Author: tkreuzer Date: Mon Oct 27 20:40:11 2014 New Revision: 65052 URL: http://svn.reactos.org/svn/reactos?rev=65052&view=rev Log: [WIN32K] - Fail in NtGdiCreateClientObj, when the object type is not valid. This is based on Windows behavior, only more strict. Windows allows to set the stock bit and reuse count, which is probably not what we want. Modified: trunk/reactos/win32ss/gdi/ntgdi/gdiobj.c Modified: trunk/reactos/win32ss/gdi/ntgdi/gdiobj.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/win32ss/gdi/ntgdi/gdiobj.c… ============================================================================== --- trunk/reactos/win32ss/gdi/ntgdi/gdiobj.c [iso-8859-1] (original) +++ trunk/reactos/win32ss/gdi/ntgdi/gdiobj.c [iso-8859-1] Mon Oct 27 20:40:11 2014 @@ -1272,6 +1272,15 @@ POBJ pObject; HANDLE handle; + /* Check if ulType is valid */ + if ((ulType != GDILoObjType_LO_METAFILE16_TYPE) && + (ulType != GDILoObjType_LO_METAFILE_TYPE) && + (ulType != GDILoObjType_LO_METADC16_TYPE)) + { + DPRINT1("NtGdiCreateClientObj: Invalid object type 0x%lx.\n", ulType); + return NULL; + } + /* Allocate a new object */ pObject = GDIOBJ_AllocateObject(GDIObjType_CLIENTOBJ_TYPE, sizeof(CLIENTOBJ), @@ -1281,9 +1290,6 @@ DPRINT1("NtGdiCreateClientObj: Could not allocate a clientobj.\n"); return NULL; } - - /* Mask out everything that would change the type in a wrong manner */ - ulType &= (GDI_HANDLE_TYPE_MASK & ~GDI_HANDLE_BASETYPE_MASK); /* Set the real object type */ pObject->hHmgr = UlongToHandle(ulType | GDILoObjType_LO_CLIENTOBJ_TYPE);