NtGdiGetObject

1. fixed one BSD it does show bluescreen when the buffer are too small 2. fixed some bugs in calculation of different GdiObject sized svn path=/trunk/; revision=25935
2024-07-05 04:06:22 +00:00 · 2007-03-01 19:13:29 +00:00 · 2007-03-01 19:13:29 +00:00 · 94297234b4
parent eb28b183e5
commit 94297234b4
5 changed files with 103 additions and 102 deletions
--- a/reactos/subsystems/win32/win32k/objects/bitmaps.c
+++ b/reactos/subsystems/win32/win32k/objects/bitmaps.c
@ -1559,29 +1559,29 @@ BITMAPOBJ_CopyBitmap(HBITMAP  hBitmap)
 }

 INT STDCALL
-BITMAP_GetObject(BITMAPOBJ * bmp, INT count, LPVOID buffer)
+BITMAP_GetObject(BITMAPOBJ * bmp, INT Count, LPVOID buffer)
 {
-	if( !buffer ) return sizeof(BITMAP);
-    if (count < sizeof(BITMAP)) return 0;
+	if( buffer == NULL ) return sizeof(BITMAP);
+	if (Count < sizeof(BITMAP)) return 0;

 	if(bmp->dib)
 	{

-		if(count < (INT) sizeof(DIBSECTION))
+		if(Count < (INT) sizeof(DIBSECTION))
 		{
-			if (count > (INT) sizeof(BITMAP)) count = sizeof(BITMAP);
+			if (Count > (INT) sizeof(BITMAP)) Count = sizeof(BITMAP);
 		}
 		else
 		{
-			if (count > (INT) sizeof(DIBSECTION)) count = sizeof(DIBSECTION);
+			if (Count > (INT) sizeof(DIBSECTION)) Count = sizeof(DIBSECTION);
 		}
-		memcpy(buffer, bmp->dib, count);
-		return count;
+		memcpy(buffer, bmp->dib, Count);
+		return Count;
 	}
 	else
 	{
 		BITMAP Bitmap;
-		if (count > (INT) sizeof(BITMAP)) count = sizeof(BITMAP);
+		if (Count > (INT) sizeof(BITMAP)) Count = sizeof(BITMAP);
 		Bitmap.bmType = 0;
 		Bitmap.bmWidth = bmp->SurfObj.sizlBitmap.cx;
 		Bitmap.bmHeight = bmp->SurfObj.sizlBitmap.cy;
@ -1590,8 +1590,8 @@ BITMAP_GetObject(BITMAPOBJ * bmp, INT count, LPVOID buffer)
 		Bitmap.bmBitsPixel = BitsPerFormat(bmp->SurfObj.iBitmapFormat);
 		//Bitmap.bmBits = bmp->SurfObj.pvBits;
 		Bitmap.bmBits = NULL; /* not set accoring wine test confirm in win2k */
-		memcpy(buffer, &Bitmap, count);
-		return count;
+		memcpy(buffer, &Bitmap, Count);
+		return Count;
 	}
 }
 /* EOF */
--- a/reactos/subsystems/win32/win32k/objects/brush.c
+++ b/reactos/subsystems/win32/win32k/objects/brush.c
@ -51,62 +51,62 @@ BRUSH_Cleanup(PVOID ObjectBody)

 INT FASTCALL
 BRUSH_GetObject (PGDIBRUSHOBJ BrushObject, INT Count, LPLOGBRUSH Buffer)
-{	
-	if (Buffer)
-	{
+{
+   if( Buffer == NULL ) return sizeof(BRUSHOBJ);
+   if (Count < sizeof(BRUSHOBJ)) return 0;
+   if (Count > sizeof(BRUSHOBJ)) Count = sizeof(BRUSHOBJ);

-		/* Set colour */
-	    Buffer->lbColor =  BrushObject->BrushAttr.lbColor;
+   /* Set colour */
+    Buffer->lbColor =  BrushObject->BrushAttr.lbColor;

