[fireball] 48783: - Add unsafe bits buffer probing in GreSetDIBits. - Ros-diffs

16 Sep 2010

Author: fireball
Date: Thu Sep 16 20:00:06 2010
New Revision: 48783
URL: http://svn.reactos.org/svn/reactos?rev=48783&view=rev
Log:
- Add unsafe bits buffer probing in GreSetDIBits.
Modified:
    branches/arwinss/reactos/subsystems/win32/win32k/gre/bitblt.c
Modified: branches/arwinss/reactos/subsystems/win32/win32k/gre/bitblt.c
URL: http://svn.reactos.org/svn/reactos/branches/arwinss/reactos/subsystems/win32...
==============================================================================

--- branches/arwinss/reactos/subsystems/win32/win32k/gre/bitblt.c [iso-8859-1] (original)
+++ branches/arwinss/reactos/subsystems/win32/win32k/gre/bitblt.c [iso-8859-1] Thu Sep 16 20:00:06 2010
@@ -568,6 +568,7 @@
     HPALETTE    DDB_Palette, DIB_Palette;
     ULONG       DIB_Palette_Type;
     INT         DIBWidth;
+    NTSTATUS    Status = STATUS_SUCCESS;
// Check parameters
     if (!(bitmap = SURFACE_LockSurface(hBitmap)))
@@ -589,6 +590,24 @@
// Determine width of DIB
     DIBWidth = DIB_GetDIBWidthBytes(SourceSize.cx, bmi->bmiHeader.biBitCount);
+
+    /* Probe the user buffer */
+    _SEH2_TRY
+    {
+        ProbeForRead(Bits, DIBWidth * SourceSize.cy, 1);
+    }
+    _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
+    {
+        Status = _SEH2_GetExceptionCode();
+        DPRINT1("Caught an exception 0x%08X!\n", Status);
+    }
+    _SEH2_END
+
+    if (!NT_SUCCESS(Status))
+    {
+        SURFACE_UnlockSurface(bitmap);
+        return 0;
+    }
SourceBitmap = EngCreateBitmap(SourceSize,
                                    DIBWidth,

    