[gvg] 19272: Add some SEH protection (not complete yet) - Ros-diffs

16 Nov 2005

Add some SEH protection (not complete yet)
Modified: trunk/reactos/subsys/win32k/objects/bitmaps.c
  _____
Modified: trunk/reactos/subsys/win32k/objects/bitmaps.c

--- trunk/reactos/subsys/win32k/objects/bitmaps.c	2005-11-16
20:38:31 UTC (rev 19271)
+++ trunk/reactos/subsys/win32k/objects/bitmaps.c	2005-11-16
20:52:07 UTC (rev 19272)
@@ -396,37 +396,33 @@
return Ret;
 }
-HBITMAP STDCALL
-NtGdiCreateBitmap(
-	INT  Width,
-	INT  Height,
-	UINT  Planes,
-	UINT  BitsPerPel,
-	CONST VOID *Bits)
+static FASTCALL HBITMAP
+IntCreateBitmapIndirect(CONST BITMAP *BM)
 {
    PBITMAPOBJ bmp;
    HBITMAP hBitmap;
    SIZEL Size;
+   UINT BitsPixel;
/* NOTE: Windows also doesn't store nr. of planes separately! */
-   BitsPerPel = (BYTE)BitsPerPel * (BYTE)Planes;
+   BitsPixel = BM->bmBitsPixel * BM->bmPlanes;
/* Check parameters */
-   if (!Height || !Width)
+   if (0 == BM->bmHeight || 0 == BM->bmWidth)
    {
       Size.cx = Size.cy = 1;
    }
    else
    {
-      Size.cx = abs(Width);
-      Size.cy = abs(Height);
+      Size.cx = abs(BM->bmWidth);
+      Size.cy = abs(BM->bmHeight);
    }
/* Create the bitmap object. */
-   hBitmap = IntCreateBitmap(Size, BITMAPOBJ_GetWidthBytes(Width,
BitsPerPel),
-                             BitmapFormat(BitsPerPel, BI_RGB),
-                             (Height < 0 ? BMF_TOPDOWN : 0) |
-                             (Bits == NULL ? 0 : BMF_NOZEROINIT),
NULL);
+   hBitmap = IntCreateBitmap(Size, BM->bmWidthBytes,
+                             BitmapFormat(BitsPixel, BI_RGB),
+                             (BM->bmHeight < 0 ? BMF_TOPDOWN : 0) |
+                             (NULL == BM->bmBits ? 0 : BMF_NOZEROINIT),
NULL);
    if (!hBitmap)
    {
       DPRINT("NtGdiCreateBitmap: IntCreateBitmap returned 0\n");
@@ -434,7 +430,7 @@
    }
DPRINT("NtGdiCreateBitmap:%dx%d, %d BPP colors returning %08x\n",
-          Size.cx, Size.cy, BitsPerPel, hBitmap);
+          Size.cx, Size.cy, BitsPixel, hBitmap);
bmp = BITMAPOBJ_LockBitmap( hBitmap );
    /* FIXME - bmp can be NULL!!!!!! */
@@ -447,14 +443,35 @@
     * to us it should be safe.
     */
-   if (Bits != NULL)
+   if (NULL != BM->bmBits)
    {
-      NtGdiSetBitmapBits(hBitmap, bmp->SurfObj.cjBits, Bits);
+      NtGdiSetBitmapBits(hBitmap, bmp->SurfObj.cjBits, BM->bmBits);
    }
return hBitmap;
 }
+HBITMAP STDCALL
+NtGdiCreateBitmap(
+	INT  Width,
+	INT  Height,
+	UINT  Planes,
+	UINT  BitsPixel,
+	CONST VOID *Bits)
+{
+   BITMAP BM;
+
+   BM.bmType = 0;
+   BM.bmWidth = Width;
+   BM.bmHeight = Height;
+   BM.bmWidthBytes = BITMAPOBJ_GetWidthBytes(Width, Planes *
BitsPixel);
+   BM.bmPlanes = Planes;
+   BM.bmBitsPixel = BitsPixel;
+   BM.bmBits = (LPVOID) Bits;
+
+   return IntCreateBitmapIndirect(&BM);
+}
+
 BOOL INTERNAL_CALL
 BITMAP_Cleanup(PVOID ObjectBody)
 {
@@ -542,13 +559,32 @@
 }
HBITMAP STDCALL
-NtGdiCreateBitmapIndirect(CONST BITMAP  *BM)
+NtGdiCreateBitmapIndirect(CONST BITMAP *UnsafeBM)
 {
-	return NtGdiCreateBitmap (BM->bmWidth,
-		BM->bmHeight,
-		BM->bmPlanes,
-		BM->bmBitsPixel,
-		BM->bmBits);
+  BITMAP BM;
+  NTSTATUS Status = STATUS_SUCCESS;
+
+  _SEH_TRY
+  {
+    ProbeForRead(UnsafeBM, sizeof(BITMAP), 1);
+    BM = *UnsafeBM;
+    if (NULL != BM.bmBits)
+      {
+      ProbeForRead(BM.bmBits, BM.bmWidthBytes * abs(BM.bmHeight), 2);
+      }
+  }
+  _SEH_HANDLE
+  {
+    Status = _SEH_GetExceptionCode();
+  }
+  _SEH_END;
+  if(!NT_SUCCESS(Status))
+  {
+    SetLastNtError(Status);
+    return NULL;
+  }
+
+  return IntCreateBitmapIndirect(&BM);
 }
HBITMAP STDCALL
@@ -1478,7 +1514,7 @@
    if (Bitmap->SurfObj.lDelta >= 0)
    	bm.bmHeight = -bm.bmHeight;
-	res = NtGdiCreateBitmapIndirect(&bm);
+	res = IntCreateBitmapIndirect(&bm);
    if(res)
    {
    	char *buf;

    