[ros-diffs] [greatlrd] 26860: Fixing another memory crash bug this time for GetFourCCCodes

Mon May 21 22:51:56 CEST 2007

Author: greatlrd
Date: Tue May 22 00:51:55 2007
New Revision: 26860

URL: http://svn.reactos.org/svn/reactos?rev=26860&view=rev
Log:
Fixing another memory crash bug this time for GetFourCCCodes

Modified:
    trunk/reactos/dll/directx/ddraw/Ddraw/ddraw_main.c
    trunk/reactos/dll/directx/ddraw/startup.c

Modified: trunk/reactos/dll/directx/ddraw/Ddraw/ddraw_main.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/directx/ddraw/Ddraw/ddraw_main.c?rev=26860&r1=26859&r2=26860&view=diff
==============================================================================

--- trunk/reactos/dll/directx/ddraw/Ddraw/ddraw_main.c (original)
+++ trunk/reactos/dll/directx/ddraw/Ddraw/ddraw_main.c Tue May 22 00:51:55 2007
@@ -146,28 +146,31 @@
 Main_DirectDraw_GetFourCCCodes(LPDIRECTDRAW7 iface, LPDWORD lpNumCodes, LPDWORD lpCodes)
 {
     LPDDRAWI_DIRECTDRAW_INT This = (LPDDRAWI_DIRECTDRAW_INT)iface;
+    HRESULT retVal = DD_OK;
+
     DX_WINDBG_trace();
 
     /* FIXME protect with SEH or something else if lpCodes or lpNumCodes for bad user pointers */
     EnterCriticalSection(&ddcs);
 
-   if(!lpNumCodes)
-   {
-      LeaveCriticalSection(&ddcs);
-      return DDERR_INVALIDPARAMS;
-   }
-
-   if(lpCodes)
-   {
-      memcpy(lpCodes, This->lpLcl->lpGbl->lpdwFourCC, sizeof(DWORD)* min(This->lpLcl->lpGbl->dwNumFourCC, *lpNumCodes));
-   }
-   else
-   {
-      *lpNumCodes = This->lpLcl->lpGbl->dwNumFourCC;
-   }
+    if(!lpNumCodes)
+    {
+       retVal = DDERR_INVALIDPARAMS;
+    }
+    else
+    {
+       if ((lpCodes) && (*lpCodes))
+       {
+            memcpy(lpCodes, This->lpLcl->lpGbl->lpdwFourCC, sizeof(DWORD)* min(This->lpLcl->lpGbl->dwNumFourCC, *lpNumCodes));
+       }
+       else
+       {
+            *lpNumCodes = This->lpLcl->lpGbl->dwNumFourCC;
+       }
+    }
 
     LeaveCriticalSection(&ddcs);
-    return DD_OK;
+    return retVal;
 }
 
 HRESULT WINAPI 

Modified: trunk/reactos/dll/directx/ddraw/startup.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/directx/ddraw/startup.c?rev=26860&r1=26859&r2=26860&view=diff
==============================================================================
--- trunk/reactos/dll/directx/ddraw/startup.c (original)
+++ trunk/reactos/dll/directx/ddraw/startup.c Tue May 22 00:51:55 2007
@@ -188,7 +188,7 @@
 
     if (reenable == FALSE)
     {
-        if (This->lpLink == NULL)
+        if ((!IsBadReadPtr(This->lpLink,sizeof(LPDIRECTDRAW))) && (This->lpLink == NULL))
         {
             RtlZeroMemory(&ddgbl, sizeof(DDRAWI_DIRECTDRAW_GBL));
             This->lpLcl->lpGbl->dwRefCnt++;
@@ -470,6 +470,8 @@
       // FIXME Close DX fristcall and second call
       return DD_FALSE;
     }
+    
+    DX_STUB_str("Here\n");
 
     /* Alloc mpFourCC */
     mpFourCC = NULL;


