Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2025-04-05 05:01:03 +00:00
Code Issues Projects Releases Packages Wiki Activity

[WIN32K]

Browse source 
Make sure the PDEV is locked before dereferencing the DC's surface

svn path=/trunk/; revision=65912
This commit is contained in:
Timo Kreuzer 2014-12-30 19:38:41 +00:00
parent 56aa42fe6e
commit e7d3b42a46
9 changed files with 124 additions and 74 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

70
reactos/win32ss/gdi/ntgdi/bitblt.c
View file

@ -946,7 +946,7 @@ NtGdiPatBlt(
return TRUE;
}
/* Update the fill brush, if neccessary */
/* Update the fill brush, if necessary */
if (pdc->pdcattr->ulDirty_ & (DIRTY_FILL | DC_BRUSH_DIRTY))
DC_vUpdateFillBrush(pdc);
@ -1036,12 +1036,10 @@ IntGdiBitBltRgn(
PREGION prgnClip;
XCLIPOBJ xcoClip;
BOOL bResult;
PSURFACE psurf;
NT_ASSERT((pdc != NULL) && (prgn != NULL));
/* Get the surface */
psurf = pdc->dclevel.pSurface;
if (psurf == NULL)
if (pdc->dclevel.pSurface == NULL)
{
return TRUE;
}
@ -1078,7 +1076,7 @@ IntGdiBitBltRgn(
DC_vPrepareDCsForBlit(pdc, &prgnClip->rdh.rcBound, NULL, NULL);
/* Call the Eng or Drv function */
bResult = IntEngBitBlt(&psurf->SurfObj,
bResult = IntEngBitBlt(&pdc->dclevel.pSurface->SurfObj,
NULL,
NULL,
&xcoClip.ClipObj,
@ -1103,19 +1101,19 @@ BOOL
IntGdiFillRgn(
_In_ PDC pdc,
_In_ PREGION prgn,
_In_ BRUSHOBJ *pbo)
_In_ PBRUSH pbrFill)
{
PREGION prgnClip;
XCLIPOBJ xcoClip;
EBRUSHOBJ eboFill;
BRUSHOBJ *pbo;
BOOL bRet;
PSURFACE psurf;
DWORD rop2Fg;
MIX mix;
NT_ASSERT((pdc != NULL) && (prgn != NULL));
ASSERT_DC_PREPARED(pdc);
psurf = pdc->dclevel.pSurface;
if (psurf == NULL)
if (pdc->dclevel.pSurface == NULL)
{
return TRUE;
}
@ -1150,13 +1148,35 @@ IntGdiFillRgn(
rop2Fg = pdc->pdcattr->jROP2;
mix = rop2Fg | (pdc->pdcattr->jBkMode == OPAQUE ? rop2Fg : R2_NOP) << 8;
/* Prepare DC for blit */
DC_vPrepareDCsForBlit(pdc, &prgnClip->rdh.rcBound, NULL, NULL);
/* Check if we have a fill brush */
if (pbrFill != NULL)
{
/* Initialize the brush object */
/// \todo Check parameters
EBRUSHOBJ_vInit(&eboFill, pbrFill, pdc->dclevel.pSurface, 0x00FFFFFF, 0, NULL);
pbo = &eboFill.BrushObject;
}
else
{
/* Update the fill brush if needed */
if (pdc->pdcattr->ulDirty_ & (DIRTY_FILL | DC_BRUSH_DIRTY))
DC_vUpdateFillBrush(pdc);
/* Use the DC brush object */
pbo = &pdc->eboFill.BrushObject;
