Author: sir_richard
Date: Thu Mar 11 18:46:15 2010
New Revision: 46103
URL:
http://svn.reactos.org/svn/reactos?rev=46103&view=rev
Log:
[WIN32K]: Stop memory corruption when InstalledDisplayDrivers has more than one driver in
the list. Note that driver loading is inherently broken right now, as the list of drivers
is not parsed properly (this breaks eVb's VGA/VBE driver).
Modified:
trunk/reactos/subsystems/win32/win32k/objects/device.c
Modified: trunk/reactos/subsystems/win32/win32k/objects/device.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/subsystems/win32/win32k/ob…
==============================================================================
--- trunk/reactos/subsystems/win32/win32k/objects/device.c [iso-8859-1] (original)
+++ trunk/reactos/subsystems/win32/win32k/objects/device.c [iso-8859-1] Thu Mar 11
18:46:15 2010
@@ -59,12 +59,37 @@
return TRUE;
}
+
+NTSTATUS
+NTAPI
+EnumDisplayQueryRoutine(IN PWSTR ValueName,
+ IN ULONG ValueType,
+ IN PVOID ValueData,
+ IN ULONG ValueLength,
+ IN PVOID Context,
+ IN PVOID EntryContext)
+{
+ if ((Context == NULL) && ((ValueType == REG_SZ) || (ValueType ==
REG_MULTI_SZ)))
+ {
+ *(PULONG)EntryContext = ValueLength;
+ }
+ else
+ {
+ DPRINT1("Value data: %S %d\n", ValueData, ValueLength);
+ RtlCopyMemory(Context, ValueData, ValueLength);
+ }
+
+ return STATUS_SUCCESS;
+}
+
static BOOL FASTCALL
FindDriverFileNames(PUNICODE_STRING DriverFileNames, ULONG DisplayNumber)
{
RTL_QUERY_REGISTRY_TABLE QueryTable[2];
UNICODE_STRING RegistryPath;
NTSTATUS Status;
+ PWCHAR DriverNames = NULL;
+ ULONG Length = 0;
if (! GetRegistryPath(&RegistryPath, DisplayNumber))
{
@@ -73,23 +98,40 @@
}
RtlZeroMemory(QueryTable, sizeof(QueryTable));
- QueryTable[0].Flags = RTL_QUERY_REGISTRY_REQUIRED | RTL_QUERY_REGISTRY_DIRECT;
+ QueryTable[0].Flags = RTL_QUERY_REGISTRY_REQUIRED | RTL_QUERY_REGISTRY_NOEXPAND;
QueryTable[0].Name = L"InstalledDisplayDrivers";
- QueryTable[0].EntryContext = DriverFileNames;
+ QueryTable[0].EntryContext = &Length;
+ QueryTable[0].QueryRoutine = EnumDisplayQueryRoutine;
Status = RtlQueryRegistryValues(RTL_REGISTRY_ABSOLUTE,
RegistryPath.Buffer,
QueryTable,
NULL,
NULL);
+ // DPRINT1("Status: %lx\n", Status);
+ if (Length)
+ {
+ DriverNames = ExAllocatePool(PagedPool, Length);
+ // DPRINT1("Length allocated: %d\n", Length);
+ Status = RtlQueryRegistryValues(RTL_REGISTRY_ABSOLUTE,
+ RegistryPath.Buffer,
+ QueryTable,
+ DriverNames,
+ NULL);
+ if (!NT_SUCCESS(Status)) DriverNames = NULL;
+ }
+
ExFreePoolWithTag(RegistryPath.Buffer, TAG_RTLREGISTRY);
if (! NT_SUCCESS(Status))
{
DPRINT1("No InstalledDisplayDrivers value in service entry found\n");
return FALSE;
}
-
- DPRINT("DriverFileNames %S\n", DriverFileNames->Buffer);
+
+ RtlInitUnicodeString(DriverFileNames, DriverNames);
+ DriverFileNames->Length = Length;
+ DriverFileNames->MaximumLength = Length;
+ //DPRINT1("DriverFileNames %wZ\n", DriverFileNames);
return TRUE;
}
@@ -301,7 +343,7 @@
continue;
}
- DPRINT("Display driver %S loaded\n", CurrentName);
+ DPRINT1("Display driver %S loaded\n", CurrentName);
ExFreePoolWithTag(DriverFileNames.Buffer, TAG_RTLREGISTRY);