From: Mark Jansen mark.jansen@reactos.org
According to the documentation of ScriptShape function, the psva argument should have the number of elements indicated by cMaxGlyphs. --- dlls/gdi32/text.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/dlls/gdi32/text.c b/dlls/gdi32/text.c index f2fcb41bcdf..b0134e529f5 100644 --- a/dlls/gdi32/text.c +++ b/dlls/gdi32/text.c @@ -471,7 +471,7 @@ static BOOL BIDI_Reorder( HDC hDC, /* [in] Display DC */ WARN("Out of memory\n"); goto cleanup; } - psva = HeapAlloc(GetProcessHeap(),0,sizeof(SCRIPT_VISATTR) * uCount); + psva = HeapAlloc(GetProcessHeap(),0,sizeof(SCRIPT_VISATTR) * cMaxGlyphs); if (!psva) { WARN("Out of memory\n"); @@ -604,16 +604,22 @@ static BOOL BIDI_Reorder( HDC hDC, /* [in] Display DC */ while (res == E_OUTOFMEMORY) { WORD *new_run_glyphs = HeapReAlloc(GetProcessHeap(), 0, run_glyphs, sizeof(*run_glyphs) * cMaxGlyphs * 2); - if (!new_run_glyphs) + SCRIPT_VISATTR *new_psva = HeapReAlloc(GetProcessHeap(), 0, psva, sizeof(*psva) * cMaxGlyphs * 2); + if (!new_run_glyphs || !new_psva) { WARN("Out of memory\n"); HeapFree(GetProcessHeap(), 0, runOrder); HeapFree(GetProcessHeap(), 0, visOrder); HeapFree(GetProcessHeap(), 0, *lpGlyphs); *lpGlyphs = NULL; + if (new_run_glyphs) + run_glyphs = new_run_glyphs; + if (new_psva) + psva = new_psva; goto cleanup; } run_glyphs = new_run_glyphs; + psva = new_psva; cMaxGlyphs *= 2; res = ScriptShape(hDC, &psc, lpString + done + curItem->iCharPos, cChars, cMaxGlyphs, &curItem->a, run_glyphs, pwLogClust, psva, &cOutGlyphs); }