From dfce6bb843eb7241bd5f10ca34f3d43dd97c68de Mon Sep 17 00:00:00 2001 From: Timo Kreuzer Date: Sun, 22 Aug 2010 22:44:36 +0000 Subject: [PATCH] [WIN32K] - When doing a cleanup for a DC, check, if the default brushes are set, before dereferencing them. Fixes a possible kernel mode crash. - Remove some obsolete casts svn path=/trunk/; revision=48595 --- reactos/subsystems/win32/win32k/objects/dclife.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/reactos/subsystems/win32/win32k/objects/dclife.c b/reactos/subsystems/win32/win32k/objects/dclife.c index a766d7d9706..8e7e223900d 100644 --- a/reactos/subsystems/win32/win32k/objects/dclife.c +++ b/reactos/subsystems/win32/win32k/objects/dclife.c @@ -165,8 +165,10 @@ DC_Cleanup(PVOID ObjectBody) DC_vSelectPalette(pDC, NULL); /* Dereference default brushes */ - BRUSH_ShareUnlockBrush(pDC->eboText.pbrush); - BRUSH_ShareUnlockBrush(pDC->eboBackground.pbrush); + if (pDC->eboText.pbrush) + BRUSH_ShareUnlockBrush(pDC->eboText.pbrush); + if (pDC->eboBackground.pbrush) + BRUSH_ShareUnlockBrush(pDC->eboBackground.pbrush); /* Cleanup the dc brushes */ EBRUSHOBJ_vCleanup(&pDC->eboFill); @@ -205,12 +207,12 @@ DC_SetOwnership(HDC hDC, PEPROCESS Owner) } if (pDC->prgnVis) { // FIXME! HAX!!! - Index = GDI_HANDLE_GET_INDEX(((PROSRGNDATA)pDC->prgnVis)->BaseObject.hHmgr); + Index = GDI_HANDLE_GET_INDEX(pDC->prgnVis->BaseObject.hHmgr); Entry = &GdiHandleTable->Entries[Index]; if (Entry->UserData) FreeObjectAttr(Entry->UserData); Entry->UserData = NULL; // - if (!GDIOBJ_SetOwnership(((PROSRGNDATA)pDC->prgnVis)->BaseObject.hHmgr, Owner)) return FALSE; + if (!GDIOBJ_SetOwnership(pDC->prgnVis->BaseObject.hHmgr, Owner)) return FALSE; } if (pDC->rosdc.hGCClipRgn) { // FIXME! HAX!!! -- 2.17.1