Author: akhaldi Date: Fri May 29 10:50:38 2015 New Revision: 67947 URL: http://svn.reactos.org/svn/reactos?rev=67947&view=rev Log: [WIN32K] Add some missing range checks in ftGdiGetGlyphOutline. Fixes some gdi32:font tests. Thanks to Benedikt Freisen for the inspection. CORE-9746 Modified: trunk/reactos/win32ss/gdi/ntgdi/freetype.c Modified: trunk/reactos/win32ss/gdi/ntgdi/freetype.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/win32ss/gdi/ntgdi/freetype… ============================================================================== --- trunk/reactos/win32ss/gdi/ntgdi/freetype.c [iso-8859-1] (original) +++ trunk/reactos/win32ss/gdi/ntgdi/freetype.c [iso-8859-1] Fri May 29 10:50:38 2015 @@ -2053,6 +2053,9 @@ needed = pitch * height; if (!pvBuf || !cjBuf) break; + if (!needed) return GDI_ERROR; /* empty glyph */ + if (needed > cjBuf) + return GDI_ERROR; switch (ft_face->glyph->format) { @@ -2108,6 +2111,9 @@ needed = pitch * height; if (!pvBuf || !cjBuf) break; + if (!needed) return GDI_ERROR; /* empty glyph */ + if (needed > cjBuf) + return GDI_ERROR; switch (ft_face->glyph->format) {