Details
-
Bug
-
Resolution: Unresolved
-
Major
-
None
-
None
Description
The last param of BmpPopulateBootEntryList is Out PULONG SequenceCount, however the first thing the API does is to use this Out param to perform a for loop 
:
1269 /* Loop through every element in the sequence */ |
1270 for (i = 0; i < *SequenceCount; i++) |
If such, I think that param should be an _IN_OUT one.
The BmpPopulateBootEntryList() function however seems to be misused:
One time we call BmpPopulateBootEntryList() expecting to RETURN a SequenceCount number and we pass a pointer to an ULONG, as in this case:
https://git.reactos.org/?p=reactos.git;a=blob;f=reactos/boot/environ/app/bootmgr/bootmgr.c;hb=3ba858b3f993995d60b8ac91cc5bea6308d4b606#l1484
Another time we call BmpPopulateBootEntryList() expecting to USE a SequenceCount number we pass to it via a pointer to an ULONG, as in this case:
https://git.reactos.org/?p=reactos.git;a=blob;f=reactos/boot/environ/app/bootmgr/bootmgr.c;hb=3ba858b3f993995d60b8ac91cc5bea6308d4b606#l1578
Since this is Alex Ionescu code dunno if this should go into #ros-dev ML instead.