[ros-diffs] [tkreuzer] 48437: [WIN32K] Protect access to the result pointer from KeUserModeCallback with SEH. Fixes a possible kernel mode crash.
tkreuzer at svn.reactos.org
tkreuzer at svn.reactos.org
Tue Aug 3 21:36:40 UTC 2010
Author: tkreuzer
Date: Tue Aug 3 21:36:39 2010
New Revision: 48437
URL: http://svn.reactos.org/svn/reactos?rev=48437&view=rev
Log:
[WIN32K]
Protect access to the result pointer from KeUserModeCallback with SEH. Fixes a possible kernel mode crash.
Modified:
trunk/reactos/subsystems/win32/win32k/ntuser/callback.c
Modified: trunk/reactos/subsystems/win32/win32k/ntuser/callback.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/subsystems/win32/win32k/ntuser/callback.c?rev=48437&r1=48436&r2=48437&view=diff
==============================================================================
--- trunk/reactos/subsystems/win32/win32k/ntuser/callback.c [iso-8859-1] (original)
+++ trunk/reactos/subsystems/win32/win32k/ntuser/callback.c [iso-8859-1] Tue Aug 3 21:36:39 2010
@@ -267,7 +267,16 @@
if (NT_SUCCESS(Status))
{
/* Simulate old behaviour: copy into our local buffer */
- Result = *(LRESULT*)ResultPointer;
+ _SEH2_TRY
+ {
+ ProbeForRead(ResultPointer, sizeof(LRESULT), 1);
+ Result = *(LRESULT*)ResultPointer;
+ }
+ _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
+ {
+ Result = 0;
+ }
+ _SEH2_END
}
UserEnterCo();
More information about the Ros-diffs
mailing list