}
/* Call the internal function */
bRet = IntEngPaint(&psurf->SurfObj,
bRet = IntEngPaint(&pdc->dclevel.pSurface->SurfObj,
&xcoClip.ClipObj,
pbo,
&pdc->pdcattr->ptlBrushOrigin,
mix);
DC_vFinishBlit(pdc, NULL);
REGION_Delete(prgnClip);
IntEngFreeClipResources(&xcoClip);
@ -1170,10 +1190,7 @@ IntGdiPaintRgn(
_In_ PDC pdc,
_In_ PREGION prgn)
{
if (pdc->pdcattr->ulDirty_ & (DIRTY_FILL | DC_BRUSH_DIRTY))
DC_vUpdateFillBrush(pdc);
return IntGdiFillRgn(pdc, prgn, &pdc->eboFill.BrushObject);
return IntGdiFillRgn(pdc, prgn, NULL);
}
BOOL
@ -1186,7 +1203,6 @@ NtGdiFillRgn(
PDC pdc;
PREGION prgn;
PBRUSH pbrFill;
EBRUSHOBJ eboFill;
BOOL bResult;
/* Lock the DC */
@ -1223,12 +1239,8 @@ NtGdiFillRgn(
return FALSE;
}
/* Initialize the brush object */
/// \todo Check parameters
EBRUSHOBJ_vInit(&eboFill, pbrFill, pdc->dclevel.pSurface, 0x00FFFFFF, 0, NULL);
/* Call the internal function */
bResult = IntGdiFillRgn(pdc, prgn, &eboFill.BrushObject);
bResult = IntGdiFillRgn(pdc, prgn, pbrFill);
/* Cleanup locks */
BRUSH_ShareUnlockBrush(pbrFill);
@ -1360,6 +1372,7 @@ NtGdiSetPixel(
EBRUSHOBJ_iSetSolidColor(pebo, iOldColor);
pdc->pdcattr->ulDirty_ = ulDirty;
/// FIXME: we shouldn't dereference pSurface while the PDEV is not locked!
/* Initialize an XLATEOBJ from the target surface to RGB */
EXLATEOBJ_vInitialize(&exlo,
pdc->dclevel.pSurface->ppal,
@ -1391,6 +1404,7 @@ NtGdiGetPixel(
PDC pdc;
ULONG ulRGBColor = CLR_INVALID;
POINTL ptlSrc;
RECT rcDest;
PSURFACE psurfSrc, psurfDest;
/* Lock the DC */
@ -1402,8 +1416,7 @@ NtGdiGetPixel(
}
/* Check if the DC has no surface (empty mem or info DC) */
psurfSrc = pdc->dclevel.pSurface;
if (psurfSrc == NULL)
if (pdc->dclevel.pSurface == NULL)
{
/* Fail! */
goto leave;
@ -1418,7 +1431,16 @@ NtGdiGetPixel(
ptlSrc.x += pdc->ptlDCOrig.x;
ptlSrc.y += pdc->ptlDCOrig.y;
rcDest.left = x;
rcDest.top = y;
rcDest.right = x + 1;
rcDest.bottom = y + 1;
/* Prepare DC for blit */
DC_vPrepareDCsForBlit(pdc, &rcDest, NULL, NULL);
/* Check if the pixel is outside the surface */
psurfSrc = pdc->dclevel.pSurface;
if ((ptlSrc.x >= psurfSrc->SurfObj.sizlBitmap.cx) ||
(ptlSrc.y >= psurfSrc->SurfObj.sizlBitmap.cy))
{
@ -1463,7 +1485,9 @@ NtGdiGetPixel(
}
leave:
/* Unlock the DC */
DC_vFinishBlit(pdc, NULL);
DC_UnlockDc(pdc);
/* Return the new RGB color or -1 on failure */

