[tfaber] 54401: [ATL] - Fix buffer overflow in CComDynamicUnkArray::Add. Found by Coverity (CID 2474) [NDK] - Remove meaningless const attribute from pointer rvalues to make Coverity's life easier
16 Nov
2011
16 Nov
'11
9:17 p.m.
Author: tfaber
Date: Wed Nov 16 21:17:38 2011
New Revision: 54401
URL: http://svn.reactos.org/svn/reactos?rev=54401&view=rev
Log:
[ATL] - Fix buffer overflow in CComDynamicUnkArray::Add. Found by Coverity (CID 2474)
[NDK] - Remove meaningless const attribute from pointer rvalues to make Coverity's
life easier
Modified:
trunk/reactos/include/ndk/i386/ketypes.h
trunk/reactos/include/ndk/ketypes.h
trunk/reactos/lib/atl/atlcom.h
Modified: trunk/reactos/include/ndk/i386/ketypes.h
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/include/ndk/i386/ketypes.h…
==============================================================================
--- trunk/reactos/include/ndk/i386/ketypes.h [iso-8859-1] (original)
+++ trunk/reactos/include/ndk/i386/ketypes.h [iso-8859-1] Wed Nov 16 21:17:38 2011
@@ -27,10 +27,10 @@
// KPCR Access for non-IA64 builds
//
#define K0IPCR ((ULONG_PTR)(KIP0PCRADDRESS))
-#define PCR ((KPCR * const)K0IPCR)
+#define PCR ((KPCR *)K0IPCR)
#if defined(CONFIG_SMP) || defined(NT_BUILD)
#undef KeGetPcr
-#define KeGetPcr() ((KPCR * const)__readfsdword(FIELD_OFFSET(KPCR,
SelfPcr)))
+#define KeGetPcr() ((KPCR *)__readfsdword(FIELD_OFFSET(KPCR, SelfPcr)))
#endif
//
Modified: trunk/reactos/include/ndk/ketypes.h
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/include/ndk/ketypes.h?rev=…
==============================================================================
--- trunk/reactos/include/ndk/ketypes.h [iso-8859-1] (original)
+++ trunk/reactos/include/ndk/ketypes.h [iso-8859-1] Wed Nov 16 21:17:38 2011
@@ -128,7 +128,7 @@
//
// Dereferencable pointer to KUSER_SHARED_DATA in User-Mode
//
-#define SharedUserData ((KUSER_SHARED_DATA *CONST)USER_SHARED_DATA)
+#define SharedUserData ((KUSER_SHARED_DATA *)USER_SHARED_DATA)
//
// Maximum WOW64 Entries in KUSER_SHARED_DATA
Modified: trunk/reactos/lib/atl/atlcom.h
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/lib/atl/atlcom.h?rev=54401…
==============================================================================
--- trunk/reactos/lib/atl/atlcom.h [iso-8859-1] (original)
+++ trunk/reactos/lib/atl/atlcom.h [iso-8859-1] Wed Nov 16 21:17:38 2011
@@ -849,9 +849,10 @@
return 0;
m_ppUnk = newArray;
memset(&m_ppUnk[m_nSize], 0, (newSize - m_nSize) * sizeof(IUnknown *));
+ curCookie = m_nSize + 1;
m_nSize = newSize;
- m_ppUnk[m_nSize] = pUnk;
- return m_nSize + 1;
+ m_ppUnk[curCookie - 1] = pUnk;
+ return curCookie;
}
BOOL Remove(DWORD dwCookie)
4746
days inactive
4746
days old
0 comments
1 participants
participants (1)
-
tfaber@svn.reactos.org