[ros-diffs] [khornicek] 62684: [DESK] - fix a bunch of buffer overruns, negative array index accesses and uninitialized variables CID #1102296 CID #501468 CID #716755 CID #716756 CID #1102323

khornicek Mon, 07 Apr 2014 16:37:30 -0700

Author: khornicek
Date: Mon Apr  7 23:36:39 2014
New Revision: 62684

URL: http://svn.reactos.org/svn/reactos?rev=62684&view=rev
Log:
[DESK]
- fix a bunch of buffer overruns, negative array index accesses and 
uninitialized variables
CID #1102296
CID #501468
CID #716755
CID #716756
CID #1102323


Modified:
    trunk/reactos/dll/cpl/desk/advappdlg.c
    trunk/reactos/dll/cpl/desk/draw.c
    trunk/reactos/dll/cpl/desk/general.c
    trunk/reactos/dll/cpl/desk/screensaver.c

Modified: trunk/reactos/dll/cpl/desk/advappdlg.c
URL: 
http://svn.reactos.org/svn/reactos/trunk/reactos/dll/cpl/desk/advappdlg.c?rev=62684&r1=62683&r2=62684&view=diff
==============================================================================
--- trunk/reactos/dll/cpl/desk/advappdlg.c      [iso-8859-1] (original)
+++ trunk/reactos/dll/cpl/desk/advappdlg.c      [iso-8859-1] Mon Apr  7 
23:36:39 2014
@@ -275,7 +275,7 @@
         plfFont->lfHeight = -MulDiv(GetDlgItemInt(hwndDlg, 
IDC_ADVAPPEARANCE_FONTSIZE_E, &bTranslated, FALSE), GetDeviceCaps(hdcDlg, 
LOGPIXELSY), 72);
         plfFont->lfWeight = (SendDlgItemMessage(hwndDlg, 
IDC_ADVAPPEARANCE_FONTBOLD, BM_GETCHECK, 0, 0) == 1) ? FW_BOLD : FW_NORMAL;
         plfFont->lfItalic = (BYTE)SendDlgItemMessage(hwndDlg, 
IDC_ADVAPPEARANCE_FONTITALIC, BM_GETCHECK, 0, 0);
-        GetDlgItemText(hwndDlg, IDC_ADVAPPEARANCE_FONT_C, plfFont->lfFaceName, 
LF_FACESIZE * sizeof(TCHAR));
+        GetDlgItemText(hwndDlg, IDC_ADVAPPEARANCE_FONT_C, plfFont->lfFaceName, 
LF_FACESIZE);
     }
 
     ReleaseDC(hwndDlg, hdcDlg);

Modified: trunk/reactos/dll/cpl/desk/draw.c
URL: 
http://svn.reactos.org/svn/reactos/trunk/reactos/dll/cpl/desk/draw.c?rev=62684&r1=62683&r2=62684&view=diff
==============================================================================
--- trunk/reactos/dll/cpl/desk/draw.c   [iso-8859-1] (original)
+++ trunk/reactos/dll/cpl/desk/draw.c   [iso-8859-1] Mon Apr  7 23:36:39 2014
@@ -69,6 +69,8 @@
     int LTpenplus = 0;
     int RTpenplus = 0;
     int RBpenplus = 0;
+    HBRUSH hbr;
+
     /* Init some vars */
     LTInnerPen = LTOuterPen = RBInnerPen = RBOuterPen = 
(HPEN)GetStockObject(NULL_PEN);
     SavePen = (HPEN)SelectObject(hdc, LTInnerPen);
@@ -88,76 +90,84 @@
     if((uFlags & BF_TOPLEFT) == BF_TOPLEFT)
         LTpenplus = 1;
 
