Author: hbelusca Date: Fri Feb 24 01:52:25 2017 New Revision: 73895
URL: http://svn.reactos.org/svn/reactos?rev=73895&view=rev Log: [NTGDI]: Few fixes & hacks for NtGdiGetGlyphIndicesW, see CORE-12825: - (Fix) Check for integer count overflow (per Thomas suggestion), - (Hack#1) Signal the particular calling case (where pwc == NULL == pgi and cwc == 0), as discovered by the testcase of r73894, - (Hack#2) Return error when cwc == 0 alone (triggered by e.g. Word 2010).
Modified: trunk/reactos/win32ss/gdi/ntgdi/freetype.c
Modified: trunk/reactos/win32ss/gdi/ntgdi/freetype.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/win32ss/gdi/ntgdi/freetype.... ============================================================================== --- trunk/reactos/win32ss/gdi/ntgdi/freetype.c [iso-8859-1] (original) +++ trunk/reactos/win32ss/gdi/ntgdi/freetype.c [iso-8859-1] Fri Feb 24 01:52:25 2017 @@ -4393,6 +4393,9 @@ /* * @implemented */ +// TODO: Move this code into NtGdiGetGlyphIndicesWInternal and wrap +// NtGdiGetGlyphIndicesW around NtGdiGetGlyphIndicesWInternal instead. +// NOTE: See also GreGetGlyphIndicesW. __kernel_entry W32KAPI DWORD @@ -4408,7 +4411,7 @@ PDC_ATTR pdcattr; PTEXTOBJ TextObj; PFONTGDI FontGDI; - HFONT hFont = 0; + HFONT hFont = NULL; NTSTATUS Status = STATUS_SUCCESS; OUTLINETEXTMETRICW *potm; INT i; @@ -4419,12 +4422,31 @@ LPCWSTR UnSafepwc = pwc; LPWORD UnSafepgi = pgi;
- if ((!UnSafepwc) && (!UnSafepgi)) return cwc; - - if ((UnSafepwc == NULL) || (UnSafepgi == NULL)) + /* Check for integer overflow */ + if (cwc & 0x80000000) // (INT_MAX + 1) == INT_MIN + return GDI_ERROR; + + if (!UnSafepwc && !UnSafepgi) + return cwc; + + if (!UnSafepwc || !UnSafepgi) { DPRINT1("UnSafepwc == %p, UnSafepgi = %p\n", UnSafepwc, UnSafepgi); - return -1; + return GDI_ERROR; + } + + // TODO: Special undocumented case! + if (!pwc && !pgi && (cwc == 0)) + { + DPRINT1("ERR: NtGdiGetGlyphIndicesW with (!pwc && !pgi && (cwc == 0)) is UNIMPLEMENTED!\n"); + return 0; + } + + // FIXME: This is a hack!! (triggered by e.g. Word 2010). See CORE-12825 + if (cwc == 0) + { + DPRINT1("ERR: NtGdiGetGlyphIndicesW with (cwc == 0) is UNIMPLEMENTED!\n"); + return GDI_ERROR; }
dc = DC_LockDc(hdc);