[ros-diffs] [gschneider] 43655: [gdi32] Prevent possible buffer overrun in TranslateCharsetInfo, see wine bug 19819 for more info

20 Oct 2009

Author: gschneider
Date: Tue Oct 20 20:34:22 2009
New Revision: 43655
URL: http://svn.reactos.org/svn/reactos?rev=43655&view=rev
Log:
[gdi32] Prevent possible buffer overrun in TranslateCharsetInfo, see wine bug 19819 for more info
Modified:
    trunk/reactos/dll/win32/gdi32/objects/font.c
Modified: trunk/reactos/dll/win32/gdi32/objects/font.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/gdi32/objects/fon...
==============================================================================

--- trunk/reactos/dll/win32/gdi32/objects/font.c [iso-8859-1] (original)
+++ trunk/reactos/dll/win32/gdi32/objects/font.c [iso-8859-1] Tue Oct 20 20:34:22 2009
@@ -1724,13 +1724,13 @@
     int index = 0;
     switch (flags) {
     case TCI_SRCFONTSIG:
-	while (!(*lpSrc>>index & 0x0001) && index<MAXTCIINDEX) index++;
+      while (index < MAXTCIINDEX && !(*lpSrc>>index & 0x0001)) index++;
       break;
     case TCI_SRCCODEPAGE:
-      while (PtrToUlong(lpSrc) != FONT_tci[index].ciACP && index < MAXTCIINDEX) index++;
+      while (index < MAXTCIINDEX && PtrToUlong(lpSrc) != FONT_tci[index].ciACP) index++;
       break;
     case TCI_SRCCHARSET:
-      while (PtrToUlong(lpSrc) != FONT_tci[index].ciCharset && index < MAXTCIINDEX) index++;
+      while (index < MAXTCIINDEX && PtrToUlong(lpSrc) != FONT_tci[index].ciCharset) index++;
       break;
     default:
       return FALSE;

    

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

[ros-diffs] [gschneider] 43655: [gdi32] Prevent possible buffer overrun in TranslateCharsetInfo, see wine bug 19819 for more info