mirror of
https://github.com/reactos/reactos.git
synced 2026-05-23 15:50:29 +08:00
222acf5a3e
This is an addendum to 0.4.15-dev-3174-gdda9c3979eCORE-17769 and 0.4.15-dev-3147-g3bf7e3ac13CORE-17754 CORE-17755 We have not seen this happening in real-life yet, but some code-fragments within co_IntSetScrollInfo() e.g. line 628 if (nBar == SB_CTL) do clearly indicate that nBar can be 2 (SB_CTL). Some lines below we definitely must not access those 4 static arrays out of bounds then via nBar as access index! Ftr with a bit of grepping I also found some calls like NtUserSetScrollInfo(Wnd, SB_CTL, &Info, FALSE); e.g: in win32ss/user/user32/controls/scrollbar.c so I am pretty sure nBar == 2 can happen in practice within co_IntSetScrollInfo(). I question whether any of those reads/writes to those static arrays (or the comparisons) would make any sense on index 2, so we should aim to eliminate them altogether in the future.