[ros-dev] Re : [ros-diffs] [jimtabor] 44902: [Win32k] - Patch by Dan Kegel: Fix minor read buffer overrun in CombineRgn. http://bugs.winehq.org/show_bug.cgi?id=20851 - When locking and unlocking regions, use probe to check attribute space first before read or write access.

[Sylvain Petreolle]

Well, it seems James committed more than the original patch,
which is a one liner.

--- a/dlls/gdi32/region.c
+++ b/dlls/gdi32/region.c
@@ -2216,7 +2216,8 @@ static BOOL REGION_SubtractO (WINEREGION *pReg, RECT *r1, RECT *r1End,
                 if (!add_rect( pReg, left, top, r1->right, bottom )) return FALSE;
            }
            r1++;
-           left = r1->left;
+           if (r1 != r1End)
+               left = r1->left;
        }
     }


 Kind regards,
Sylvain Petreolle



----- Message d'origine ----
> De : Timo Kreuzer <timo.kreuzer at web.de>
> À : ros-dev at reactos.org
> Envoyé le : Dim 3 Janvier 2010, 10 h 26 min 55 s
> Objet : Re: [ros-dev] [ros-diffs] [jimtabor] 44902: [Win32k] - Patch by Dan Kegel: Fix minor read buffer overrun in CombineRgn. http://bugs.winehq.org/show_bug.cgi?id=20851 - When locking and unlocking regions, use probe to check attribute space first before read or write access.
> 
> 
> Why the KeEnterCriticalRegion?
> 
> jimtabor at svn.reactos.org wrote:
> > -             if (pAttr) FreeObjectAttr(pAttr);
> > +             if (pAttr)
> > +             {
> > +                KeEnterCriticalRegion();
> > +                FreeObjectAttr(pAttr);
> > +                KeLeaveCriticalRegion();
> > +             }
> >               break;
> >  
> 
> 
> _______________________________________________
> Ros-dev mailing list
> Ros-dev at reactos.org
> http://www.reactos.org/mailman/listinfo/ros-dev