From 94297234b4138b61b38334dd1d7a01ab33433d75 Mon Sep 17 00:00:00 2001 From: Magnus Olsen Date: Thu, 1 Mar 2007 19:13:29 +0000 Subject: [PATCH] NtGdiGetObject 1. fixed one BSD it does show bluescreen when the buffer are too small 2. fixed some bugs in calculation of different GdiObject sized svn path=/trunk/; revision=25935 --- .../subsystems/win32/win32k/objects/bitmaps.c | 22 ++-- .../subsystems/win32/win32k/objects/brush.c | 112 +++++++++--------- reactos/subsystems/win32/win32k/objects/dc.c | 63 +++++----- reactos/subsystems/win32/win32k/objects/pen.c | 4 + .../subsystems/win32/win32k/objects/text.c | 14 +-- 5 files changed, 108 insertions(+), 107 deletions(-) diff --git a/reactos/subsystems/win32/win32k/objects/bitmaps.c b/reactos/subsystems/win32/win32k/objects/bitmaps.c index 5d0947f28cc..ae716a44f4d 100644 --- a/reactos/subsystems/win32/win32k/objects/bitmaps.c +++ b/reactos/subsystems/win32/win32k/objects/bitmaps.c @@ -1559,29 +1559,29 @@ BITMAPOBJ_CopyBitmap(HBITMAP hBitmap) } INT STDCALL -BITMAP_GetObject(BITMAPOBJ * bmp, INT count, LPVOID buffer) +BITMAP_GetObject(BITMAPOBJ * bmp, INT Count, LPVOID buffer) { - if( !buffer ) return sizeof(BITMAP); - if (count < sizeof(BITMAP)) return 0; + if( buffer == NULL ) return sizeof(BITMAP); + if (Count < sizeof(BITMAP)) return 0; if(bmp->dib) { - if(count < (INT) sizeof(DIBSECTION)) + if(Count < (INT) sizeof(DIBSECTION)) { - if (count > (INT) sizeof(BITMAP)) count = sizeof(BITMAP); + if (Count > (INT) sizeof(BITMAP)) Count = sizeof(BITMAP); } else { - if (count > (INT) sizeof(DIBSECTION)) count = sizeof(DIBSECTION); + if (Count > (INT) sizeof(DIBSECTION)) Count = sizeof(DIBSECTION); } - memcpy(buffer, bmp->dib, count); - return count; + memcpy(buffer, bmp->dib, Count); + return Count; } else { BITMAP Bitmap; - if (count > (INT) sizeof(BITMAP)) count = sizeof(BITMAP); + if (Count > (INT) sizeof(BITMAP)) Count = sizeof(BITMAP); Bitmap.bmType = 0; Bitmap.bmWidth = bmp->SurfObj.sizlBitmap.cx; Bitmap.bmHeight = bmp->SurfObj.sizlBitmap.cy; @@ -1590,8 +1590,8 @@ BITMAP_GetObject(BITMAPOBJ * bmp, INT count, LPVOID buffer) Bitmap.bmBitsPixel = BitsPerFormat(bmp->SurfObj.iBitmapFormat); //Bitmap.bmBits = bmp->SurfObj.pvBits; Bitmap.bmBits = NULL; /* not set accoring wine test confirm in win2k */ - memcpy(buffer, &Bitmap, count); - return count; + memcpy(buffer, &Bitmap, Count); + return Count; } } /* EOF */ diff --git a/reactos/subsystems/win32/win32k/objects/brush.c b/reactos/subsystems/win32/win32k/objects/brush.c index 4e74f8fc8f0..87fc8f201a1 100644 --- a/reactos/subsystems/win32/win32k/objects/brush.c +++ b/reactos/subsystems/win32/win32k/objects/brush.c @@ -51,62 +51,62 @@ BRUSH_Cleanup(PVOID ObjectBody) INT FASTCALL BRUSH_GetObject (PGDIBRUSHOBJ BrushObject, INT Count, LPLOGBRUSH Buffer) -{ - if (Buffer) - { - - /* Set colour */ - Buffer->lbColor = BrushObject->BrushAttr.lbColor; - - /* set Hatch */ - if ((BrushObject->flAttrs & GDIBRUSH_IS_HATCH)!