-
Zhiyi Zhang authored
push_dc_driver() places drivers based on their priorities, so the newly created driver is not necessarily on top. Thus in windrv_CreateDC(), find_dc_driver() should be used to find the DIB driver instead of assuming the DIB driver is the top driver, which could be the path driver because it has a higher priority. The exact wrong code path was: 1. A path driver with priority 400 is created for a DC. 2. windrv_CreateDC() is called to create a window driver for the DC. 3. Then in dibdrv_CreateDC(), push_dc_driver() is called with 'dev' pointing to the top driver, which is the path driver. 4. push_dc_driver() updates 'dev' to point to the address of the next driver because DIB driver has a lower 300 priority. 5. The DIB driver is assigned to 'dev', which is not the original parameter passed into push_dc_driver(). 6. In windrv_CreateDC(), get_dibdrv_pdev(*dev) is called, assuming the top driver is the DIB driver. But actually the top driver that '*dev' points to is still the path driver. The added tests can demonstrate the memory corruption before this fix is applied.
36366f12
| Name |
Last commit
|
Last update |
|---|---|---|
| dlls | ||
| documentation | ||
| fonts | ||
| include | ||
| libs | ||
| loader | ||
| nls | ||
| po | ||
| programs | ||
| server | ||
| tools | ||
| .editorconfig | ||
| .gitlab-ci.yml | ||
| .mailmap | ||
| ANNOUNCE | ||
| AUTHORS | ||
| COPYING.LIB | ||
| LICENSE | ||
| LICENSE.OLD | ||
| MAINTAINERS | ||
| README | ||
| VERSION | ||
| aclocal.m4 | ||
| configure | ||
| configure.ac |