[ros-diffs] [fireball] 48783: - Add unsafe bits buffer probing in GreSetDIBits.

Author: fireball Date: Thu Sep 16 20:00:06 2010 New Revision: 48783 URL: http://svn.reactos.org/svn/reactos?rev=48783&view=rev Log: - Add unsafe bits buffer probing in GreSetDIBits. Modified: branches/arwinss/reactos/subsystems/win32/win32k/gre/bitblt.c Modified: branches/arwinss/reactos/subsystems/win32/win32k/gre/bitblt.c URL: http://svn.reactos.org/svn/reactos/branches/arwinss/reactos/subsystems/win3… ============================================================================== --- branches/arwinss/reactos/subsystems/win32/win32k/gre/bitblt.c [iso-8859-1] (original) +++ branches/arwinss/reactos/subsystems/win32/win32k/gre/bitblt.c [iso-8859-1] Thu Sep 16 20:00:06 2010 @@ -568,6 +568,7 @@ HPALETTE DDB_Palette, DIB_Palette; ULONG DIB_Palette_Type; INT DIBWidth; + NTSTATUS Status = STATUS_SUCCESS; // Check parameters if (!(bitmap = SURFACE_LockSurface(hBitmap))) @@ -589,6 +590,24 @@ // Determine width of DIB DIBWidth = DIB_GetDIBWidthBytes(SourceSize.cx, bmi->bmiHeader.biBitCount); + + /* Probe the user buffer */ + _SEH2_TRY + { + ProbeForRead(Bits, DIBWidth * SourceSize.cy, 1); + } + _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) + { + Status = _SEH2_GetExceptionCode(); + DPRINT1("Caught an exception 0x%08X!\n", Status); + } + _SEH2_END + + if (!NT_SUCCESS(Status)) + { + SURFACE_UnlockSurface(bitmap); + return 0; + } SourceBitmap = EngCreateBitmap(SourceSize, DIBWidth,