NtGdiGetObject

1. fixed one BSD it does show bluescreen when the buffer are too small
2. fixed some bugs in calculation of different GdiObject sized

svn path=/trunk/; revision=25935

diff --git a/reactos/subsystems/win32/win32k/objects/bitmaps.c b/reactos/subsystems/win32/win32k/objects/bitmaps.c
index 5d0947f..ae716a4 100644 (file)
--- a/reactos/subsystems/win32/win32k/objects/bitmaps.c
+++ b/reactos/subsystems/win32/win32k/objects/bitmaps.c
@@ -1559,29 +1559,29 @@ BITMAPOBJ_CopyBitmap(HBITMAP  hBitmap)
 }
 
 INT STDCALL
 }
 
 INT STDCALL

-BITMAP_GetObject(BITMAPOBJ * bmp, INT count, LPVOID buffer)
+BITMAP_GetObject(BITMAPOBJ * bmp, INT Count, LPVOID buffer)

 {
 {

-       if( !buffer ) return sizeof(BITMAP);
-    if (count < sizeof(BITMAP)) return 0;
+       if( buffer == NULL ) return sizeof(BITMAP);
+       if (Count < sizeof(BITMAP)) return 0;

 
        if(bmp->dib)
        {
 
 
        if(bmp->dib)
        {
 

-               if(count < (INT) sizeof(DIBSECTION))
+               if(Count < (INT) sizeof(DIBSECTION))

                {
                {

-                       if (count > (INT) sizeof(BITMAP)) count = sizeof(BITMAP);
+                       if (Count > (INT) sizeof(BITMAP)) Count = sizeof(BITMAP);

                }
                else
                {
                }
                else
                {

-                       if (count > (INT) sizeof(DIBSECTION)) count = sizeof(DIBSECTION);
+                       if (Count > (INT) sizeof(DIBSECTION)) Count = sizeof(DIBSECTION);

                }
                }

-               memcpy(buffer, bmp->dib, count);
-               return count;
+               memcpy(buffer, bmp->dib, Count);
+               return Count;

        }
        else
        {
                BITMAP Bitmap;
        }
        else
        {
                BITMAP Bitmap;

-               if (count > (INT) sizeof(BITMAP)) count = sizeof(BITMAP);
+               if (Count > (INT) sizeof(BITMAP)) Count = sizeof(BITMAP);

                Bitmap.bmType = 0;
                Bitmap.bmWidth = bmp->SurfObj.sizlBitmap.cx;
                Bitmap.bmHeight = bmp->SurfObj.sizlBitmap.cy;
                Bitmap.bmType = 0;
                Bitmap.bmWidth = bmp->SurfObj.sizlBitmap.cx;
                Bitmap.bmHeight = bmp->SurfObj.sizlBitmap.cy;


@@ -1590,8 +1590,8 @@ BITMAP_GetObject(BITMAPOBJ * bmp, INT count, LPVOID buffer)
                Bitmap.bmBitsPixel = BitsPerFormat(bmp->SurfObj.iBitmapFormat);
                //Bitmap.bmBits = bmp->SurfObj.pvBits;
                Bitmap.bmBits = NULL; /* not set accoring wine test confirm in win2k */
                Bitmap.bmBitsPixel = BitsPerFormat(bmp->SurfObj.iBitmapFormat);
                //Bitmap.bmBits = bmp->SurfObj.pvBits;
                Bitmap.bmBits = NULL; /* not set accoring wine test confirm in win2k */

-               memcpy(buffer, &Bitmap, count);
-               return count;
+               memcpy(buffer, &Bitmap, Count);
+               return Count;

        }
 }
 /* EOF */
        }
 }
 /* EOF */

diff --git a/reactos/subsystems/win32/win32k/objects/brush.c b/reactos/subsystems/win32/win32k/objects/brush.c
index 4e74f8f..87fc8f2 100644 (file)
--- a/reactos/subsystems/win32/win32k/objects/brush.c
+++ b/reactos/subsystems/win32/win32k/objects/brush.c
@@ -51,62 +51,62 @@ BRUSH_Cleanup(PVOID ObjectBody)
 
 INT FASTCALL
 BRUSH_GetObject (PGDIBRUSHOBJ BrushObject, INT Count, LPLOGBRUSH Buffer)
 
 INT FASTCALL
 BRUSH_GetObject (PGDIBRUSHOBJ BrushObject, INT Count, LPLOGBRUSH Buffer)

