{
UNICODE_STRING ustrDevice;
WCHAR awcDevice[CCHDEVICENAME];
- DEVMODEW dmInit;
PVOID dhpdev;
HDC hdc;
+ WORD dmSize, dmDriverExtra;
+ DWORD Size;
+ DEVMODEW * _SEH2_VOLATILE pdmAllocated = NULL;
/* Only if a devicename is given, we need any data */
if (pustrDevice)
/* Copy the string */
RtlCopyUnicodeString(&ustrDevice, pustrDevice);
+ /* Allocate and store pdmAllocated if pdmInit is not NULL */
if (pdmInit)
{
- /* FIXME: could be larger */
- /* According to a comment in Windows SDK the size of the buffer for
- pdm is (pdm->dmSize + pdm->dmDriverExtra) */
ProbeForRead(pdmInit, sizeof(DEVMODEW), 1);
- RtlCopyMemory(&dmInit, pdmInit, sizeof(DEVMODEW));
+
+ dmSize = pdmInit->dmSize;
+ dmDriverExtra = pdmInit->dmDriverExtra;
+ Size = dmSize + dmDriverExtra;
+ ProbeForRead(pdmInit, Size, 1);
+
+ pdmAllocated = ExAllocatePoolWithTag(PagedPool | POOL_RAISE_IF_ALLOCATION_FAILURE,
+ Size,
+ TAG_DC);
+ RtlCopyMemory(pdmAllocated, pdmInit, Size);
+ pdmAllocated->dmSize = dmSize;
+ pdmAllocated->dmDriverExtra = dmDriverExtra;
}
if (pUMdhpdev)
}
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
{
+ if (pdmAllocated)
+ {
+ ExFreePoolWithTag(pdmAllocated, TAG_DC);
+ }
SetLastNtError(_SEH2_GetExceptionCode());
_SEH2_YIELD(return NULL);
}
/* Call the internal function */
hdc = GreOpenDCW(pustrDevice ? &ustrDevice : NULL,
- pdmInit ? &dmInit : NULL,
+ pdmAllocated,
NULL, // FIXME: pwszLogAddress
iType,
bDisplay,
_SEH2_END
}
+ /* Free the allocated */
+ if (pdmAllocated)
+ {
+ ExFreePoolWithTag(pdmAllocated, TAG_DC);
+ }
+
return hdc;
}