[gschneider] 43655: [gdi32] Prevent possible buffer overrun in TranslateCharsetInfo, see wine bug 19819 for more info - Ros-diffs

20 Oct 2009

Author: gschneider
Date: Tue Oct 20 20:34:22 2009
New Revision: 43655
URL: http://svn.reactos.org/svn/reactos?rev=43655&view=rev
Log:
[gdi32] Prevent possible buffer overrun in TranslateCharsetInfo, see wine bug 19819 for more info
Modified:
    trunk/reactos/dll/win32/gdi32/objects/font.c
Modified: trunk/reactos/dll/win32/gdi32/objects/font.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/gdi32/objects/fon...
==============================================================================

--- trunk/reactos/dll/win32/gdi32/objects/font.c [iso-8859-1] (original)
+++ trunk/reactos/dll/win32/gdi32/objects/font.c [iso-8859-1] Tue Oct 20 20:34:22 2009
@@ -1724,13 +1724,13 @@
     int index = 0;
     switch (flags) {
     case TCI_SRCFONTSIG:
-	while (!(*lpSrc>>index & 0x0001) && index<MAXTCIINDEX) index++;
+      while (index < MAXTCIINDEX && !(*lpSrc>>index & 0x0001)) index++;
       break;
     case TCI_SRCCODEPAGE:
-      while (PtrToUlong(lpSrc) != FONT_tci[index].ciACP && index < MAXTCIINDEX) index++;
+      while (index < MAXTCIINDEX && PtrToUlong(lpSrc) != FONT_tci[index].ciACP) index++;
       break;
     case TCI_SRCCHARSET:
-      while (PtrToUlong(lpSrc) != FONT_tci[index].ciCharset && index < MAXTCIINDEX) index++;
+      while (index < MAXTCIINDEX && PtrToUlong(lpSrc) != FONT_tci[index].ciCharset) index++;
       break;
     default:
       return FALSE;

    