-{      
-       if (Buffer)
-       {
-
-               /* Set colour */
-           Buffer->lbColor =  BrushObject->BrushAttr.lbColor;
-
-               /* set Hatch */
-               if ((BrushObject->flAttrs & GDIBRUSH_IS_HATCH)!=0)
-               {
-                        /* FIXME : is this right value */
-             Buffer->lbHatch = (LONG)BrushObject->hbmPattern;
-               }
-               else
-               {
-                        Buffer->lbHatch = 0;
-               }
-
-               Buffer->lbStyle = 0;
-
-               /* Get the type of style */
-               if ((BrushObject->flAttrs & GDIBRUSH_IS_SOLID)!=0)
-               {
-                       Buffer->lbStyle = BS_SOLID;
-               }
-               else if ((BrushObject->flAttrs & GDIBRUSH_IS_NULL)!=0)
-               {
-                       Buffer->lbStyle = BS_NULL; // BS_HOLLOW
-               }
-               else if ((BrushObject->flAttrs & GDIBRUSH_IS_HATCH)!=0)
-               {
-                       Buffer->lbStyle = BS_HATCHED;
-               }
-               else if ((BrushObject->flAttrs & GDIBRUSH_IS_BITMAP)!=0)
-               {
-                       Buffer->lbStyle = BS_PATTERN;
-               }
-               else if ((BrushObject->flAttrs & GDIBRUSH_IS_DIB)!=0)
-               {
-                       Buffer->lbStyle = BS_DIBPATTERN; 
-               }
-
-               /* FIXME 
-               else if ((BrushObject->flAttrs & )!=0)
-               {
-                       Buffer->lbStyle = BS_INDEXED;
-               }
-               
-               else if ((BrushObject->flAttrs & )!=0)
-               {
-                       Buffer->lbStyle = BS_DIBPATTERNPT;
-               }
-               */
-                                       
-       }
-       return sizeof(BRUSHOBJ);
+{
+   if( Buffer == NULL ) return sizeof(BRUSHOBJ);
+   if (Count < sizeof(BRUSHOBJ)) return 0;
+   if (Count > sizeof(BRUSHOBJ)) Count = sizeof(BRUSHOBJ);
+
+   /* Set colour */
+    Buffer->lbColor =  BrushObject->BrushAttr.lbColor;
+
+    /* set Hatch */
+    if ((BrushObject->flAttrs & GDIBRUSH_IS_HATCH)!=0)
+    {
+        /* FIXME : is this right value */
+        Buffer->lbHatch = (LONG)BrushObject->hbmPattern;
+    }
+    else
+    {
+        Buffer->lbHatch = 0;
+    }
+
+    Buffer->lbStyle = 0;
+
+    /* Get the type of style */
+    if ((BrushObject->flAttrs & GDIBRUSH_IS_SOLID)!=0)
+    {
+        Buffer->lbStyle = BS_SOLID;
+    }
+    else if ((BrushObject->flAttrs & GDIBRUSH_IS_NULL)!=0)
+    {
+        Buffer->lbStyle = BS_NULL; // BS_HOLLOW
+    }
+    else if ((BrushObject->flAttrs & GDIBRUSH_IS_HATCH)!=0)
+    {
+        Buffer->lbStyle = BS_HATCHED;
+    }
+    else if ((BrushObject->flAttrs & GDIBRUSH_IS_BITMAP)!=0)
+    {
+        Buffer->lbStyle = BS_PATTERN;
+    }
+    else if ((BrushObject->flAttrs & GDIBRUSH_IS_DIB)!=0)
+    {
+        Buffer->lbStyle = BS_DIBPATTERN; 
+    }
+
+    /* FIXME 
+    else if ((BrushObject->flAttrs & )!=0)
+    {
+        Buffer->lbStyle = BS_INDEXED;
+    }
+    else if ((BrushObject->flAttrs & )!=0)
+    {
+        Buffer->lbStyle = BS_DIBPATTERNPT;
+    }
+    */
+
+    /* FIXME */
+    return sizeof(BRUSHOBJ);

 }
 
 
 }
 
 

diff --git a/reactos/subsystems/win32/win32k/objects/dc.c b/reactos/subsystems/win32/win32k/objects/dc.c
index 0d0df02..b8473dc 100644 (file)
--- a/reactos/subsystems/win32/win32k/objects/dc.c
+++ b/reactos/subsystems/win32/win32k/objects/dc.c
@@ -1787,23 +1787,23 @@ IntGdiGetObject(HANDLE Handle, INT Count, LPVOID Buffer)
 INT STDCALL
 NtGdiGetObject(HANDLE handle, INT count, LPVOID buffer)
 {
 INT STDCALL
 NtGdiGetObject(HANDLE handle, INT count, LPVOID buffer)
 {

-  INT Ret;
+  INT Ret = 0;

   LPVOID SafeBuf;
   NTSTATUS Status = STATUS_SUCCESS;
   LPVOID SafeBuf;
   NTSTATUS Status = STATUS_SUCCESS;

+  INT RetCount = 0;

 
   /* From Wine: GetObject does not SetLastError() on a null object */
 
   /* From Wine: GetObject does not SetLastError() on a null object */

-  if (!handle) return 0;
+  if (!handle) return Ret;

 
 

-  if (count <= 0)
+  RetCount = IntGdiGetObject(handle, 0, NULL);
+  if ((count <= 0) || (!buffer))

   {
   {

-    return 0;
+    return RetCount;

