Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2025-08-01 23:53:07 +00:00
Code Issues Projects Releases Packages Wiki Activity

[0.4.9][NTGDI] Check if face->charmap is not zero before accessing its encoding (#4390)

Browse source 
Prevents a BSOD 0x1E upon dereference.
CORE-18091 CORE-18558

By partially porting back:
0.4.15-dev-5587-ga999c43 a999c43746
and take also some cosmetic changes from master head, like EOL-whitespace-removal.
This commit is contained in:
Joachim Henze 2023-01-21 15:01:29 +01:00
parent 8a9c4b374e
commit 96db0cd726
1 changed files with 13 additions and 24 deletions
Download patch file Download diff file Expand all files Collapse all files

37
win32ss/gdi/ntgdi/freetype.c
View file

@ -377,7 +377,7 @@ IntLoadFontSubstList(PLIST_ENTRY pHead)
}
/* query value */
Status = ZwQueryValueKey(KeyHandle, &FromW, KeyValueFullInformation,
Status = ZwQueryValueKey(KeyHandle, &FromW, KeyValueFullInformation,
InfoBuffer, sizeof(InfoBuffer), &Length);
pInfo = (PKEY_VALUE_FULL_INFORMATION)InfoBuffer;
if (!NT_SUCCESS(Status) || !pInfo->DataLength)
@ -1132,7 +1132,7 @@ IntGdiAddFontResource(PUNICODE_STRING FileName, DWORD Characteristics)
SIZE_T ViewSize = 0;
LARGE_INTEGER SectionSize;
OBJECT_ATTRIBUTES ObjectAttributes;
GDI_LOAD_FONT LoadFont;
GDI_LOAD_FONT LoadFont;
INT FontCount;
HANDLE KeyHandle;
static const UNICODE_STRING TrueTypePostfix = RTL_CONSTANT_STRING(L" (TrueType)");
@ -1242,7 +1242,6 @@ IntGdiAddFontMemResource(PVOID Buffer, DWORD dwSize, PDWORD pNumAdded)
HANDLE Ret = 0;
PVOID BufferCopy = ExAllocatePoolWithTag(PagedPool, dwSize, TAG_FONT);
if (!BufferCopy)
{
*pNumAdded = 0;
@ -1552,7 +1551,6 @@ static BOOL face_has_symbol_charmap(FT_Face ft_face)
return FALSE;
}
static void FASTCALL
FillTMEx(TEXTMETRICW *TM, PFONTGDI FontGDI,
TT_OS2 *pOS2, TT_HoriHeader *pHori,
@ -1633,9 +1631,7 @@ FillTMEx(TEXTMETRICW *TM, PFONTGDI FontGDI,
TM->tmAveCharWidth = (FT_MulFix(pOS2->xAvgCharWidth, XScale) + 32) >> 6;
if (TM->tmAveCharWidth == 0)
{
TM->tmAveCharWidth = 1;
}
/* Correct forumla to get the maxcharwidth from unicode and ansi font */
TM->tmMaxCharWidth = (FT_MulFix(Face->max_advance_width, XScale) + 32) >> 6;
@ -2319,7 +2315,7 @@ FontFamilyFillInfo(PFONTFAMILYINFO Info, LPCWSTR FaceName,
/* full name */
if (!FullName)
FullName = (WCHAR*)((ULONG_PTR) Otm + (ULONG_PTR)Otm->otmpFaceName);
RtlStringCbCopyW(Info->EnumLogFontEx.elfFullName,
sizeof(Info->EnumLogFontEx.elfFullName),
FullName);
@ -3173,7 +3169,6 @@ ftGdiGetGlyphOutline(
FT_Matrix ftmatrix;
FLOATOBJ efTemp;
PMATRIX pmx = DC_pmxWorldToDevice(dc);
/* Create a freetype matrix, by converting to 16.16 fixpoint format */
@ -3770,6 +3765,9 @@ ftGetFontUnicodeRanges(PFONTGDI Font, PGLYPHSET glyphset)
DWORD num_ranges = 0;
FT_Face face = Font->SharedFace->Face;
if (face->charmap == NULL)
return 0;
if (face->charmap->encoding == FT_ENCODING_UNICODE)
{
FT_UInt glyph_code = 0;
