgFilterMax); Modified: trunk/reactos/win32ss/user/ntuser/scrollbar.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/win32ss/user/ntuser/scroll… ============================================================================== --- trunk/reactos/win32ss/user/ntuser/scrollbar.c [iso-8859-1] (original) +++ trunk/reactos/win32ss/user/ntuser/scrollbar.c [iso-8859-1] Tue Dec 18 21:44:58 2012 @@ -345,7 +345,7 @@ UINT new_flags; INT action = 0; PSBDATA pSBData; - DWORD OldPos; + DWORD OldPos = 0; BOOL bChangeParams = FALSE; /* Don't show/hide scrollbar if params don't change */ ASSERT_REFS_CO(Window); Modified: trunk/reactos/win32ss/user/ntuser/sysparams.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/win32ss/user/ntuser/syspar… ============================================================================== --- trunk/reactos/win32ss/user/ntuser/sysparams.c [iso-8859-1] (original) +++ trunk/reactos/win32ss/user/ntuser/sysparams.c [iso-8859-1] Tue Dec 18 21:44:58 2012 @@ -617,7 +617,7 @@ } /* Capture UNICODE_STRING */ - bResult = SpiMemCopy(&ustr, pvParam, sizeof(UNICODE_STRING), fl & SPIF_PROTECT, 0); + bResult = SpiMemCopy(&ustr, pvParam, sizeof(ustr), fl & SPIF_PROTECT, 0); if (!bResult) return 0; if (ustr.Length > MAX_PATH * sizeof(WCHAR)) return 0; Modified: trunk/reactos/win32ss/user/ntuser/sysparams.h URL: http://svn.reactos.org/svn/reactos/trunk/reactos/win32ss/user/ntuser/syspar… ============================================================================== --- trunk/reactos/win32ss/user/ntuser/sysparams.h [iso-8859-1] (original) +++ trunk/reactos/win32ss/user/ntuser/sysparams.h [iso-8859-1] Tue Dec 18 21:44:58 2012 @@ -141,7 +141,7 @@ ULONG cxWallpaper, cyWallpaper; WALLPAPER_MODE WallpaperMode; UNICODE_STRING ustrWallpaper; - WCHAR awcWallpaper[MAX_PATH]; + WCHAR awcWallpaper[MAX_PATH + 1]; BOOL bHandHeld; BOOL bFastTaskSwitch; Modified: trunk/reactos/win32ss/user/ntuser/timer.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/win32ss/user/ntuser/timer.… ============================================================================== --- trunk/reactos/win32ss/user/ntuser/timer.c [iso-8859-1] (original) +++ trunk/reactos/win32ss/user/ntuser/timer.c [iso-8859-1] Tue Dec 18 21:44:58 2012 @@ -359,7 +359,7 @@ StartTheTimers(VOID) { // Need to start gdi syncro timers then start timer with Hang App proc - // that calles Idle process so the screen savers will know to run...... + // that calles Idle process so the screen savers will know to run...... IntSetTimer(NULL, 0, 1000, HungAppSysTimerProc, TMRF_RIT); // Test Timers // IntSetTimer(NULL, 0, 1000, SystemTimerProc, TMRF_RIT); @@ -584,9 +584,14 @@ InitTimerImpl(VOID) { ULONG BitmapBytes; - + /* Allocate FAST_MUTEX from non paged pool */ Mutex = ExAllocatePoolWithTag(NonPagedPool, sizeof(FAST_MUTEX), TAG_INTERNAL_SYNC); + if (!Mutex) + { + return STATUS_INSUFFICIENT_RESOURCES; + } + ExInitializeFastMutex(Mutex); BitmapBytes = ROUND_UP(NUM_WINDOW_LESS_TIMERS, sizeof(ULONG) * 8) / 8; Modified: trunk/reactos/win32ss/user/ntuser/windc.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/win32ss/user/ntuser/windc.