+    if((uFlags & MY_BF_ACTIVEBORDER))
+        hbr = CreateSolidBrush(scheme->crColor[COLOR_ACTIVEBORDER]);
+    else
+        hbr = CreateSolidBrush(scheme->crColor[COLOR_BTNFACE]);
+
+    FillRect(hdc, &InnerRect, hbr);
+    DeleteObject(hbr);
+
+    MoveToEx(hdc, 0, 0, &SavePoint);
+
+    /* Draw the outer edge */
+    if(LTOuterI != -1)
+    {
+        LTOuterPen = GetStockObject(DC_PEN);
+        SelectObject(hdc, LTOuterPen);
+        SetDCPenColor(hdc, scheme->crColor[LTOuterI]);
+        if(uFlags & BF_TOP)
+        {
+            MoveToEx(hdc, InnerRect.left, InnerRect.top, NULL);
+            LineTo(hdc, InnerRect.right, InnerRect.top);
+        }
+        if(uFlags & BF_LEFT)
+        {
+            MoveToEx(hdc, InnerRect.left, InnerRect.top, NULL);
+            LineTo(hdc, InnerRect.left, InnerRect.bottom);
+        }
+    }
+
+    if(RBOuterI != -1)
+    {
+        RBOuterPen = GetStockObject(DC_PEN);
+        SelectObject(hdc, RBOuterPen);
+        SetDCPenColor(hdc, scheme->crColor[RBOuterI]);
+        if(uFlags & BF_BOTTOM)
+        {
+            MoveToEx(hdc, InnerRect.left, InnerRect.bottom-1, NULL);
+            LineTo(hdc, InnerRect.right, InnerRect.bottom-1);
+        }
+        if(uFlags & BF_RIGHT)
+        {
+            MoveToEx(hdc, InnerRect.right-1, InnerRect.top, NULL);
+            LineTo(hdc, InnerRect.right-1, InnerRect.bottom);
+        }
+    }
+
+    /* Draw the inner edge */
     if(LTInnerI != -1)
+    {
         LTInnerPen = GetStockObject(DC_PEN);
-    if(LTOuterI != -1)
-        LTOuterPen = GetStockObject(DC_PEN);
+        SelectObject(hdc, LTInnerPen);
+        SetDCPenColor(hdc, scheme->crColor[LTInnerI]);
+        if(uFlags & BF_TOP)
+        {
+            MoveToEx(hdc, InnerRect.left+LTpenplus, InnerRect.top+1, NULL);
+            LineTo(hdc, InnerRect.right-RTpenplus, InnerRect.top+1);
+        }
+        if(uFlags & BF_LEFT)
+        {
+            MoveToEx(hdc, InnerRect.left+1, InnerRect.top+LTpenplus, NULL);
+            LineTo(hdc, InnerRect.left+1, InnerRect.bottom-LBpenplus);
+        }
+    }
+
     if(RBInnerI != -1)
+    {
         RBInnerPen = GetStockObject(DC_PEN);
-    if(RBOuterI != -1)
-        RBOuterPen = GetStockObject(DC_PEN);
-    {
-        HBRUSH hbr;
-
-        if((uFlags & MY_BF_ACTIVEBORDER))
-            hbr = CreateSolidBrush(scheme->crColor[COLOR_ACTIVEBORDER]);
-        else
-            hbr = CreateSolidBrush(scheme->crColor[COLOR_BTNFACE]);
-        FillRect(hdc, &InnerRect, hbr);
-        DeleteObject(hbr);
-    }
-    MoveToEx(hdc, 0, 0, &SavePoint);
-
-    /* Draw the outer edge */
-    SelectObject(hdc, LTOuterPen);
-    SetDCPenColor(hdc, scheme->crColor[LTOuterI]);
-    if(uFlags & BF_TOP)
-    {
-        MoveToEx(hdc, InnerRect.left, InnerRect.top, NULL);
-        LineTo(hdc, InnerRect.right, InnerRect.top);
-    }
-    if(uFlags & BF_LEFT)
-    {
-        MoveToEx(hdc, InnerRect.left, InnerRect.top, NULL);
-        LineTo(hdc, InnerRect.left, InnerRect.bottom);
-    }
-    SelectObject(hdc, RBOuterPen);
-    SetDCPenColor(hdc, scheme->crColor[RBOuterI]);
-    if(uFlags & BF_BOTTOM)
-    {
-        MoveToEx(hdc, InnerRect.left, InnerRect.bottom-1, NULL);
-        LineTo(hdc, InnerRect.right, InnerRect.bottom-1);
-    }
-    if(uFlags & BF_RIGHT)
-    {
-        MoveToEx(hdc, InnerRect.right-1, InnerRect.top, NULL);
-        LineTo(hdc, InnerRect.right-1, InnerRect.bottom);
-    }
-
-    /* Draw the inner edge */
-    SelectObject(hdc, LTInnerPen);
-    SetDCPenColor(hdc, scheme->crColor[LTInnerI]);
-    if(uFlags & BF_TOP)
-    {
-        MoveToEx(hdc, InnerRect.left+LTpenplus, InnerRect.top+1, NULL);
-        LineTo(hdc, InnerRect.right-RTpenplus, InnerRect.top+1);
-    }
-    if(uFlags & BF_LEFT)
-    {
-        MoveToEx(hdc, InnerRect.left+1, InnerRect.top+LTpenplus, NULL);
-        LineTo(hdc, InnerRect.left+1, InnerRect.bottom-LBpenplus);
-    }
-    SelectObject(hdc, RBInnerPen);
-    SetDCPenColor(hdc, scheme->crColor[RBInnerI]);
-    if(uFlags & BF_BOTTOM)
-    {
-        MoveToEx(hdc, InnerRect.left+LBpenplus, InnerRect.bottom-2, NULL);
-        LineTo(hdc, InnerRect.right-RBpenplus, InnerRect.bottom-2);
-    }
-    if(uFlags & BF_RIGHT)
-    {
-        MoveToEx(hdc, InnerRect.right-2, InnerRect.top+RTpenplus, NULL);
-        LineTo(hdc, InnerRect.right-2, InnerRect.bottom-RBpenplus);
+        SelectObject(hdc, RBInnerPen);
+        SetDCPenColor(hdc, scheme->crColor[RBInnerI]);
+        if(uFlags & BF_BOTTOM)
+        {
+            MoveToEx(hdc, InnerRect.left+LBpenplus, InnerRect.bottom-2, NULL);
+            LineTo(hdc, InnerRect.right-RBpenplus, InnerRect.bottom-2);
+        }
+        if(uFlags & BF_RIGHT)
+        {
+            MoveToEx(hdc, InnerRect.right-2, InnerRect.top+RTpenplus, NULL);
+            LineTo(hdc, InnerRect.right-2, InnerRect.bottom-RBpenplus);
+        }
     }
 