   }
 
   _SEH_TRY
   {
   }
 
   _SEH_TRY
   {

-    ProbeForWrite(buffer,
-                  count,
-                  1);
+    ProbeForWrite(buffer, count, 1);

   }
   _SEH_HANDLE
   {
   }
   _SEH_HANDLE
   {


@@ -1814,36 +1814,37 @@ NtGdiGetObject(HANDLE handle, INT count, LPVOID buffer)
   if(!NT_SUCCESS(Status))
   {
     SetLastNtError(Status);
   if(!NT_SUCCESS(Status))
   {
     SetLastNtError(Status);

-    return 0;
+    return Ret;

   }
 
   }
 

-  SafeBuf = ExAllocatePoolWithTag(PagedPool, count, TAG_GDIOBJ);
-  if(!SafeBuf)
+  if (RetCount >= count)

   {
   {

-    SetLastWin32Error(ERROR_NOT_ENOUGH_MEMORY);
-    return 0;
-  }
+    SafeBuf = ExAllocatePoolWithTag(PagedPool, count, TAG_GDIOBJ);
+    if(!SafeBuf)
+    {
+        SetLastWin32Error(ERROR_NOT_ENOUGH_MEMORY);
+        return Ret;
+    }
+    Ret = IntGdiGetObject(handle, count, SafeBuf);

 
 

-  Ret = IntGdiGetObject(handle, count, SafeBuf);
+    _SEH_TRY
+    {
+        /* pointer already probed! */
+        RtlCopyMemory(buffer, SafeBuf, count);
+    }
+    _SEH_HANDLE
+    {
+        Status = _SEH_GetExceptionCode();
+    }
+    _SEH_END;

 
 

-  _SEH_TRY
-  {
-    /* pointer already probed! */
-    RtlCopyMemory(buffer,
-                  SafeBuf,
-                  count);
-  }
-  _SEH_HANDLE
-  {
-    Status = _SEH_GetExceptionCode();
-  }
-  _SEH_END;
+    ExFreePool(SafeBuf);

 
 

-  ExFreePool(SafeBuf);
-  if(!NT_SUCCESS(Status))
-  {
-    SetLastNtError(Status);
-    return 0;
+    if(!NT_SUCCESS(Status))
+    {
+        SetLastNtError(Status);
+        return 0;
+    }

   }
 
   return Ret;
   }
 
   return Ret;

diff --git a/reactos/subsystems/win32/win32k/objects/pen.c b/reactos/subsystems/win32/win32k/objects/pen.c
index 795b940..0b615f0 100644 (file)
--- a/reactos/subsystems/win32/win32k/objects/pen.c
+++ b/reactos/subsystems/win32/win32k/objects/pen.c
@@ -98,6 +98,10 @@ PEN_GetObject(PGDIBRUSHOBJ PenObject, INT Count, PLOGPEN Buffer)
   
    LOGPEN LogPen;
 
   
    LOGPEN LogPen;
 

+   if( Buffer == NULL ) return sizeof(LOGPEN);
+   if (Count < sizeof(LOGPEN)) return 0;
+   if (Count > sizeof(LOGPEN)) Count = sizeof(LOGPEN);
+

    if( Buffer == NULL ) return sizeof(LOGPEN);
 
    LogPen.lopnWidth = PenObject->ptPenWidth;
    if( Buffer == NULL ) return sizeof(LOGPEN);
 
    LogPen.lopnWidth = PenObject->ptPenWidth;

diff --git a/reactos/subsystems/win32/win32k/objects/text.c b/reactos/subsystems/win32/win32k/objects/text.c
index be95077..9656153 100644 (file)
--- a/reactos/subsystems/win32/win32k/objects/text.c
+++ b/reactos/subsystems/win32/win32k/objects/text.c
@@ -4093,17 +4093,13 @@ TextIntRealizeFont(HFONT FontHandle)
 INT FASTCALL
 FontGetObject(PTEXTOBJ Font, INT Count, PVOID Buffer)
 {
 INT FASTCALL
 FontGetObject(PTEXTOBJ Font, INT Count, PVOID Buffer)
 {

-  if (Buffer)
-  {
-     if (Count < sizeof(LOGFONTW))
-     {
-         SetLastWin32Error(ERROR_BUFFER_OVERFLOW);
-         return 0;
-     }
+  if( Buffer == NULL ) return sizeof(LOGFONTW);

 
 

-     RtlCopyMemory(Buffer, &Font->logfont, sizeof(LOGFONTW));
-  }
+  /* fixme  SetLastWin32Error(ERROR_BUFFER_OVERFLOW); in count<0*/
+  if (Count < sizeof(LOGFONTW)) return 0;
+  if (Count > sizeof(LOGFONTW)) Count = sizeof(LOGFONTW);

 
 

+  RtlCopyMemory(Buffer, &Font->logfont, sizeof(LOGFONTW));

   return sizeof(LOGFONTW);
 }
 
   return sizeof(LOGFONTW);
 }