IN ULONG ValueLength,
IN PVOID Buffer)
{
- USHORT ActualLength = (USHORT)ValueLength;
+ USHORT ActualLength;
PUNICODE_STRING ReturnString = Buffer;
PULONG Length = Buffer;
ULONG RealLength;
(ValueType == REG_MULTI_SZ))
{
/* Normalize the length */
- if (ValueLength > MAXUSHORT) ValueLength = MAXUSHORT;
+ if (ValueLength > MAXUSHORT)
+ ActualLength = MAXUSHORT;
+ else
+ ActualLength = (USHORT)ValueLength;
/* Check if the return string has been allocated */
if (!ReturnString->Buffer)
{
/* Prepare defaults */
Status = STATUS_SUCCESS;
- ValueEnd = (PWSTR)((ULONG_PTR)Data + Length) - sizeof(UNICODE_NULL);
+ /* Skip the last two UNICODE_NULL chars (the terminating null string) */
+ ValueEnd = (PWSTR)((ULONG_PTR)Data + Length - 2 * sizeof(UNICODE_NULL));
p = Data;
/* Loop all strings */
Data,
(ULONG)Length,
QueryTable->EntryContext);
- QueryTable->EntryContext = (PVOID)((ULONG_PTR)QueryTable->
- EntryContext +
- sizeof(UNICODE_STRING));
+ QueryTable->EntryContext =
+ (PVOID)((ULONG_PTR)QueryTable->EntryContext +
+ sizeof(UNICODE_STRING));
}
else
{
{
/* This is the good case, where we fit into a string */
Destination.MaximumLength = (USHORT)SpareLength;
- Destination.Buffer[SpareLength / 2 - 1] = UNICODE_NULL;
+ Destination.Buffer[SpareLength / sizeof(WCHAR) - 1] = UNICODE_NULL;
}
else
{
/* We can't fit into a string, so truncate */
Destination.MaximumLength = MAXUSHORT;
- Destination.Buffer[MAXUSHORT / 2 - 1] = UNICODE_NULL;
+ Destination.Buffer[MAXUSHORT / sizeof(WCHAR) - 1] = UNICODE_NULL;
}
/* Expand the strings and set our type as one string */
return (Status == STATUS_BUFFER_TOO_SMALL) ? STATUS_SUCCESS : Status;
}
+_Success_(return!=NULL || BufferSize==0)
+_When_(BufferSize!=NULL,__drv_allocatesMem(Mem))
PVOID
NTAPI
-RtlpAllocDeallocQueryBuffer(IN OUT PSIZE_T BufferSize,
- IN PVOID OldBuffer,
- IN SIZE_T OldBufferSize,
- OUT PNTSTATUS Status)
+RtlpAllocDeallocQueryBuffer(
+ _In_opt_ PSIZE_T BufferSize,
+ _In_opt_ __drv_freesMem(Mem) PVOID OldBuffer,
+ _In_ SIZE_T OldBufferSize,
+ _Out_opt_ _On_failure_(_Post_satisfies_(*Status < 0)) PNTSTATUS Status)
{
PVOID Buffer = NULL;
KeyInfo,
BufferLength,
&ReturnedLength);
- if (NT_SUCCESS(Status))
+ if (NT_SUCCESS(Status) && (KeyInfo != NULL))
{
/* Check if the name fits */
if (KeyInfo->NameLength <= SubKeyName->MaximumLength)
if (KeyValueInfo->Type == REG_MULTI_SZ)
{
/* Add a null-char */
- ((PWCHAR)KeyValueInfo)[ResultLength / 2] = UNICODE_NULL;
+ ((PWCHAR)KeyValueInfo)[ResultLength / sizeof(WCHAR)] = UNICODE_NULL;
KeyValueInfo->DataLength += sizeof(UNICODE_NULL);
}