Dmitry Timoshkov : gdi32: In the calculations use a fixed dmSize, not a passed in (possibly too large) one. - wine-commits

19 Dec 2007

Module: wine
Branch: master
Commit: c316c1a29fbfd77ecebc5b580acbfaaa4d198706
URL:    http://source.winehq.org/git/wine.git/?a=commit;h=c316c1a29fbfd77ecebc5b580a...
Author: Dmitry Timoshkov dmitry@codeweavers.com
Date:   Wed Dec 19 11:43:05 2007 +0800
gdi32: In the calculations use a fixed dmSize, not a passed in (possibly too large) one.
---
dlls/gdi32/driver.c |   22 +++++++++++-----------
 1 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/dlls/gdi32/driver.c b/dlls/gdi32/driver.c
index 4d1aaad..a2aa033 100644
--- a/dlls/gdi32/driver.c
+++ b/dlls/gdi32/driver.c
@@ -411,14 +411,14 @@ BOOL DRIVER_GetDriverName( LPCWSTR device, LPWSTR driver, DWORD size )
 DEVMODEW * WINAPI GdiConvertToDevmodeW(const DEVMODEA *dmA)
 {
     DEVMODEW *dmW;
-    WORD dmW_size;
+    WORD dmW_size, dmA_size;
-    dmW_size = dmA->dmSize;
-    if (dmW_size > sizeof(DEVMODEA))
-        dmW_size = sizeof(DEVMODEA);
+    dmA_size = dmA->dmSize;
+    if (dmA_size > sizeof(DEVMODEA))
+        dmA_size = sizeof(DEVMODEA);
-    dmW_size += CCHDEVICENAME;
-    if (dmA->dmSize >= FIELD_OFFSET(DEVMODEA, dmFormName) + CCHFORMNAME)
+    dmW_size = dmA_size + CCHDEVICENAME;
+    if (dmA_size >= FIELD_OFFSET(DEVMODEA, dmFormName) + CCHFORMNAME)
         dmW_size += CCHFORMNAME;
dmW = HeapAlloc(GetProcessHeap(), 0, dmW_size + dmA->dmDriverExtra);
@@ -427,18 +427,18 @@ DEVMODEW * WINAPI GdiConvertToDevmodeW(const DEVMODEA *dmA)
     MultiByteToWideChar(CP_ACP, 0, (const char*) dmA->dmDeviceName, CCHDEVICENAME,
                                    dmW->dmDeviceName, CCHDEVICENAME);
     /* copy slightly more, to avoid long computations */
-    memcpy(&dmW->dmSpecVersion, &dmA->dmSpecVersion, dmA->dmSize - CCHDEVICENAME);
+    memcpy(&dmW->dmSpecVersion, &dmA->dmSpecVersion, dmA_size - CCHDEVICENAME);
-    if (dmA->dmSize >= FIELD_OFFSET(DEVMODEA, dmFormName) + CCHFORMNAME)
+    if (dmA_size >= FIELD_OFFSET(DEVMODEA, dmFormName) + CCHFORMNAME)
     {
         MultiByteToWideChar(CP_ACP, 0, (const char*) dmA->dmFormName, CCHFORMNAME,
                                        dmW->dmFormName, CCHFORMNAME);
-        if (dmA->dmSize > FIELD_OFFSET(DEVMODEA, dmLogPixels))
-            memcpy(&dmW->dmLogPixels, &dmA->dmLogPixels, dmA->dmSize - FIELD_OFFSET(DEVMODEA, dmLogPixels));
+        if (dmA_size > FIELD_OFFSET(DEVMODEA, dmLogPixels))
+            memcpy(&dmW->dmLogPixels, &dmA->dmLogPixels, dmA_size - FIELD_OFFSET(DEVMODEA, dmLogPixels));
     }
if (dmA->dmDriverExtra)
-        memcpy((char *)dmW + dmW_size, (const char *)dmA + dmA->dmSize, dmA->dmDriverExtra);
+        memcpy((char *)dmW + dmW_size, (const char *)dmA + dmA_size, dmA->dmDriverExtra);
dmW->dmSize = dmW_size;

    