[ros-diffs] [greatlrd] 33415: fixing a memory overwrite bug I miskate intrudes the private size of stackobject list contain 22 object, and we do not want mix up the private size and the user mode size for different version.

Sat May 10 20:07:42 CEST 2008

Author: greatlrd
Date: Sat May 10 13:07:41 2008
New Revision: 33415

URL: http://svn.reactos.org/svn/reactos?rev=33415&view=rev
Log:
fixing a memory overwrite bug I miskate intrudes 
the private size of stackobject list contain 22 object, and we do not want mix up the private size and the user mode size for different version. 

Modified:
    trunk/reactos/subsystems/win32/win32k/include/object.h
    trunk/reactos/subsystems/win32/win32k/objects/stockobj.c

Modified: trunk/reactos/subsystems/win32/win32k/include/object.h
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/subsystems/win32/win32k/include/object.h?rev=33415&r1=33414&r2=33415&view=diff
==============================================================================

--- trunk/reactos/subsystems/win32/win32k/include/object.h [iso-8859-1] (original)
+++ trunk/reactos/subsystems/win32/win32k/include/object.h [iso-8859-1] Sat May 10 13:07:41 2008
@@ -8,6 +8,10 @@
 #define FIRST_USER_HANDLE 0x0020  /* first possible value for low word of user handle */
 #define LAST_USER_HANDLE  0xffef  /* last possible value for low word of user handle */
 
+/* Comments from reserve two extra entry for the stock default bitmap  this is what Windows does too 
+ * and verify if it is true it is not. in XP/2003 it is 22 stockobjects for each bitmap
+ */
+#define PRV_STOCK_LAST 22
 
 #define USER_HEADER_TO_BODY(ObjectHeader) \
   ((PVOID)(((PUSER_OBJECT_HEADER)ObjectHeader) + 1))

Modified: trunk/reactos/subsystems/win32/win32k/objects/stockobj.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/subsystems/win32/win32k/objects/stockobj.c?rev=33415&r1=33414&r2=33415&view=diff
==============================================================================
--- trunk/reactos/subsystems/win32/win32k/objects/stockobj.c [iso-8859-1] (original)
+++ trunk/reactos/subsystems/win32/win32k/objects/stockobj.c [iso-8859-1] Sat May 10 13:07:41 2008
@@ -107,10 +107,10 @@
 { 11, 0, 0, 0, FW_NORMAL, FALSE, FALSE, FALSE, ANSI_CHARSET,
   0, 0, DEFAULT_QUALITY, VARIABLE_PITCH | FF_SWISS, L"MS Sans Serif" }; //Bitstream Vera Sans
 
-/* Comments from wine reserve two extra entry for the stock default bitmap  this is what Windows does too 
- * and verify if it it is true it is not. in XP/2003 it is 22 stockobjects for each bitmap
+/* Comments from reserve two extra entry for the stock default bitmap  this is what Windows does too 
+ * and verify if it is true it is not. in XP/2003 it is 22 stockobjects for each bitmap
  */
-#define NB_STOCK_OBJECTS (STOCK_LAST + 3)
+#define NB_STOCK_OBJECTS (PRV_STOCK_LAST)
 
 static HGDIOBJ StockObjects[NB_STOCK_OBJECTS];
 
@@ -139,6 +139,7 @@
   StockObjects[DC_PEN]    = IntGdiExtCreatePen(BlackPen.lopnStyle, BlackPen.lopnWidth.x, BS_SOLID, BlackPen.lopnColor, 0, 0, 0, NULL, 0, TRUE, NULL);
   StockObjects[NULL_PEN] = IntGdiExtCreatePen(NullPen.lopnStyle, NullPen.lopnWidth.x, BS_SOLID, NullPen.lopnColor, 0, 0, 0, NULL, 0, TRUE, NULL);
 
+  StockObjects[20] = NULL;
   StockObjects[DC_BITMAP] = IntGdiCreateBitmap (1, 1, 1, 1, NULL);
 
   (void) TextIntCreateFontIndirect(&OEMFixedFont, (HFONT*)&StockObjects[OEM_FIXED_FONT]);

