[ros-diffs] [sir_richard] 46103: [WIN32K]: Stop memory corruption when InstalledDisplayDrivers has more than one driver in the list. Note that driver loading is inherently broken right now, as the list of drivers is not parsed properly (this breaks eVb's VGA/VBE driver).
sir_richard at svn.reactos.org
sir_richard at svn.reactos.org
Thu Mar 11 18:46:15 CET 2010
Author: sir_richard
Date: Thu Mar 11 18:46:15 2010
New Revision: 46103
URL: http://svn.reactos.org/svn/reactos?rev=46103&view=rev
Log:
[WIN32K]: Stop memory corruption when InstalledDisplayDrivers has more than one driver in the list. Note that driver loading is inherently broken right now, as the list of drivers is not parsed properly (this breaks eVb's VGA/VBE driver).
Modified:
trunk/reactos/subsystems/win32/win32k/objects/device.c
Modified: trunk/reactos/subsystems/win32/win32k/objects/device.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/subsystems/win32/win32k/objects/device.c?rev=46103&r1=46102&r2=46103&view=diff
==============================================================================
--- trunk/reactos/subsystems/win32/win32k/objects/device.c [iso-8859-1] (original)
+++ trunk/reactos/subsystems/win32/win32k/objects/device.c [iso-8859-1] Thu Mar 11 18:46:15 2010
@@ -59,12 +59,37 @@
return TRUE;
}
+
+NTSTATUS
+NTAPI
+EnumDisplayQueryRoutine(IN PWSTR ValueName,
+ IN ULONG ValueType,
+ IN PVOID ValueData,
+ IN ULONG ValueLength,
+ IN PVOID Context,
+ IN PVOID EntryContext)
+{
+ if ((Context == NULL) && ((ValueType == REG_SZ) || (ValueType == REG_MULTI_SZ)))
+ {
+ *(PULONG)EntryContext = ValueLength;
+ }
+ else
+ {
+ DPRINT1("Value data: %S %d\n", ValueData, ValueLength);
+ RtlCopyMemory(Context, ValueData, ValueLength);
+ }
+
+ return STATUS_SUCCESS;
+}
+
static BOOL FASTCALL
FindDriverFileNames(PUNICODE_STRING DriverFileNames, ULONG DisplayNumber)
{
RTL_QUERY_REGISTRY_TABLE QueryTable[2];
UNICODE_STRING RegistryPath;
NTSTATUS Status;
+ PWCHAR DriverNames = NULL;
+ ULONG Length = 0;
if (! GetRegistryPath(&RegistryPath, DisplayNumber))
{
@@ -73,23 +98,40 @@
}
RtlZeroMemory(QueryTable, sizeof(QueryTable));
- QueryTable[0].Flags = RTL_QUERY_REGISTRY_REQUIRED | RTL_QUERY_REGISTRY_DIRECT;
+ QueryTable[0].Flags = RTL_QUERY_REGISTRY_REQUIRED | RTL_QUERY_REGISTRY_NOEXPAND;
QueryTable[0].Name = L"InstalledDisplayDrivers";
- QueryTable[0].EntryContext = DriverFileNames;
+ QueryTable[0].EntryContext = &Length;
+ QueryTable[0].QueryRoutine = EnumDisplayQueryRoutine;
Status = RtlQueryRegistryValues(RTL_REGISTRY_ABSOLUTE,
RegistryPath.Buffer,
QueryTable,
NULL,
NULL);
+ // DPRINT1("Status: %lx\n", Status);
+ if (Length)
+ {
+ DriverNames = ExAllocatePool(PagedPool, Length);
+ // DPRINT1("Length allocated: %d\n", Length);
+ Status = RtlQueryRegistryValues(RTL_REGISTRY_ABSOLUTE,
+ RegistryPath.Buffer,
+ QueryTable,
+ DriverNames,
+ NULL);
+ if (!NT_SUCCESS(Status)) DriverNames = NULL;
+ }
+
ExFreePoolWithTag(RegistryPath.Buffer, TAG_RTLREGISTRY);
if (! NT_SUCCESS(Status))
{
DPRINT1("No InstalledDisplayDrivers value in service entry found\n");
return FALSE;
}
-
- DPRINT("DriverFileNames %S\n", DriverFileNames->Buffer);
+
+ RtlInitUnicodeString(DriverFileNames, DriverNames);
+ DriverFileNames->Length = Length;
+ DriverFileNames->MaximumLength = Length;
+ //DPRINT1("DriverFileNames %wZ\n", DriverFileNames);
return TRUE;
}
@@ -301,7 +343,7 @@
continue;
}
- DPRINT("Display driver %S loaded\n", CurrentName);
+ DPRINT1("Display driver %S loaded\n", CurrentName);
ExFreePoolWithTag(DriverFileNames.Buffer, TAG_RTLREGISTRY);
More information about the Ros-diffs
mailing list