     if (uFlags & BF_ADJUST)
@@ -245,6 +255,8 @@
     case DFCS_CAPTIONRESTORE:
         Symbol = '2';
         break;
+    default:
+        return FALSE;
     }
     MyIntDrawRectEdge(dc, r, (uFlags & DFCS_PUSHED) ? EDGE_SUNKEN : 
EDGE_RAISED, BF_RECT | BF_MIDDLE | BF_SOFT, scheme);
     ZeroMemory(&lf, sizeof(LOGFONT));
@@ -313,6 +325,9 @@
     case DFCS_SCROLLRIGHT:
         Symbol = '4';
         break;
+
+    default:
+        return FALSE;
     }
     MyIntDrawRectEdge(dc, r, (uFlags & DFCS_PUSHED) ? EDGE_SUNKEN : 
EDGE_RAISED, (uFlags&DFCS_FLAT) | BF_MIDDLE | BF_RECT, scheme);
     ZeroMemory(&lf, sizeof(LOGFONT));

Modified: trunk/reactos/dll/cpl/desk/general.c
URL: 
http://svn.reactos.org/svn/reactos/trunk/reactos/dll/cpl/desk/general.c?rev=62684&r1=62683&r2=62684&view=diff
==============================================================================
--- trunk/reactos/dll/cpl/desk/general.c        [iso-8859-1] (original)
+++ trunk/reactos/dll/cpl/desk/general.c        [iso-8859-1] Mon Apr  7 
23:36:39 2014
@@ -33,7 +33,7 @@
                 TCHAR Buffer[LINE_LEN];
                 TCHAR Desc[LINE_LEN];
 
-                if (SetupGetStringField(&Context, 0, Buffer, sizeof(Buffer), 
NULL) &&
+                if (SetupGetStringField(&Context, 0, Buffer, sizeof(Buffer) / 
sizeof(TCHAR), NULL) &&
                     SetupGetIntField(&Context, 1, &ci))
                 {
                     _stprintf(Desc, _T("%s (%d DPI)"), Buffer, ci);

Modified: trunk/reactos/dll/cpl/desk/screensaver.c
URL: 
http://svn.reactos.org/svn/reactos/trunk/reactos/dll/cpl/desk/screensaver.c?rev=62684&r1=62683&r2=62684&view=diff
==============================================================================
--- trunk/reactos/dll/cpl/desk/screensaver.c    [iso-8859-1] (original)
+++ trunk/reactos/dll/cpl/desk/screensaver.c    [iso-8859-1] Mon Apr  7 
23:36:39 2014
@@ -340,7 +340,6 @@
 
     ScreenSaverCount = pData->ScreenSaverCount;
 
-    
     hr = StringCbCopy(szSearchPath, sizeof(szSearchPath), pszSearchPath);
     if (FAILED(hr))
         return;

[ros-diffs] [khornicek] 62684: [DESK] - fix a bunch of buffer overruns, negative array index accesses and uninitialized variables CID #1102296 CID #501468 CID #716755 CID #716756 CID #1102323

Reply via email to