- BITMAP_Cleanup: Fix leak of DIBSECTION structure; remove redundant ifs.

- NtGdi(Get|Set)BitmapDimension: SEHify; set ERROR_INVALID_HANDLE on a bad non-NULL bitmap. - NtGdiGetDCforBitmap: Don't crash on bad bitmap. svn path=/trunk/; revision=34288
2024-07-05 04:06:22 +00:00 · 2008-07-04 00:05:31 +00:00 · 2008-07-04 00:05:31 +00:00 · 8912b7b4c8
parent 8bf777a515
commit 8912b7b4c8
1 changed files with 44 additions and 10 deletions
--- a/reactos/subsystems/win32/win32k/objects/bitmaps.c
+++ b/reactos/subsystems/win32/win32k/objects/bitmaps.c
@ -133,13 +133,11 @@ BITMAP_Cleanup(PVOID ObjectBody)
 	{
 		if (pBmp->dib == NULL)
 		{
-			if (pBmp->SurfObj.pvBits != NULL)
-			    ExFreePool(pBmp->SurfObj.pvBits);
+			ExFreePool(pBmp->SurfObj.pvBits);
 		}
 		else
 		{
-			if (pBmp->SurfObj.pvBits != NULL)
-				EngFreeUserMem(pBmp->SurfObj.pvBits);
+			EngFreeUserMem(pBmp->SurfObj.pvBits);
 		}
 		if (pBmp->hDIBPalette != NULL)
 		{
@ -153,6 +151,9 @@ BITMAP_Cleanup(PVOID ObjectBody)
 		pBmp->BitsLock = NULL;
 	}

+	if (pBmp->dib)
+		ExFreePoolWithTag(pBmp->dib, TAG_DIB);
+
 	return TRUE;
 }

@ -218,18 +219,32 @@ NtGdiGetBitmapDimension(
 	LPSIZE  Dimension)
 {
 	PBITMAPOBJ  bmp;
+	BOOL Ret = TRUE;
+
+	if (hBitmap == NULL)
+		return FALSE;

 	bmp = BITMAPOBJ_LockBitmap(hBitmap);
 	if (bmp == NULL)
 	{
+		SetLastWin32Error(ERROR_INVALID_HANDLE);
 		return FALSE;
 	}

-	*Dimension = bmp->dimension;
+	_SEH_TRY
+	{
+		ProbeForWrite(Dimension, sizeof(SIZE), 1);
+		*Dimension = bmp->dimension;
+	}
+	_SEH_HANDLE
+	{
+		Ret = FALSE;
+	}
+	_SEH_END

 	BITMAPOBJ_UnlockBitmap(bmp);

-	return  TRUE;
+	return Ret;
 }

 COLORREF STDCALL
@ -504,23 +519,39 @@ NtGdiSetBitmapDimension(
 	LPSIZE  Size)
 {
 	PBITMAPOBJ  bmp;
+	BOOL Ret = TRUE;
+
+	if (hBitmap == NULL)
+		return FALSE;

 	bmp = BITMAPOBJ_LockBitmap(hBitmap);
 	if (bmp == NULL)
 	{
+		SetLastWin32Error(ERROR_INVALID_HANDLE);
 		return FALSE;
 	}

 	if (Size)
 	{
-		*Size = bmp->dimension;
+		_SEH_TRY
+		{
+			ProbeForWrite(Size, sizeof(SIZE), 1);
+			*Size = bmp->dimension;
+		}
+		_SEH_HANDLE
+		{
+			Ret = FALSE;
+		}
+		_SEH_END
 	}
+
+	/* The dimension is changed even if writing the old value failed */
 	bmp->dimension.cx = Width;
 	bmp->dimension.cy = Height;

 	BITMAPOBJ_UnlockBitmap (bmp);

-	return TRUE;
+	return Ret;
 }

 BOOL STDCALL
@ -746,8 +777,11 @@ NtGdiGetDCforBitmap(
 {
  HDC hDC = NULL;
  PBITMAPOBJ bmp = BITMAPOBJ_LockBitmap( hsurf );
-  hDC = bmp->hDC;
-  BITMAPOBJ_UnlockBitmap( bmp );
+  if (bmp)
+  {
+    hDC = bmp->hDC;
+    BITMAPOBJ_UnlockBitmap( bmp );
+  }
  return hDC;
 }