[ros-diffs] [tkreuzer] 51188: [WIN32K] Fix parameter check and buffer probing in NtUserSetSysColors
tkreuzer at svn.reactos.org
tkreuzer at svn.reactos.org
Tue Mar 29 09:52:40 UTC 2011
Author: tkreuzer
Date: Tue Mar 29 09:52:39 2011
New Revision: 51188
URL: http://svn.reactos.org/svn/reactos?rev=51188&view=rev
Log:
[WIN32K]
Fix parameter check and buffer probing in NtUserSetSysColors
Modified:
trunk/reactos/subsystems/win32/win32k/ntuser/ntstubs.c
Modified: trunk/reactos/subsystems/win32/win32k/ntuser/ntstubs.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/subsystems/win32/win32k/ntuser/ntstubs.c?rev=51188&r1=51187&r2=51188&view=diff
==============================================================================
--- trunk/reactos/subsystems/win32/win32k/ntuser/ntstubs.c [iso-8859-1] (original)
+++ trunk/reactos/subsystems/win32/win32k/ntuser/ntstubs.c [iso-8859-1] Tue Mar 29 09:52:39 2011
@@ -539,37 +539,34 @@
FLONG Flags)
{
DWORD Ret = TRUE;
- NTSTATUS Status = STATUS_SUCCESS;
if (cElements == 0)
return TRUE;
+ if ((ULONG)cElements >= 0x40000000)
+ return FALSE;
+
UserEnterExclusive();
+
_SEH2_TRY
{
- ProbeForRead(lpaElements,
- sizeof(INT),
- 1);
- ProbeForRead(lpaRgbValues,
- sizeof(COLORREF),
- 1);
-// Developers: We are thread locked and calling gdi.
+ ProbeForRead(lpaElements, cElements * sizeof(INT), 1);
+ ProbeForRead(lpaRgbValues, cElements * sizeof(COLORREF), 1);
+
IntSetSysColors(cElements, lpaElements, lpaRgbValues);
}
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
{
- Status = _SEH2_GetExceptionCode();
+ SetLastNtError(_SEH2_GetExceptionCode());
+ Ret = FALSE;
}
_SEH2_END;
- if (!NT_SUCCESS(Status))
- {
- SetLastNtError(Status);
- Ret = FALSE;
- }
+
if (Ret)
{
UserSendNotifyMessage(HWND_BROADCAST, WM_SYSCOLORCHANGE, 0, 0);
}
+
UserLeave();
return Ret;
}
More information about the Ros-diffs
mailing list