=0) - { - /* FIXME : is this right value */ - Buffer->lbHatch = (LONG)BrushObject->hbmPattern; - } - else - { - Buffer->lbHatch = 0; - } - - Buffer->lbStyle = 0; - - /* Get the type of style */ - if ((BrushObject->flAttrs & GDIBRUSH_IS_SOLID)!=0) - { - Buffer->lbStyle = BS_SOLID; - } - else if ((BrushObject->flAttrs & GDIBRUSH_IS_NULL)!=0) - { - Buffer->lbStyle = BS_NULL; // BS_HOLLOW - } - else if ((BrushObject->flAttrs & GDIBRUSH_IS_HATCH)!=0) - { - Buffer->lbStyle = BS_HATCHED; - } - else if ((BrushObject->flAttrs & GDIBRUSH_IS_BITMAP)!=0) - { - Buffer->lbStyle = BS_PATTERN; - } - else if ((BrushObject->flAttrs & GDIBRUSH_IS_DIB)!=0) - { - Buffer->lbStyle = BS_DIBPATTERN; - } - - /* FIXME - else if ((BrushObject->flAttrs & )!=0) - { - Buffer->lbStyle = BS_INDEXED; - } - - else if ((BrushObject->flAttrs & )!=0) - { - Buffer->lbStyle = BS_DIBPATTERNPT; - } - */ - - } - return sizeof(BRUSHOBJ); +{ + if( Buffer == NULL ) return sizeof(BRUSHOBJ); + if (Count < sizeof(BRUSHOBJ)) return 0; + if (Count > sizeof(BRUSHOBJ)) Count = sizeof(BRUSHOBJ); + + /* Set colour */ + Buffer->lbColor = BrushObject->BrushAttr.lbColor; + + /* set Hatch */ + if ((BrushObject->flAttrs & GDIBRUSH_IS_HATCH)!=0) + { + /* FIXME : is this right value */ + Buffer->lbHatch = (LONG)BrushObject->hbmPattern; + } + else + { + Buffer->lbHatch = 0; + } + + Buffer->lbStyle = 0; + + /* Get the type of style */ + if ((BrushObject->flAttrs & GDIBRUSH_IS_SOLID)!=0) + { + Buffer->lbStyle = BS_SOLID; + } + else if ((BrushObject->flAttrs & GDIBRUSH_IS_NULL)!=0) + { + Buffer->lbStyle = BS_NULL; // BS_HOLLOW + } + else if ((BrushObject->flAttrs & GDIBRUSH_IS_HATCH)!=0) + { + Buffer->lbStyle = BS_HATCHED; + } + else if ((BrushObject->flAttrs & GDIBRUSH_IS_BITMAP)!=0) + { + Buffer->lbStyle = BS_PATTERN; + } + else if ((BrushObject->flAttrs & GDIBRUSH_IS_DIB)!=0) + { + Buffer->lbStyle = BS_DIBPATTERN; + } + + /* FIXME + else if ((BrushObject->flAttrs & )!=0) + { + Buffer->lbStyle = BS_INDEXED; + } + else if ((BrushObject->flAttrs & )!=0) + { + Buffer->lbStyle = BS_DIBPATTERNPT; + } + */ + + /* FIXME */ + return sizeof(BRUSHOBJ); } diff --git a/reactos/subsystems/win32/win32k/objects/dc.c b/reactos/subsystems/win32/win32k/objects/dc.c index 0d0df02591f..b8473dcd82c 100644 --- a/reactos/subsystems/win32/win32k/objects/dc.c +++ b/reactos/subsystems/win32/win32k/objects/dc.c @@ -1787,23 +1787,23 @@ IntGdiGetObject(HANDLE Handle, INT Count, LPVOID Buffer) INT STDCALL NtGdiGetObject(HANDLE handle, INT count, LPVOID buffer) { - INT Ret; + INT Ret = 0; LPVOID SafeBuf; NTSTATUS Status = STATUS_SUCCESS; + INT RetCount = 0; /* From Wine: GetObject does not SetLastError() on a null object */ - if (!handle) return 0; + if (!handle) return Ret; - if (count <= 0) + RetCount = IntGdiGetObject(handle, 0, NULL); + if ((count <= 0) || (!buffer)) { - return 0; + return RetCount; } _SEH_TRY { - ProbeForWrite(buffer, - count, - 1); + ProbeForWrite(buffer, count, 1); } _SEH_HANDLE { @@ -1814,36 +1814,37 @@ NtGdiGetObject(HANDLE handle, INT count, LPVOID buffer) if(!NT_SUCCESS(Status)) { SetLastNtError(Status); - return 0; + return Ret; } - SafeBuf = ExAllocatePoolWithTag(PagedPool, count, TAG_GDIOBJ); - if(!SafeBuf) + if (RetCount >= count) { - SetLastWin32Error(ERROR_NOT_ENOUGH_MEMORY); - return 0; - } + SafeBuf = ExAllocatePoolWithTag(PagedPool, count, TAG_GDIOBJ); + if(!SafeBuf) + { + SetLastWin32Error(ERROR_NOT_ENOUGH_MEMORY); + return Ret; + } + Ret = IntGdiGetObject(handle, count, SafeBuf); - Ret = IntGdiGetObject(handle, count, SafeBuf); + _SEH_TRY + { + /* pointer already probed! */ + RtlCopyMemory(buffer, SafeBuf, count); + } + _SEH_HANDLE + { + Status = _SEH_GetExceptionCode(); + } + _SEH_END; - _SEH_TRY - { - /* pointer already probed! */ - RtlCopyMemory(buffer, - SafeBuf, - count); - } - _SEH_HANDLE - { - Status = _SEH_GetExceptionCode(); - } - _SEH_END; + ExFreePool(SafeBuf); - ExFreePool(SafeBuf); - if(!NT_SUCCESS(Status)) - { - SetLastNtError(Status); - return 0; + if(!NT_SUCCESS(Status)) + { + SetLastNtError(Status); + return 0; + } } return Ret; diff --git a/reactos/subsystems/win32/win32k/objects/pen.c b/reactos/subsystems/win32/win32k/objects/pen.c index 795b94086cb..0b615f0f210 100644 --- a/reactos/subsystems/win32/win32k/objects/pen.c +++ b/reactos/subsystems/win32/win32k/objects/pen.c @@ -98,6 +98,10 @@ PEN_GetObject(PGDIBRUSHOBJ PenObject, INT Count, PLOGPEN Buffer) LOGPEN LogPen; + if( Buffer == NULL ) return sizeof(LOGPEN); + if (Count < sizeof(LOGPEN)) return 0; + if (Count > sizeof(LOGPEN)) Count = sizeof(LOGPEN); + if( Buffer == NULL ) return sizeof(LOGPEN); LogPen.lopnWidth = PenObject->ptPenWidth; diff --git a/reactos/subsystems/win32/win32k/objects/text.c b/reactos/subsystems/win32/win32k/objects/text.c index be9507706e9..96561530e42 100644 --- a/reactos/subsystems/win32/win32k/objects/text.c +++ b/reactos/subsystems/win32/win32k/objects/text.c @@ -4093,17 +4093,13 @@ TextIntRealizeFont(HFONT FontHandle) INT FASTCALL FontGetObject(PTEXTOBJ Font, INT Count, PVOID Buffer) { - if (Buffer) - { - if (Count < sizeof(LOGFONTW)) - { - SetLastWin32Error(ERROR_BUFFER_OVERFLOW); - return 0; - } + if( Buffer == NULL ) return sizeof(LOGFONTW); - RtlCopyMemory(Buffer, &Font->logfont, sizeof(LOGFONTW)); - } + /* fixme SetLastWin32Error(ERROR_BUFFER_OVERFLOW); in count<0*/ + if (Count < sizeof(LOGFONTW)) return 0; + if (Count > sizeof(LOGFONTW)) Count = sizeof(LOGFONTW); + RtlCopyMemory(Buffer, &Font->logfont, sizeof(LOGFONTW)); return sizeof(LOGFONTW); } -- 2.17.1