@ -4246,7 +4244,7 @@ GetFontPenalty(const LOGFONTW * LogFont,
if (Long != TM->tmWeight)
{
/* Weight Penalty 3 */
/* The candidate's weight does not match the requested weight.
/* The candidate's weight does not match the requested weight.
Penalty * (weight difference/10) */
Penalty += 3 * (labs(Long - TM->tmWeight) / 10);
}
@ -4481,9 +4479,6 @@ TextIntRealizeFont(HFONT FontHandle, PTEXTOBJ pTextObj)
FontGdi->RequestWeight = FW_NORMAL;
Face = FontGdi->SharedFace->Face;
//FontGdi->OriginalWeight = WeightFromStyle(Face->style_name);
if (!FontGdi->OriginalItalic)
FontGdi->OriginalItalic = ItalicFromStyle(Face->style_name);
@ -5519,7 +5514,7 @@ GreExtTextOutW(
FLOATOBJ_Set1(&Scale);
/* do the shift before multiplying to preserve precision */
FLOATOBJ_MulLong(&Scale, Dx[i<<DxShift] << 6);
FLOATOBJ_MulLong(&Scale, Dx[i<<DxShift] << 6);
TextLeft += FLOATOBJ_GetLong(&Scale);
DPRINT("New TextLeft2: %I64d\n", TextLeft);
}
@ -5664,15 +5659,14 @@ GreExtTextOutW(
HSourceGlyph = EngCreateBitmap(bitSize, realglyph->bitmap.pitch,
BMF_8BPP, BMF_TOPDOWN,
realglyph->bitmap.buffer);
if ( !HSourceGlyph )
if (!HSourceGlyph)
{
DPRINT1("WARNING: EngCreateBitmap() failed!\n");
// FT_Done_Glyph(realglyph);
bResult = FALSE;
break;
}
SourceGlyphSurf = EngLockSurface((HSURF)HSourceGlyph);
if ( !SourceGlyphSurf )
if (!SourceGlyphSurf)
{
EngDeleteSurface((HSURF)HSourceGlyph);
DPRINT1("WARNING: EngLockSurface() failed!\n");
@ -5783,7 +5777,7 @@ GreExtTextOutW(
FLOATOBJ_Set1(&Scale);
/* do the shift before multiplying to preserve precision */
FLOATOBJ_MulLong(&Scale, Dx[i<<DxShift] << 6);
FLOATOBJ_MulLong(&Scale, Dx[i<<DxShift] << 6);
TextLeft += FLOATOBJ_GetLong(&Scale);
DPRINT("New TextLeft2: %I64d\n", TextLeft);
}
@ -5812,7 +5806,6 @@ GreExtTextOutW(
EXLATEOBJ_vCleanup(&exloDst2RGB);
Cleanup:
DC_vFinishBlit(dc, NULL);
if (TextObj != NULL)
@ -6146,7 +6139,7 @@ NtGdiGetCharABCWidthsW(
if(Safepwch)
ExFreePoolWithTag(Safepwch , GDITAG_TEXT);
if (! NT_SUCCESS(Status))
if (!NT_SUCCESS(Status))
{
SetLastNtError(Status);
return FALSE;
@ -6355,7 +6348,7 @@ NtGdiGetGlyphIndicesW(
LPWORD UnSafepgi = pgi;
/* Check for integer overflow */
if (cwc & 0x80000000) // (INT_MAX + 1) == INT_MIN
if (cwc & 0x80000000) // (INT_MAX + 1) == INT_MIN
return GDI_ERROR;
if (!UnSafepwc && !UnSafepgi)
@ -6394,7 +6387,6 @@ NtGdiGetGlyphIndicesW(
{
return GDI_ERROR;
}
FontGDI = ObjToGDI(TextObj->Font, FONT);
TEXTOBJ_UnlockText(TextObj);
@ -6434,7 +6426,6 @@ NtGdiGetGlyphIndicesW(
pwcSize = cwc * sizeof(WCHAR);
Safepwc = ExAllocatePoolWithTag(PagedPool, pwcSize, GDITAG_TEXT);
if (!Safepwc)
{
Status = STATUS_NO_MEMORY;
@ -6455,7 +6446,6 @@ NtGdiGetGlyphIndicesW(
if (!NT_SUCCESS(Status)) goto ErrorRet;
IntLockFreeType;
for (i = 0; i < cwc; i++)
{
Buffer[i] = FT_Get_Char_Index(FontGDI->SharedFace->Face, Safepwc[i]);
@ -6464,7 +6454,6 @@ NtGdiGetGlyphIndicesW(
Buffer[i] = DefChar;
}
}
IntUnLockFreeType;
_SEH2_TRY