[WIN32K] Add some missing range checks in ftGdiGetGlyphOutline. Fixes some gdi32...

author Amine Khaldi <amine.khaldi@reactos.org>

Fri, 29 May 2015 10:50:38 +0000 (10:50 +0000)

committer Amine Khaldi <amine.khaldi@reactos.org>

Fri, 29 May 2015 10:50:38 +0000 (10:50 +0000)
author Amine Khaldi <amine.khaldi@reactos.org>
Fri, 29 May 2015 10:50:38 +0000 (10:50 +0000)
committer Amine Khaldi <amine.khaldi@reactos.org>
Fri, 29 May 2015 10:50:38 +0000 (10:50 +0000)
diff --git a/reactos/win32ss/gdi/ntgdi/freetype.c b/reactos/win32ss/gdi/ntgdi/freetype.c

index f7e1ab3..2486d7f 100644 (file)
--- a/reactos/win32ss/gdi/ntgdi/freetype.c
+++ b/reactos/win32ss/gdi/ntgdi/freetype.c
@@ -2053,6 +2053,9 @@ ftGdiGetGlyphOutline(
          needed = pitch * height;
  
          if (!pvBuf || !cjBuf) break;
+        if (!needed) return GDI_ERROR;  /* empty glyph */
+        if (needed > cjBuf)
+            return GDI_ERROR;
  
          switch (ft_face->glyph->format)
          {
@@ -2108,6 +2111,9 @@ ftGdiGetGlyphOutline(
          needed = pitch * height;
  
          if (!pvBuf || !cjBuf) break;
+        if (!needed) return GDI_ERROR;  /* empty glyph */
+        if (needed > cjBuf)
+            return GDI_ERROR;
  
          switch (ft_face->glyph->format)
          {
author	Amine Khaldi <amine.khaldi@reactos.org>
	Fri, 29 May 2015 10:50:38 +0000 (10:50 +0000)
committer	Amine Khaldi <amine.khaldi@reactos.org>
	Fri, 29 May 2015 10:50:38 +0000 (10:50 +0000)