Some applications pass this and crash when BIDI_Reorder can't allocate the memory.
Signed-off-by: Gabriel Ivăncescu gabrielopcode@gmail.com --- dlls/gdi32/font.c | 1 + dlls/gdi32/tests/font.c | 2 ++ dlls/gdi32/tests/metafile.c | 8 +++++++- 3 files changed, 10 insertions(+), 1 deletion(-)
diff --git a/dlls/gdi32/font.c b/dlls/gdi32/font.c index 74ca482..c0517f5 100644 --- a/dlls/gdi32/font.c +++ b/dlls/gdi32/font.c @@ -5932,6 +5932,7 @@ BOOL WINAPI ExtTextOutW( HDC hdc, INT x, INT y, UINT flags, static int quietfixme = 0;
if (!dc) return FALSE; + if (count == -1) return FALSE;
align = dc->textAlign; breakRem = dc->breakRem; diff --git a/dlls/gdi32/tests/font.c b/dlls/gdi32/tests/font.c index 461eecf..3e1f1e9 100644 --- a/dlls/gdi32/tests/font.c +++ b/dlls/gdi32/tests/font.c @@ -6916,6 +6916,8 @@ static void test_bitmap_font_glyph_index(void) hBmpPrev = SelectObject(hdc, hBmp[j]); switch (j) { case 0: + ret = ExtTextOutW(hdc, 0, 0, 0, NULL, text, -1, NULL); + ok(!ret, "ExtTextOutW succeeded\n"); ret = ExtTextOutW(hdc, 0, 0, 0, NULL, text, lstrlenW(text), NULL); break; case 1: diff --git a/dlls/gdi32/tests/metafile.c b/dlls/gdi32/tests/metafile.c index 8dae908..15af24a 100644 --- a/dlls/gdi32/tests/metafile.c +++ b/dlls/gdi32/tests/metafile.c @@ -222,7 +222,13 @@ static void test_ExtTextOut(void) ret = ExtTextOutA(hdcMetafile, 0, 40, 0, NULL, text, lstrlenA(text), NULL); ok( ret, "ExtTextOutA error %d\n", GetLastError());
- /* 4. test with unmatched BeginPath/EndPath calls */ + /* 4. pass -1 to length */ + SetLastError(0xdeadbeef); + ret = ExtTextOutA(hdcMetafile, 0, 0, 0, &rc, text, -1, NULL); + ok( !ret, "ExtTextOutA succeeded\n"); + ok( GetLastError() == 0xdeadbeef, "ExtTextOutA error %d\n", GetLastError()); + + /* 5. test with unmatched BeginPath/EndPath calls */ ret = BeginPath(hdcMetafile); ok( ret, "BeginPath error %d\n", GetLastError()); ret = BeginPath(hdcMetafile);
Signed-off-by: Gabriel Ivăncescu gabrielopcode@gmail.com ---
The type is UINT so it does nothing anyway.
dlls/gdi32/font.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/dlls/gdi32/font.c b/dlls/gdi32/font.c index c0517f5..dd8265f 100644 --- a/dlls/gdi32/font.c +++ b/dlls/gdi32/font.c @@ -5961,7 +5961,7 @@ BOOL WINAPI ExtTextOutW( HDC hdc, INT x, INT y, UINT flags, align ^= TA_RTLREADING; }
- if( !(flags & (ETO_GLYPH_INDEX | ETO_IGNORELANGUAGE)) && count > 0 ) + if (!(flags & (ETO_GLYPH_INDEX | ETO_IGNORELANGUAGE))) { INT cGlyphs; reordered_str = HeapAlloc(GetProcessHeap(), 0, count*sizeof(WCHAR));
On Fri, 29 Jan 2021 19:12:57 +0200, Gabriel Ivăncescu wrote:
Signed-off-by: Gabriel Ivăncescu gabrielopcode@gmail.com
The type is UINT so it does nothing anyway.
dlls/gdi32/font.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/dlls/gdi32/font.c b/dlls/gdi32/font.c index c0517f5..dd8265f 100644 --- a/dlls/gdi32/font.c +++ b/dlls/gdi32/font.c @@ -5961,7 +5961,7 @@ BOOL WINAPI ExtTextOutW( HDC hdc, INT x, INT y, UINT flags, align ^= TA_RTLREADING; }
- if( !(flags & (ETO_GLYPH_INDEX | ETO_IGNORELANGUAGE)) && count > 0 )
- if (!(flags & (ETO_GLYPH_INDEX | ETO_IGNORELANGUAGE))) { INT cGlyphs; reordered_str = HeapAlloc(GetProcessHeap(), 0, count*sizeof(WCHAR));
(having forgot to cc to the list, I resend this mail.)
The check is needed. If count variable is zero, the inner calls, e.g. HeapAlloc, are redundant.
Akihiro Sagawa
On 30/01/2021 06:27, Akihiro Sagawa wrote:
On Fri, 29 Jan 2021 19:12:57 +0200, Gabriel Ivăncescu wrote:
Signed-off-by: Gabriel Ivăncescu gabrielopcode@gmail.com
The type is UINT so it does nothing anyway.
dlls/gdi32/font.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/dlls/gdi32/font.c b/dlls/gdi32/font.c index c0517f5..dd8265f 100644 --- a/dlls/gdi32/font.c +++ b/dlls/gdi32/font.c @@ -5961,7 +5961,7 @@ BOOL WINAPI ExtTextOutW( HDC hdc, INT x, INT y, UINT flags, align ^= TA_RTLREADING; }
- if( !(flags & (ETO_GLYPH_INDEX | ETO_IGNORELANGUAGE)) && count > 0 )
- if (!(flags & (ETO_GLYPH_INDEX | ETO_IGNORELANGUAGE))) { INT cGlyphs; reordered_str = HeapAlloc(GetProcessHeap(), 0, count*sizeof(WCHAR));
(having forgot to cc to the list, I resend this mail.)
The check is needed. If count variable is zero, the inner calls, e.g. HeapAlloc, are redundant.
Akihiro Sagawa
Yes you're right, I forgot about the zero case. I also forgot to include ExtTextOutA in the first patch...
On Fri, 29 Jan 2021 19:12:56 +0200, Gabriel Ivăncescu wrote:
Some applications pass this and crash when BIDI_Reorder can't allocate the memory.
Signed-off-by: Gabriel Ivăncescu gabrielopcode@gmail.com
dlls/gdi32/font.c | 1 + dlls/gdi32/tests/font.c | 2 ++ dlls/gdi32/tests/metafile.c | 8 +++++++- 3 files changed, 10 insertions(+), 1 deletion(-)
diff --git a/dlls/gdi32/font.c b/dlls/gdi32/font.c index 74ca482..c0517f5 100644 --- a/dlls/gdi32/font.c +++ b/dlls/gdi32/font.c @@ -5932,6 +5932,7 @@ BOOL WINAPI ExtTextOutW( HDC hdc, INT x, INT y, UINT flags, static int quietfixme = 0;
if (!dc) return FALSE;
- if (count == -1) return FALSE;
From my point of view, you might want to use '> INT_MAX' instead of '== -1'. BIDI_Reorder expects a singed integer while count variable is an unsigned one.
Akihiro Sagawa
-
Akihiro Sagawa -
Gabriel Ivăncescu