From b5fae844de5877d2c9c955d6e04222580a03581c Mon Sep 17 00:00:00 2001 From: James Tabor Date: Tue, 28 Sep 2021 19:08:45 -0500 Subject: [PATCH] [NtGDI] Fix brush attribute transfer. --- win32ss/gdi/ntgdi/brush.cpp | 32 ++++++++++++++++++++++++++++++++ win32ss/gdi/ntgdi/brush.hpp | 2 ++ 2 files changed, 34 insertions(+) diff --git a/win32ss/gdi/ntgdi/brush.cpp b/win32ss/gdi/ntgdi/brush.cpp index 2c18e25b307..f98b233234e 100644 --- a/win32ss/gdi/ntgdi/brush.cpp +++ b/win32ss/gdi/ntgdi/brush.cpp @@ -76,6 +76,17 @@ BRUSH::~BRUSH( } } +VOID +BRUSH::vReleaseAttribute(VOID) +{ + if (this->pBrushAttr != &this->BrushAttr) + { + this->BrushAttr = *this->pBrushAttr; + GdiPoolFree(GetBrushAttrPool(), this->pBrushAttr); + this->pBrushAttr = &this->BrushAttr; + } +} + VOID BRUSH::vDeleteObject( _In_ PVOID pvObject) @@ -543,10 +554,19 @@ NtGdiSetBrushAttributes( _In_ HBRUSH hbr, _In_ DWORD dwFlags) { + PBRUSH pbr; if ( dwFlags & SC_BB_STOCKOBJ ) { if (GDIOBJ_ConvertToStockObj((HGDIOBJ*)&hbr)) { + pbr = BRUSH::LockAny(hbr); + if (pbr == NULL) + { + ERR("Failed to lock brush %p\n", hbr); + return NULL; + } + pbr->vReleaseAttribute(); + pbr->vUnlock(); return hbr; } } @@ -560,10 +580,22 @@ NtGdiClearBrushAttributes( _In_ HBRUSH hbr, _In_ DWORD dwFlags) { + PBRUSH pbr; if ( dwFlags & SC_BB_STOCKOBJ ) { if (GDIOBJ_ConvertFromStockObj((HGDIOBJ*)&hbr)) { + pbr = BRUSH::LockAny(hbr); + if (pbr == NULL) + { + ERR("Failed to lock brush %p\n", hbr); + return NULL; + } + if (!pbr->bAllocateBrushAttr()) + { + ERR("Failed to allocate brush attribute\n"); + } + pbr->vUnlock(); return hbr; } } diff --git a/win32ss/gdi/ntgdi/brush.hpp b/win32ss/gdi/ntgdi/brush.hpp index 4fea65ea3c2..027db2490d0 100644 --- a/win32ss/gdi/ntgdi/brush.hpp +++ b/win32ss/gdi/ntgdi/brush.hpp @@ -113,6 +113,8 @@ public: VOID vSetSolidColor( _In_ COLORREF crColor); + + VOID vReleaseAttribute(VOID); }; /* HACK! */