-		/* set Hatch */
-		if ((BrushObject->flAttrs & GDIBRUSH_IS_HATCH)!=0)
-		{
-			 /* FIXME : is this right value */
-             Buffer->lbHatch = (LONG)BrushObject->hbmPattern;
-		}
-		else
-		{
-			 Buffer->lbHatch = 0;
-		}
+    /* set Hatch */
+    if ((BrushObject->flAttrs & GDIBRUSH_IS_HATCH)!=0)
+    {
+        /* FIXME : is this right value */
+        Buffer->lbHatch = (LONG)BrushObject->hbmPattern;
+    }
+    else
+    {
+        Buffer->lbHatch = 0;
+    }

-		Buffer->lbStyle = 0;
+    Buffer->lbStyle = 0;

-		/* Get the type of style */
-		if ((BrushObject->flAttrs & GDIBRUSH_IS_SOLID)!=0)
-		{
-			Buffer->lbStyle = BS_SOLID;
-		}
-		else if ((BrushObject->flAttrs & GDIBRUSH_IS_NULL)!=0)
-		{
-			Buffer->lbStyle = BS_NULL; // BS_HOLLOW
-		}
-		else if ((BrushObject->flAttrs & GDIBRUSH_IS_HATCH)!=0)
-		{
-			Buffer->lbStyle = BS_HATCHED;
-		}
-		else if ((BrushObject->flAttrs & GDIBRUSH_IS_BITMAP)!=0)
-		{
-			Buffer->lbStyle = BS_PATTERN;
-		}
-		else if ((BrushObject->flAttrs & GDIBRUSH_IS_DIB)!=0)
-		{
-			Buffer->lbStyle = BS_DIBPATTERN; 
-		}
+    /* Get the type of style */
+    if ((BrushObject->flAttrs & GDIBRUSH_IS_SOLID)!=0)
+    {
+        Buffer->lbStyle = BS_SOLID;
+    }
+    else if ((BrushObject->flAttrs & GDIBRUSH_IS_NULL)!=0)
+    {
+        Buffer->lbStyle = BS_NULL; // BS_HOLLOW
+    }
+    else if ((BrushObject->flAttrs & GDIBRUSH_IS_HATCH)!=0)
+    {
+        Buffer->lbStyle = BS_HATCHED;
+    }
+    else if ((BrushObject->flAttrs & GDIBRUSH_IS_BITMAP)!=0)
+    {
+        Buffer->lbStyle = BS_PATTERN;
+    }
+    else if ((BrushObject->flAttrs & GDIBRUSH_IS_DIB)!=0)
+    {
+        Buffer->lbStyle = BS_DIBPATTERN; 
+    }

-		/* FIXME 
-		else if ((BrushObject->flAttrs & )!=0)
-		{
-			Buffer->lbStyle = BS_INDEXED;
-		}
-		
-		else if ((BrushObject->flAttrs & )!=0)
-		{
-			Buffer->lbStyle = BS_DIBPATTERNPT;
-		}
-		*/
-				        
-	}
-	return sizeof(BRUSHOBJ);
+    /* FIXME 
+    else if ((BrushObject->flAttrs & )!=0)
+    {
+        Buffer->lbStyle = BS_INDEXED;
+    }
+    else if ((BrushObject->flAttrs & )!=0)
+    {
+        Buffer->lbStyle = BS_DIBPATTERNPT;
+    }
+    */
+
+    /* FIXME */
+    return sizeof(BRUSHOBJ);
 }


--- a/reactos/subsystems/win32/win32k/objects/dc.c
+++ b/reactos/subsystems/win32/win32k/objects/dc.c
@ -1787,23 +1787,23 @@ IntGdiGetObject(HANDLE Handle, INT Count, LPVOID Buffer)
 INT STDCALL
 NtGdiGetObject(HANDLE handle, INT count, LPVOID buffer)
 {
-  INT Ret;
+  INT Ret = 0;
  LPVOID SafeBuf;
  NTSTATUS Status = STATUS_SUCCESS;
+  INT RetCount = 0;

  /* From Wine: GetObject does not SetLastError() on a null object */
-  if (!handle) return 0;
+  if (!handle) return Ret;

