Author: fireball Date: Wed Jul 22 12:24:08 2009 New Revision: 42137 URL: http://svn.reactos.org/svn/reactos?rev=42137&view=rev Log: - Add user buffer probing and copying to RosGdiPolygon. - Offset all points before calling the GrePolygon function. Modified: branches/arwinss/reactos/subsystems/win32/win32k/gdi/misc.c branches/arwinss/reactos/subsystems/win32/win32k/gre/rect.c Modified: branches/arwinss/reactos/subsystems/win32/win32k/gdi/misc.c URL: http://svn.reactos.org/svn/reactos/branches/arwinss/reactos/subsystems/win3… ============================================================================== --- branches/arwinss/reactos/subsystems/win32/win32k/gdi/misc.c [iso-8859-1] (original) +++ branches/arwinss/reactos/subsystems/win32/win32k/gdi/misc.c [iso-8859-1] Wed Jul 22 12:24:08 2009 @@ -129,19 +129,64 @@ return FALSE; } -BOOL APIENTRY RosGdiPolygon( HDC physDev, const POINT* pt, INT count ) -{ - PDC pDC; - - /* Get a pointer to the DC */ - pDC = GDI_GetObjPtr(physDev, (SHORT)GDI_OBJECT_TYPE_DC); +BOOL APIENTRY RosGdiPolygon( HDC physDev, const POINT* pUserBuffer, INT count ) +{ + PDC pDC; + NTSTATUS Status = STATUS_SUCCESS; + POINT pStackBuf[16]; + POINT *pPoints = pStackBuf; + ULONG i; + + /* Get a pointer to the DC */ + pDC = GDI_GetObjPtr(physDev, (SHORT)GDI_OBJECT_TYPE_DC); + + /* Capture the points buffer */ + _SEH2_TRY + { + ProbeForRead(pUserBuffer, count * sizeof(POINT), 1); + + /* Use pool allocated buffer if data doesn't fit */ + if (count > sizeof(*pStackBuf) / sizeof(POINT)) + pPoints = ExAllocatePool(PagedPool, sizeof(POINT) * count); + + /* Copy points data */ + RtlCopyMemory(pPoints, pUserBuffer, count * sizeof(POINT)); + } + _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) + { + Status = _SEH2_GetExceptionCode(); + } + _SEH2_END; + + if (!NT_SUCCESS(Status)) + { + /* Release the object */ + GDI_ReleaseObj(physDev); + + /* Free the buffer if it was allocated */ + if (pPoints != pStackBuf) ExFreePool(pPoints); + + /* Return failure */ + return FALSE; + } + + /* Offset points data */ + for (i=0; i<count; i++) + { + pPoints[i].x += pDC->rcDcRect.left + pDC->rcVport.left; + pPoints[i].y += pDC->rcDcRect.top + pDC->rcVport.top; + } /* Draw the polygon */ - GrePolygon(pDC, pt, count); - - /* Release the object */ - GDI_ReleaseObj(physDev); - + GrePolygon(pDC, pPoints, count); + + /* Release the object */ + GDI_ReleaseObj(physDev); + + /* Free the buffer if it was allocated */ + if (pPoints != pStackBuf) ExFreePool(pPoints); + + /* Return success */ return TRUE; } Modified: branches/arwinss/reactos/subsystems/win32/win32k/gre/rect.c URL: http://svn.reactos.org/svn/reactos/branches/arwinss/reactos/subsystems/win3… ============================================================================== --- branches/arwinss/reactos/subsystems/win32/win32k/gre/rect.c [iso-8859-1] (original) +++ branches/arwinss/reactos/subsystems/win32/win32k/gre/rect.c [iso-8859-1] Wed Jul 22 12:24:08 2009 @@ -135,10 +135,10 @@ bRet = GreLineTo(&pDC->pBitmap->SurfObj, NULL,//dc->rosdc.CombinedClip, &pDC->pLineBrush->BrushObj, - ptPoints[i].x + pDC->rcDcRect.left, - ptPoints[i].y + pDC->rcDcRect.top, - ptPoints[i+1].x + pDC->rcDcRect.left, - ptPoints[i+1].y + pDC->rcDcRect.top, + ptPoints[i].x, + ptPoints[i].y, + ptPoints[i+1].x, + ptPoints[i+1].y, &DestRect, // Bounding rectangle Mix); }