Author: tfaber
Date: Sun Nov 6 14:23:39 2011
New Revision: 54315
URL: http://svn.reactos.org/svn/reactos?rev=54315&view=rev
Log:
[SERVICES]
- Use FIELD_OFFSET for variable-length structure sizes
- Handle an invalid parameter condition in RCreateServiceW. Fixes an
advapi32:service test
- Do not dereference a NULL-pointer on out-of-memory
Modified:
trunk/reactos/base/system/services/database.c
trunk/reactos/base/system/services/rpcserver.c
Modified: trunk/reactos/base/system/services/database.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/base/system/services/database.c?rev=54315&r1=54314&r2=54315&view=diff
==============================================================================
--- trunk/reactos/base/system/services/database.c [iso-8859-1] (original)
+++ trunk/reactos/base/system/services/database.c [iso-8859-1] Sun Nov 6
14:23:39 2011
@@ -193,7 +193,7 @@
/* Create a new service image */
pServiceImage = HeapAlloc(GetProcessHeap(),
HEAP_ZERO_MEMORY,
- sizeof(SERVICE_IMAGE) +
((wcslen(ImagePath.Buffer) + 1) * sizeof(WCHAR)));
+ FIELD_OFFSET(SERVICE_IMAGE,
szImagePath[wcslen(ImagePath.Buffer) + 1]));
if (pServiceImage == NULL)
{
dwError = ERROR_NOT_ENOUGH_MEMORY;
@@ -368,7 +368,7 @@
/* Allocate service entry */
lpService = HeapAlloc(GetProcessHeap(),
HEAP_ZERO_MEMORY,
- sizeof(SERVICE) + ((wcslen(lpServiceName) + 1) *
sizeof(WCHAR)));
+ FIELD_OFFSET(SERVICE,
szServiceName[wcslen(lpServiceName) + 1]));
if (lpService == NULL)
return ERROR_NOT_ENOUGH_MEMORY;
Modified: trunk/reactos/base/system/services/rpcserver.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/base/system/services/rpcserver.c?rev=54315&r1=54314&r2=54315&view=diff
==============================================================================
--- trunk/reactos/base/system/services/rpcserver.c [iso-8859-1] (original)
+++ trunk/reactos/base/system/services/rpcserver.c [iso-8859-1] Sun Nov 6
14:23:39 2011
@@ -155,7 +155,7 @@
Ptr = HeapAlloc(GetProcessHeap(),
HEAP_ZERO_MEMORY,
- sizeof(MANAGER_HANDLE) + (wcslen(lpDatabaseName) + 1) *
sizeof(WCHAR));
+ FIELD_OFFSET(MANAGER_HANDLE,
DatabaseName[wcslen(lpDatabaseName) + 1]));
if (Ptr == NULL)
return ERROR_NOT_ENOUGH_MEMORY;
@@ -1999,6 +1999,12 @@
return ERROR_INVALID_PARAMETER;
}
+ if ((dwServiceType & SERVICE_KERNEL_DRIVER) &&
+ (dwServiceType & SERVICE_FILE_SYSTEM_DRIVER))
+ {
+ return ERROR_INVALID_PARAMETER;
+ }
+
if ((dwServiceType == (SERVICE_WIN32_OWN_PROCESS |
SERVICE_INTERACTIVE_PROCESS)) &&
(lpServiceStartName))
{
@@ -2267,9 +2273,12 @@
}
else
{
- /* Release the display name buffer */
- if (lpService->lpServiceName != NULL)
+ if (lpService != NULL &&
+ lpService->lpServiceName != NULL)
+ {
+ /* Release the display name buffer */
HeapFree(GetProcessHeap(), 0, lpService->lpDisplayName);
+ }
if (hServiceHandle)
{
@@ -2366,7 +2375,7 @@
(dwServicesReturned + 1) * sizeof(PSERVICE));
if (!lpServicesArray)
{
- DPRINT("Could not allocate a buffer!!\n");
+ DPRINT1("Could not allocate a buffer!!\n");
dwError = ERROR_NOT_ENOUGH_MEMORY;
goto Done;
}
@@ -4550,8 +4559,8 @@
dwLength = (strlen(Info.lpDescription) + 1) * sizeof(WCHAR);
lpServiceDescriptonW = HeapAlloc(GetProcessHeap(),
- 0,
- dwLength +
sizeof(SERVICE_DESCRIPTIONW));
+ 0,
+ dwLength +
sizeof(SERVICE_DESCRIPTIONW));
if (!lpServiceDescriptonW)
{
return ERROR_NOT_ENOUGH_MEMORY;
