From 14f2cc4e3b6037bdd85eb5ce9906781e0f114f53 Mon Sep 17 00:00:00 2001 From: Royce Mitchell III Date: Wed, 18 Feb 2004 02:37:18 +0000 Subject: [PATCH] fix bug in NtGdiExtEscape - not checking for NULL == DriverFunctions.Escape. also added buffer copying. svn path=/trunk/; revision=8243 --- reactos/subsys/win32k/objects/print.c | 131 ++++++++++++++++++++++---- 1 file changed, 112 insertions(+), 19 deletions(-) diff --git a/reactos/subsys/win32k/objects/print.c b/reactos/subsys/win32k/objects/print.c index e7d1d7f19ff..41435daefe9 100644 --- a/reactos/subsys/win32k/objects/print.c +++ b/reactos/subsys/win32k/objects/print.c @@ -16,13 +16,15 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ -/* $Id: print.c,v 1.12 2004/02/08 16:16:24 navaraf Exp $ */ +/* $Id: print.c,v 1.13 2004/02/18 02:37:18 royce Exp $ */ #undef WIN32_LEAN_AND_MEAN #include #include #include #include +#include +#include #define NDEBUG #include @@ -59,33 +61,124 @@ NtGdiEscape(HDC hDC, UNIMPLEMENTED; } -INT STDCALL -NtGdiExtEscape( - HDC hDC, - INT Escape, - INT InSize, - LPCSTR InData, - INT OutSize, - LPSTR OutData) +INT +STDCALL +IntEngExtEscape( + HSURF Surface, + INT Escape, + INT InSize, + LPVOID InData, + INT OutSize, + LPVOID OutData) { - PDC pDC = DC_LockDc(hDC); - INT Result; + UNIMPLEMENTED; + return -1; +} - if (pDC == NULL) +INT +STDCALL +IntGdiExtEscape( + PDC dc, + INT Escape, + INT InSize, + LPCSTR InData, + INT OutSize, + LPSTR OutData) +{ + if ( NULL == dc->DriverFunctions.Escape ) { + return IntEngExtEscape( + dc->Surface, + Escape, + InSize, + (PVOID)InData, + OutSize, + (PVOID)OutData); + } + else + { + return dc->DriverFunctions.Escape( + dc->Surface, + Escape, + InSize, + (PVOID)InData, + OutSize, + (PVOID)OutData ); + } +} + +INT +STDCALL +NtGdiExtEscape( + HDC hDC, + INT Escape, + INT InSize, + LPCSTR UnsafeInData, + INT OutSize, + LPSTR UnsafeOutData) +{ + PDC pDC = DC_LockDc(hDC); + LPVOID SafeInData = NULL; + LPVOID SafeOutData = NULL; + NTSTATUS Status; + INT Result; + + if ( pDC == NULL ) + { + SetLastWin32Error(ERROR_INVALID_HANDLE); return -1; } - Result = pDC->DriverFunctions.Escape( - pDC->Surface, - Escape, - InSize, - (PVOID)InData, - OutSize, - (PVOID)OutData); + if ( InSize && UnsafeInData ) + { + SafeInData = ExAllocatePool ( NonPagedPool, InSize ); + if ( !SafeInData ) + { + DC_UnlockDc(hDC); + SetLastWin32Error(ERROR_NOT_ENOUGH_MEMORY); + return -1; + } + Status = MmCopyFromCaller ( SafeInData, UnsafeInData, InSize ); + if ( !NT_SUCCESS(Status) ) + { + ExFreePool ( SafeInData ); + DC_UnlockDc(hDC); + SetLastNtError(Status); + return -1; + } + } + + if ( OutSize && UnsafeOutData ) + { + SafeOutData = ExAllocatePool ( NonPagedPool, OutSize ); + if ( !SafeOutData ) + { + if ( SafeInData ) + ExFreePool ( SafeInData ); + DC_UnlockDc(hDC); + SetLastWin32Error(ERROR_NOT_ENOUGH_MEMORY); + return -1; + } + } + + Result = IntGdiExtEscape ( pDC, Escape, InSize, SafeInData, OutSize, SafeOutData ); DC_UnlockDc(hDC); + if ( SafeInData ) + ExFreePool ( SafeInData ); + + if ( SafeOutData ) + { + Status = MmCopyToCaller ( UnsafeOutData, SafeOutData, OutSize ); + ExFreePool ( SafeOutData ); + if ( !NT_SUCCESS(Status) ) + { + SetLastNtError(Status); + return -1; + } + } + return Result; }