[PATCH v2 0/1] MR1006: gdi32: Fix possible overflow

List overview All Threads

newer

older

[PATCH v3 0/2] MR1016:...

[PATCH v3 0/2] MR957: rpcrt4:...

Mark Jansen (＠learn-more)

11 Oct 2022 11 Oct '22

3 p.m.

According to the documentation of ScriptShape function, the psva argument should have the number of elements indicated by cMaxGlyphs.

-- v2: gdi32: Fix possible overflow

https://gitlab.winehq.org/wine/wine/-/merge_requests/1006

Show replies by date

Mark Jansen

11 Oct 11 Oct

3 p.m.

New subject: [PATCH v2 1/1] gdi32: Fix possible overflow

From: Mark Jansen mark.jansen@reactos.org

According to the documentation of ScriptShape function, the psva argument should have the number of elements indicated by cMaxGlyphs. --- dlls/gdi32/text.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/dlls/gdi32/text.c b/dlls/gdi32/text.c index f2fcb41bcdf..c4eb2fa5bf2 100644 --- a/dlls/gdi32/text.c +++ b/dlls/gdi32/text.c @@ -471,7 +471,7 @@ static BOOL BIDI_Reorder( HDC hDC, /* [in] Display DC */ WARN("Out of memory\n"); goto cleanup; } - psva = HeapAlloc(GetProcessHeap(),0,sizeof(SCRIPT_VISATTR) * uCount); + psva = HeapAlloc(GetProcessHeap(),0,sizeof(SCRIPT_VISATTR) * cMaxGlyphs); if (!psva) { WARN("Out of memory\n"); @@ -614,6 +614,17 @@ static BOOL BIDI_Reorder( HDC hDC, /* [in] Display DC */ goto cleanup; } run_glyphs = new_run_glyphs; + SCRIPT_VISATTR *new_psva = HeapReAlloc(GetProcessHeap(), 0, psva, sizeof(*psva) * cMaxGlyphs * 2); + if (!new_psva) + { + WARN("Out of memory\n"); + HeapFree(GetProcessHeap(), 0, runOrder); + HeapFree(GetProcessHeap(), 0, visOrder); + HeapFree(GetProcessHeap(), 0, *lpGlyphs); + *lpGlyphs = NULL; + goto cleanup; + } + psva = new_psva; cMaxGlyphs *= 2; res = ScriptShape(hDC, &psc, lpString + done + curItem->iCharPos, cChars, cMaxGlyphs, &curItem->a, run_glyphs, pwLogClust, psva, &cOutGlyphs); }

-- GitLab https://gitlab.winehq.org/wine/wine/-/merge_requests/1006

Marvin

3:37 p.m.

New subject: [PATCH v2 1/1] gdi32: Fix possible overflow

Hi,

It looks like your patch introduced the new failures shown below. Please investigate and fix them before resubmitting your patch. If they are not new, fixing them anyway would help a lot. Otherwise please ask for the known failures list to be updated.

The tests also ran into some preexisting test failures. If you know how to fix them that would be helpful. See the TestBot job for the details:

The full results can be found at: https://testbot.winehq.org/JobDetails.pl?Key=124890

Your paranoid android.

=== debian11 (build log) ===

Use of uninitialized value $Flaky in addition (+) at /home/testbot/lib/WineTestBot/LogUtils.pm line 720, <$LogFile> line 24681. Use of uninitialized value $Flaky in addition (+) at /home/testbot/lib/WineTestBot/LogUtils.pm line 720, <$LogFile> line 24681. Use of uninitialized value $Flaky in addition (+) at /home/testbot/lib/WineTestBot/LogUtils.pm line 720, <$LogFile> line 24681.

849

Age (days ago)

849

Last active (days ago)

wine-gitlab@winehq.org

2 comments

3 participants

tags (0)

participants (3)

Mark Jansen
Mark Jansen (＠learn-more)
Marvin