… ============================================================================== --- trunk/reactos/win32ss/user/ntuser/windc.c [iso-8859-1] (original) +++ trunk/reactos/win32ss/user/ntuser/windc.c [iso-8859-1] Tue Dec 18 21:44:58 2012 @@ -852,7 +852,7 @@ { if (!pDCE->hwndCurrent) CurrentWindow = NULL; - else + else CurrentWindow = UserGetWindowObject(pDCE->hwndCurrent); if (NULL == CurrentWindow) { Modified: trunk/reactos/win32ss/user/ntuser/window.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/win32ss/user/ntuser/window… ============================================================================== --- trunk/reactos/win32ss/user/ntuser/window.c [iso-8859-1] (original) +++ trunk/reactos/win32ss/user/ntuser/window.c [iso-8859-1] Tue Dec 18 21:44:58 2012 @@ -497,6 +497,7 @@ /* flush the message queue */ MsqRemoveWindowMessagesFromQueue(Window); + NT_ASSERT(Window->head.pti); IntDereferenceMessageQueue(Window->head.pti->MessageQueue); /* from now on no messages can be sent to this window anymore */ @@ -1987,7 +1988,7 @@ PWINSTATION_OBJECT WinSta; PCLS Class = NULL; SIZE Size; - POINT MaxPos; + POINT MaxSize, MaxPos, MinTrack, MaxTrack; CBT_CREATEWNDW * pCbtCreate; LRESULT Result; USER_REFERENCE_ENTRY ParentRef, Ref; @@ -2190,8 +2191,6 @@ if ((Cs->style & WS_THICKFRAME) || !(Cs->style & (WS_POPUP | WS_CHILD))) { - POINT MaxSize, MaxPos, MinTrack, MaxTrack; - co_WinPosGetMinMaxInfo(Window, &MaxSize, &MaxPos, &MinTrack, &MaxTrack); if (Size.cx > MaxTrack.x) Size.cx = MaxTrack.x; if (Size.cy > MaxTrack.y) Size.cy = MaxTrack.y; @@ -2542,7 +2541,7 @@ TRACE("co_UserDestroyWindow \n"); - /* Check for owner thread */ + /* Check for owner thread */ if ( Window->head.pti != PsGetCurrentThreadWin32Thread()) { /* Check if we are destroying the desktop window */ @@ -2627,7 +2626,7 @@ * Check if this window is the Shell's Desktop Window. If so set hShellWindow to NULL */ - if ((ti != NULL) & (ti->pDeskInfo != NULL)) + if ((ti != NULL) && (ti->pDeskInfo != NULL)) { if (ti->pDeskInfo->hShellWindow == hWnd) { @@ -3074,8 +3073,6 @@ for (;;) { - PWND Parent; - Parent = IntGetParent(WndAncestor); if (!Parent) Modified: trunk/reactos/win32ss/user/ntuser/winsta.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/win32ss/user/ntuser/winsta… ============================================================================== --- trunk/reactos/win32ss/user/ntuser/winsta.c [iso-8859-1] (original) +++ trunk/reactos/win32ss/user/ntuser/winsta.c [iso-8859-1] Tue Dec 18 21:44:58 2012 @@ -57,7 +57,10 @@ Peb = NtCurrentPeb(); if(Peb->SessionId == 0) { - RtlCreateUnicodeString(&gustrWindowStationsDir, WINSTA_OBJ_DIR); + if (!RtlCreateUnicodeString(&gustrWindowStationsDir, WINSTA_OBJ_DIR)) + { + return STATUS_INSUFFICIENT_RESOURCES; + } } else { @@ -67,7 +70,10 @@ Peb->SessionId, WINSTA_OBJ_DIR); - RtlCreateUnicodeString( &gustrWindowStationsDir, wstrWindowStationsDir); + if (!RtlCreateUnicodeString(&gustrWindowStationsDir, wstrWindowStationsDir)) + { + return STATUS_INSUFFICIENT_RESOURCES; + } } InitializeObjectAttributes(&ObjectAttributes, @@ -1024,27 +1030,30 @@ &ReturnLength); if (STATUS_BUFFER_TOO_SMALL == Status) { - BufferSize = ReturnLength; - Buffer = ExAllocatePoolWithTag(PagedPool, BufferSize, TAG_WINSTA); - if (NULL == Buffer) - { - ObDereferenceObject(DirectoryHandle); - return STATUS_NO_MEMORY; - } - - /* We should have a sufficiently large buffer now */ - Context = 0; - Status = ZwQueryDirectoryObject(DirectoryHandle, Buffer, BufferSize, - FALSE, TRUE, &Context, &ReturnLength); - if (! NT_SUCCESS(Status) || - STATUS_NO_MORE_ENTRIES != ZwQueryDirectoryObject(DirectoryHandle, NULL, 0, FALSE, - FALSE, &Context, NULL)) - { - /* Something went wrong, maybe someone added a directory entry? Just give up. */ - ExFreePoolWithTag(Buffer, TAG_WINSTA); - ObDereferenceObject(DirectoryHandle); - return NT_SUCCESS(Status) ? STATUS_INTERNAL_ERROR : Status; - } + ObDereferenceObject(DirectoryHandle); + return STATUS_NO_MEMORY; + } + + BufferSize = ReturnLength; + Buffer = ExAllocatePoolWithTag(PagedPool, BufferSize, TAG_WINSTA); + if (NULL == Buffer) + { + ObDereferenceObject(DirectoryHandle); + return STATUS_NO_MEMORY; + } + + /* We should have a sufficiently large buffer now */ + Context = 0; + Status = ZwQueryDirectoryObject(DirectoryHandle, Buffer, BufferSize, + FALSE, TRUE, &Context, &ReturnLength); + if (! NT_SUCCESS(Status) || + STATUS_NO_MORE_ENTRIES != ZwQueryDirectoryObject(DirectoryHandle, NULL, 0, FALSE, + FALSE, &Context, NULL)) + { + /* Something went wrong, maybe someone added a directory entry? Just give up. */ + ExFreePoolWithTag(Buffer, TAG_WINSTA); + ObDereferenceObject(DirectoryHandle); + return NT_SUCCESS(Status) ? STATUS_INTERNAL_ERROR : Status; } } @@ -1130,7 +1139,7 @@ /* * Clean up */ - if (NULL != Buffer && Buffer != InitialBuffer) + if (Buffer != InitialBuffer) { ExFreePoolWithTag(Buffer, TAG_WINSTA); } @@ -1153,6 +1162,7 @@ DWORD EntryCount; ULONG ReturnLength; WCHAR NullWchar; + PUNICODE_STRING DesktopName; Status = IntValidateWindowStationHandle(hWindowStation, KernelMode, @@ -1175,7 +1185,8 @@ DesktopEntry = DesktopEntry->Flink) { DesktopObject = CONTAINING_RECORD(DesktopEntry, DESKTOP, ListEntry); - ReturnLength += ((PUNICODE_STRING)GET_DESKTOP_NAME(DesktopObject))->Length + sizeof(WCHAR); + DesktopName = GET_DESKTOP_NAME(DesktopObject); + if (DesktopName) ReturnLength += DesktopName->Length + sizeof(WCHAR); EntryCount++; } TRACE("Required size: %d Entry count: %d\n", ReturnLength, EntryCount); @@ -1218,14 +1229,18 @@ DesktopEntry = DesktopEntry->Flink) { DesktopObject = CONTAINING_RECORD(DesktopEntry, DESKTOP, ListEntry); - Status = MmCopyToCaller(lpBuffer, ((PUNICODE_STRING)GET_DESKTOP_NAME(DesktopObject))->Buffer, ((PUNICODE_STRING)GET_DESKTOP_NAME(DesktopObject))->Length); + _PRAGMA_WARNING_SUPPRESS(__WARNING_DEREF_NULL_PTR) + DesktopName = GET_DESKTOP_NAME(DesktopObject);/// @todo Don't mess around with the object headers! + if (!DesktopName) continue; + + Status = MmCopyToCaller(lpBuffer, DesktopName->Buffer, DesktopName->Length); if (! NT_SUCCESS(Status)) { KeReleaseSpinLock(&WindowStation->Lock, OldLevel); ObDereferenceObject(WindowStation); return Status; } - lpBuffer = (PVOID) ((PCHAR) lpBuffer + ((PUNICODE_STRING)GET_DESKTOP_NAME(DesktopObject))->Length); + lpBuffer = (PVOID) ((PCHAR)lpBuffer + DesktopName->Length); Status = MmCopyToCaller(lpBuffer, &NullWchar, sizeof(WCHAR)); if (! NT_SUCCESS(Status)) {