[PATCH v4 0/1] MR1006: gdi32: Fix possible overflow
According to the documentation of ScriptShape function, the psva argument should have the number of elements indicated by cMaxGlyphs. -- v4: gdi32: Fix possible overflow https://gitlab.winehq.org/wine/wine/-/merge_requests/1006
From: Mark Jansen <mark.jansen(a)reactos.org> According to the documentation of ScriptShape function, the psva argument should have the number of elements indicated by cMaxGlyphs. --- dlls/gdi32/text.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/dlls/gdi32/text.c b/dlls/gdi32/text.c index f2fcb41bcdf..b0134e529f5 100644 --- a/dlls/gdi32/text.c +++ b/dlls/gdi32/text.c @@ -471,7 +471,7 @@ static BOOL BIDI_Reorder( HDC hDC, /* [in] Display DC */ WARN("Out of memory\n"); goto cleanup; } - psva = HeapAlloc(GetProcessHeap(),0,sizeof(SCRIPT_VISATTR) * uCount); + psva = HeapAlloc(GetProcessHeap(),0,sizeof(SCRIPT_VISATTR) * cMaxGlyphs); if (!psva) { WARN("Out of memory\n"); @@ -604,16 +604,22 @@ static BOOL BIDI_Reorder( HDC hDC, /* [in] Display DC */ while (res == E_OUTOFMEMORY) { WORD *new_run_glyphs = HeapReAlloc(GetProcessHeap(), 0, run_glyphs, sizeof(*run_glyphs) * cMaxGlyphs * 2); - if (!new_run_glyphs) + SCRIPT_VISATTR *new_psva = HeapReAlloc(GetProcessHeap(), 0, psva, sizeof(*psva) * cMaxGlyphs * 2); + if (!new_run_glyphs || !new_psva) { WARN("Out of memory\n"); HeapFree(GetProcessHeap(), 0, runOrder); HeapFree(GetProcessHeap(), 0, visOrder); HeapFree(GetProcessHeap(), 0, *lpGlyphs); *lpGlyphs = NULL; + if (new_run_glyphs) + run_glyphs = new_run_glyphs; + if (new_psva) + psva = new_psva; goto cleanup; } run_glyphs = new_run_glyphs; + psva = new_psva; cMaxGlyphs *= 2; res = ScriptShape(hDC, &psc, lpString + done + curItem->iCharPos, cChars, cMaxGlyphs, &curItem->a, run_glyphs, pwLogClust, psva, &cOutGlyphs); } -- GitLab https://gitlab.winehq.org/wine/wine/-/merge_requests/1006
Hi, It looks like your patch introduced the new failures shown below. Please investigate and fix them before resubmitting your patch. If they are not new, fixing them anyway would help a lot. Otherwise please ask for the known failures list to be updated. The tests also ran into some preexisting test failures. If you know how to fix them that would be helpful. See the TestBot job for the details: The full results can be found at: https://testbot.winehq.org/JobDetails.pl?Key=124894 Your paranoid android. === debian11 (32 bit report) === wmvcore: wmvcore.c:3009: Test failed: Wait timed out. === debian11 (build log) === Use of uninitialized value $Flaky in addition (+) at /home/testbot/lib/WineTestBot/LogUtils.pm line 720, <$LogFile> line 24683. Use of uninitialized value $Flaky in addition (+) at /home/testbot/lib/WineTestBot/LogUtils.pm line 720, <$LogFile> line 24683. Use of uninitialized value $Flaky in addition (+) at /home/testbot/lib/WineTestBot/LogUtils.pm line 720, <$LogFile> line 24683.
On Tue Oct 11 15:38:47 2022 +0000, **** wrote:
Marvin replied on the mailing list: ``` Hi, It looks like your patch introduced the new failures shown below. Please investigate and fix them before resubmitting your patch. If they are not new, fixing them anyway would help a lot. Otherwise please ask for the known failures list to be updated. The tests also ran into some preexisting test failures. If you know how to fix them that would be helpful. See the TestBot job for the details: The full results can be found at: https://testbot.winehq.org/JobDetails.pl?Key=124890 Your paranoid android. === debian11 (build log) === Use of uninitialized value $Flaky in addition (+) at /home/testbot/lib/WineTestBot/LogUtils.pm line 720, <$LogFile> line 24681. Use of uninitialized value $Flaky in addition (+) at /home/testbot/lib/WineTestBot/LogUtils.pm line 720, <$LogFile> line 24681. Use of uninitialized value $Flaky in addition (+) at /home/testbot/lib/WineTestBot/LogUtils.pm line 720, <$LogFile> line 24681. ``` Not sure what to do with this, is this something that I broke?
-- https://gitlab.winehq.org/wine/wine/-/merge_requests/1006#note_10301
On Tue Oct 11 15:58:12 2022 +0000, Mark Jansen wrote:
Not sure what to do with this, is this something that I broke? Don't worry about it: it's not you, it's the testbot.
-- https://gitlab.winehq.org/wine/wine/-/merge_requests/1006#note_10303
This merge request was approved by Huw Davies. -- https://gitlab.winehq.org/wine/wine/-/merge_requests/1006
participants (4)
-
Huw Davies (@huw) -
Mark Jansen
-
Mark Jansen (@learn-more)
-
Marvin