-  if (count <= 0)
+  RetCount = IntGdiGetObject(handle, 0, NULL);
+  if ((count <= 0) || (!buffer))
  {
-    return 0;
+    return RetCount;
  }

  _SEH_TRY
  {
-    ProbeForWrite(buffer,
-                  count,
-                  1);
+    ProbeForWrite(buffer, count, 1);
  }
  _SEH_HANDLE
  {
@ -1814,36 +1814,37 @@ NtGdiGetObject(HANDLE handle, INT count, LPVOID buffer)
  if(!NT_SUCCESS(Status))
  {
    SetLastNtError(Status);
-    return 0;
+    return Ret;
  }

-  SafeBuf = ExAllocatePoolWithTag(PagedPool, count, TAG_GDIOBJ);
-  if(!SafeBuf)
+  if (RetCount >= count)
  {
-    SetLastWin32Error(ERROR_NOT_ENOUGH_MEMORY);
-    return 0;
-  }
+    SafeBuf = ExAllocatePoolWithTag(PagedPool, count, TAG_GDIOBJ);
+    if(!SafeBuf)
+    {
+        SetLastWin32Error(ERROR_NOT_ENOUGH_MEMORY);
+        return Ret;
+    }
+    Ret = IntGdiGetObject(handle, count, SafeBuf);

-  Ret = IntGdiGetObject(handle, count, SafeBuf);
+    _SEH_TRY
+    {
+        /* pointer already probed! */
+        RtlCopyMemory(buffer, SafeBuf, count);
+    }
+    _SEH_HANDLE
+    {
+        Status = _SEH_GetExceptionCode();
+    }
+    _SEH_END;

-  _SEH_TRY
-  {
-    /* pointer already probed! */
-    RtlCopyMemory(buffer,
-                  SafeBuf,
-                  count);
-  }
-  _SEH_HANDLE
-  {
-    Status = _SEH_GetExceptionCode();
-  }
-  _SEH_END;
+    ExFreePool(SafeBuf);

-  ExFreePool(SafeBuf);
-  if(!NT_SUCCESS(Status))
-  {
-    SetLastNtError(Status);
-    return 0;
+    if(!NT_SUCCESS(Status))
+    {
+        SetLastNtError(Status);
+        return 0;
+    }
  }

  return Ret;
--- a/reactos/subsystems/win32/win32k/objects/pen.c
+++ b/reactos/subsystems/win32/win32k/objects/pen.c
@ -98,6 +98,10 @@ PEN_GetObject(PGDIBRUSHOBJ PenObject, INT Count, PLOGPEN Buffer)
  
   LOGPEN LogPen;

+   if( Buffer == NULL ) return sizeof(LOGPEN);
+   if (Count < sizeof(LOGPEN)) return 0;
+   if (Count > sizeof(LOGPEN)) Count = sizeof(LOGPEN);
+
   if( Buffer == NULL ) return sizeof(LOGPEN);

   LogPen.lopnWidth = PenObject->ptPenWidth;
--- a/reactos/subsystems/win32/win32k/objects/text.c
+++ b/reactos/subsystems/win32/win32k/objects/text.c
@ -4093,17 +4093,13 @@ TextIntRealizeFont(HFONT FontHandle)
 INT FASTCALL
 FontGetObject(PTEXTOBJ Font, INT Count, PVOID Buffer)
 {
-  if (Buffer)
-  {
-     if (Count < sizeof(LOGFONTW))
-     {
-         SetLastWin32Error(ERROR_BUFFER_OVERFLOW);
-         return 0;
-     }
+  if( Buffer == NULL ) return sizeof(LOGFONTW);

-     RtlCopyMemory(Buffer, &Font->logfont, sizeof(LOGFONTW));
-  }
+  /* fixme  SetLastWin32Error(ERROR_BUFFER_OVERFLOW); in count<0*/
+  if (Count < sizeof(LOGFONTW)) return 0;
+  if (Count > sizeof(LOGFONTW)) Count = sizeof(LOGFONTW);

+  RtlCopyMemory(Buffer, &Font->logfont, sizeof(LOGFONTW));
  return sizeof(LOGFONTW);
 }