Author: hbelusca
Date: Sat Jan 26 19:07:59 2013
New Revision: 58229
URL:
http://svn.reactos.org/svn/reactos?rev=58229&view=rev
Log:
[KERNEL32]
Clean-up IntReadConsoleOutputCode a little bit.
[CONSRV]
Fix a buffer overflow in SrvReadConsoleOutputString, which was translated sometimes into
heap corruption and assert, triggered when freeing a remote captured buffer in csrsrv,
when executing kernel32_winetest console, just during a call to
ReadConsoleOutputCharacterA.
Nevertheless I still keep the culprit code (commented-out now) because it might be useful
in the future.
Modified:
branches/ros-csrss/dll/win32/kernel32/client/console/readwrite.c
branches/ros-csrss/win32ss/user/consrv/conoutput.c
Modified: branches/ros-csrss/dll/win32/kernel32/client/console/readwrite.c
URL:
http://svn.reactos.org/svn/reactos/branches/ros-csrss/dll/win32/kernel32/cl…
==============================================================================
--- branches/ros-csrss/dll/win32/kernel32/client/console/readwrite.c [iso-8859-1]
(original)
+++ branches/ros-csrss/dll/win32/kernel32/client/console/readwrite.c [iso-8859-1] Sat Jan
26 19:07:59 2013
@@ -351,33 +351,26 @@
ReadOutputCodeRequest->CodeType = CodeType;
ReadOutputCodeRequest->ReadCoord = dwReadCoord;
- // while (nLength > 0)
- {
- ReadOutputCodeRequest->NumCodesToRead = nLength;
- // SizeBytes = ReadOutputCodeRequest->NumCodesToRead * CodeSize;
-
- Status = CsrClientCallServer((PCSR_API_MESSAGE)&ApiMessage,
- CaptureBuffer,
- CSR_CREATE_API_NUMBER(CONSRV_SERVERDLL_INDEX,
ConsolepReadConsoleOutputString),
- sizeof(CONSOLE_READOUTPUTCODE));
- if (!NT_SUCCESS(Status) || !NT_SUCCESS(Status = ApiMessage.Status))
- {
- BaseSetLastNTError(Status);
- CsrFreeCaptureBuffer(CaptureBuffer);
- return FALSE;
- }
-
- BytesRead = ReadOutputCodeRequest->CodesRead * CodeSize;
- memcpy(pCode, ReadOutputCodeRequest->pCode.pCode, BytesRead);
- // pCode = (PVOID)((ULONG_PTR)pCode + /*(ULONG_PTR)*/BytesRead);
- // nLength -= ReadOutputCodeRequest->CodesRead;
- // CodesRead += ReadOutputCodeRequest->CodesRead;
-
- ReadOutputCodeRequest->ReadCoord = ReadOutputCodeRequest->EndCoord;
- }
+ ReadOutputCodeRequest->NumCodesToRead = nLength;
+
+ Status = CsrClientCallServer((PCSR_API_MESSAGE)&ApiMessage,
+ CaptureBuffer,
+ CSR_CREATE_API_NUMBER(CONSRV_SERVERDLL_INDEX,
ConsolepReadConsoleOutputString),
+ sizeof(CONSOLE_READOUTPUTCODE));
+ if (!NT_SUCCESS(Status) || !NT_SUCCESS(Status = ApiMessage.Status))
+ {
+ BaseSetLastNTError(Status);
+ CsrFreeCaptureBuffer(CaptureBuffer);
+ return FALSE;
+ }
+
+ BytesRead = ReadOutputCodeRequest->CodesRead * CodeSize;
+ memcpy(pCode, ReadOutputCodeRequest->pCode.pCode, BytesRead);
+
+ ReadOutputCodeRequest->ReadCoord = ReadOutputCodeRequest->EndCoord;
if (lpNumberOfCodesRead != NULL)
- *lpNumberOfCodesRead = /*CodesRead;*/ ReadOutputCodeRequest->CodesRead;
+ *lpNumberOfCodesRead = ReadOutputCodeRequest->CodesRead;
CsrFreeCaptureBuffer(CaptureBuffer);
Modified: branches/ros-csrss/win32ss/user/consrv/conoutput.c
URL:
http://svn.reactos.org/svn/reactos/branches/ros-csrss/win32ss/user/consrv/c…
==============================================================================
--- branches/ros-csrss/win32ss/user/consrv/conoutput.c [iso-8859-1] (original)
+++ branches/ros-csrss/win32ss/user/consrv/conoutput.c [iso-8859-1] Sat Jan 26 19:07:59
2013
@@ -862,20 +862,20 @@
}
}
- switch (CodeType)
- {
- case CODE_UNICODE:
- *(PWCHAR)ReadBuffer = 0;
- break;
-
- case CODE_ASCII:
- *(PCHAR)ReadBuffer = 0;
- break;
-
- case CODE_ATTRIBUTE:
- *(PWORD)ReadBuffer = 0;
- break;
- }
+ // switch (CodeType)
+ // {
+ // case CODE_UNICODE:
+ // *(PWCHAR)ReadBuffer = 0;
+ // break;
+
+ // case CODE_ASCII:
+ // *(PCHAR)ReadBuffer = 0;
+ // break;
+
+ // case CODE_ATTRIBUTE:
+ // *(PWORD)ReadBuffer = 0;
+ // break;
+ // }
ReadOutputCodeRequest->EndCoord.X = Xpos;
ReadOutputCodeRequest->EndCoord.Y = (Ypos - Buff->VirtualY + Buff->MaxY) %
Buff->MaxY;