[PATCH v2 0/4] MR596: win32u: Send the total number of registered devices to the server.
-- v2: win32u: Send the total number of registered devices to the server. win32u: Avoid invalid access when registered device alloc failed. (Coverity) win32u: Avoid reallocating rawinput device array with zero size. server: Avoid reallocating rawinput device array with zero size.
From: R��mi Bernon rbernon@codeweavers.com
It actually frees the pointer. --- server/queue.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/server/queue.c b/server/queue.c index d98d645065f..1b20bedb9c0 100644 --- a/server/queue.c +++ b/server/queue.c @@ -3377,7 +3377,7 @@ DECL_HANDLER(update_rawinput_devices) { const struct rawinput_device *tmp, *devices = get_req_data(); unsigned int device_count = get_req_data_size() / sizeof (*devices); - size_t size = device_count * sizeof(*devices); + size_t size = (device_count + 1) * sizeof(*devices); struct process *process = current->process;
if (!(tmp = realloc( process->rawinput_devices, size )))
From: R��mi Bernon rbernon@codeweavers.com
It actually frees the pointer. --- dlls/win32u/rawinput.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/dlls/win32u/rawinput.c b/dlls/win32u/rawinput.c index 8e3f3ace15a..3a8aa53d829 100644 --- a/dlls/win32u/rawinput.c +++ b/dlls/win32u/rawinput.c @@ -856,7 +856,7 @@ BOOL WINAPI NtUserRegisterRawInputDevices( const RAWINPUTDEVICE *devices, UINT d
pthread_mutex_lock( &rawinput_mutex );
- size = (SIZE_T)device_size * (registered_device_count + device_count); + size = (SIZE_T)device_size * (registered_device_count + device_count + 1); registered_devices = realloc( registered_devices, size ); if (registered_devices) for (i = 0; i < device_count; ++i) register_rawinput_device( devices + i );
From: R��mi Bernon rbernon@codeweavers.com
--- dlls/win32u/rawinput.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/dlls/win32u/rawinput.c b/dlls/win32u/rawinput.c index 3a8aa53d829..ff686d8fd1f 100644 --- a/dlls/win32u/rawinput.c +++ b/dlls/win32u/rawinput.c @@ -821,6 +821,7 @@ static void register_rawinput_device( const RAWINPUTDEVICE *device ) BOOL WINAPI NtUserRegisterRawInputDevices( const RAWINPUTDEVICE *devices, UINT device_count, UINT device_size ) { struct rawinput_device *server_devices; + RAWINPUTDEVICE *new_registered_devices; SIZE_T size; BOOL ret; UINT i; @@ -857,8 +858,13 @@ BOOL WINAPI NtUserRegisterRawInputDevices( const RAWINPUTDEVICE *devices, UINT d pthread_mutex_lock( &rawinput_mutex );
size = (SIZE_T)device_size * (registered_device_count + device_count + 1); - registered_devices = realloc( registered_devices, size ); - if (registered_devices) for (i = 0; i < device_count; ++i) register_rawinput_device( devices + i ); + if (!(new_registered_devices = realloc( registered_devices, size ))) + ERR( "Failed to realloc %u registered rawinput devices\n", registered_device_count + device_count ); + else + { + registered_devices = new_registered_devices; + for (i = 0; i < device_count; ++i) register_rawinput_device( devices + i ); + }
server_devices = malloc( registered_device_count * sizeof(*server_devices) ); if (server_devices) for (i = 0; i < registered_device_count; ++i) @@ -871,7 +877,7 @@ BOOL WINAPI NtUserRegisterRawInputDevices( const RAWINPUTDEVICE *devices, UINT d
pthread_mutex_unlock( &rawinput_mutex );
- if (!registered_devices || !server_devices) + if (!new_registered_devices || !server_devices) { SetLastError( ERROR_OUTOFMEMORY ); return FALSE;
From: R��mi Bernon rbernon@codeweavers.com
Instead of device_count which is the number of registration updates, and execute the request within the rawinput_mutex to ensure atomicity of the update and consistency between the client and the server state.
Wine-Bug: https://bugs.winehq.org/show_bug.cgi?id=53468 Wine-Bug: https://bugs.winehq.org/show_bug.cgi?id=53487 --- dlls/win32u/rawinput.c | 32 +++++++++++++++++--------------- 1 file changed, 17 insertions(+), 15 deletions(-)
diff --git a/dlls/win32u/rawinput.c b/dlls/win32u/rawinput.c index ff686d8fd1f..ba35c7efa09 100644 --- a/dlls/win32u/rawinput.c +++ b/dlls/win32u/rawinput.c @@ -866,13 +866,24 @@ BOOL WINAPI NtUserRegisterRawInputDevices( const RAWINPUTDEVICE *devices, UINT d for (i = 0; i < device_count; ++i) register_rawinput_device( devices + i ); }
- server_devices = malloc( registered_device_count * sizeof(*server_devices) ); - if (server_devices) for (i = 0; i < registered_device_count; ++i) + if ((server_devices = malloc( registered_device_count * sizeof(*server_devices) ))) { - server_devices[i].usage_page = registered_devices[i].usUsagePage; - server_devices[i].usage = registered_devices[i].usUsage; - server_devices[i].flags = registered_devices[i].dwFlags; - server_devices[i].target = wine_server_user_handle( registered_devices[i].hwndTarget ); + for (i = 0; i < registered_device_count; ++i) + { + server_devices[i].usage_page = registered_devices[i].usUsagePage; + server_devices[i].usage = registered_devices[i].usUsage; + server_devices[i].flags = registered_devices[i].dwFlags; + server_devices[i].target = wine_server_user_handle( registered_devices[i].hwndTarget ); + } + + SERVER_START_REQ( update_rawinput_devices ) + { + wine_server_add_data( req, server_devices, registered_device_count * sizeof(*server_devices) ); + ret = !wine_server_call_err( req ); + } + SERVER_END_REQ; + + free( server_devices ); }
pthread_mutex_unlock( &rawinput_mutex ); @@ -883,15 +894,6 @@ BOOL WINAPI NtUserRegisterRawInputDevices( const RAWINPUTDEVICE *devices, UINT d return FALSE; }
- SERVER_START_REQ( update_rawinput_devices ) - { - wine_server_add_data( req, server_devices, device_count * sizeof(*server_devices) ); - ret = !wine_server_call_err( req ); - } - SERVER_END_REQ; - - free( server_devices ); - return ret; }
-
Rémi Bernon -
Rémi Bernon (@rbernon)