9
reactos/win32ss/gdi/ntgdi/dc.h
View file

@ -33,7 +33,10 @@ enum _DCFLAGS
DC_FULLSCREEN = 0x0800,
DC_IN_CLONEPDEV = 0x1000,
DC_REDIRECTION = 0x2000,
DC_SHAREACCESS = 0x4000
DC_SHAREACCESS = 0x4000,
#ifdef DBG
DC_PREPARED = 0x8000
#endif
};
typedef enum _DCTYPE
@ -96,7 +99,7 @@ typedef struct _DC
BASEOBJECT BaseObject;
DHPDEV dhpdev; /* <- PDEVOBJ.hPDev DHPDEV for device. */
INT dctype;
DCTYPE dctype;
INT fs;
PPDEVOBJ ppdev;
PVOID hsem; /* PERESOURCE aka HSEMAPHORE */
@ -293,4 +296,6 @@ DC_vSelectPalette(PDC pdc, PPALETTE ppal)
extern _Notnull_ PBRUSH pbrDefaultBrush;
extern _Notnull_ PSURFACE psurfDefaultBitmap;
#define ASSERT_DC_PREPARED(pdc) NT_ASSERT((pdc)->fs & DC_PREPARED)
#endif /* not __WIN32K_DC_H */

29
reactos/win32ss/gdi/ntgdi/dclife.c
View file

@ -504,7 +504,7 @@ DC_vPrepareDCsForBlit(
DC_vUpdateTextBrush(pdcDest);
/* Lock them in good order */
if(pdcSrc)
if (pdcSrc)
{
if((ULONG_PTR)pdcDest->ppdev->hsemDevLock >=
(ULONG_PTR)pdcSrc->ppdev->hsemDevLock)
@ -524,7 +524,7 @@ DC_vPrepareDCsForBlit(
}
else
{
pdcFirst = pdcDest ;
pdcFirst = pdcDest;
prcFirst = rcDest;
pdcSecond = NULL;
prcSecond = NULL;
@ -537,8 +537,9 @@ DC_vPrepareDCsForBlit(
if (pdcFirst->dctype == DCTYPE_DIRECT)
{
EngAcquireSemaphore(pdcFirst->ppdev->hsemDevLock);
/* Update surface if needed */
if(pdcFirst->ppdev->pSurface != pdcFirst->dclevel.pSurface)
if (pdcFirst->ppdev->pSurface != pdcFirst->dclevel.pSurface)
{
DC_vUpdateDC(pdcFirst);
}
@ -556,6 +557,10 @@ DC_vPrepareDCsForBlit(
prcFirst->bottom) ;
}
#ifdef DBG
pdcFirst->fs |= DC_PREPARED;
#endif
if (!pdcSecond)
return;
@ -565,7 +570,7 @@ DC_vPrepareDCsForBlit(
EngAcquireSemaphore(pdcSecond->ppdev->hsemDevLock);
/* Update surface if needed */
if(pdcSecond->ppdev->pSurface != pdcSecond->dclevel.pSurface)
if (pdcSecond->ppdev->pSurface != pdcSecond->dclevel.pSurface)
{
DC_vUpdateDC(pdcSecond);
}
@ -581,6 +586,10 @@ DC_vPrepareDCsForBlit(
prcSecond->right,
prcSecond->bottom) ;
}
#ifdef DBG
pdcSecond->fs |= DC_PREPARED;
#endif
}
/* Finishes a blit for one or two DCs */
@ -588,19 +597,25 @@ VOID
FASTCALL
DC_vFinishBlit(PDC pdc1, PDC pdc2)
{
if(pdc1->dctype == DCTYPE_DIRECT)
if (pdc1->dctype == DCTYPE_DIRECT)
{
MouseSafetyOnDrawEnd(pdc1->ppdev);
EngReleaseSemaphore(pdc1->ppdev->hsemDevLock);
}
#ifdef DBG
pdc1->fs &= ~DC_PREPARED;
#endif
if(pdc2)
if (pdc2)
{
if(pdc2->dctype == DCTYPE_DIRECT)
if (pdc2->dctype == DCTYPE_DIRECT)
{
MouseSafetyOnDrawEnd(pdc2->ppdev);
EngReleaseSemaphore(pdc2->ppdev->hsemDevLock);
}
#ifdef DBG
pdc2->fs &= ~DC_PREPARED;
#endif
}
}

1
reactos/win32ss/gdi/ntgdi/drawing.c
View file

@ -1255,6 +1255,7 @@ IntFillRect( DC *dc,
PDC_ATTR pdcattr;
ASSERT(pbrush);
ASSERT_DC_PREPARED(dc);
psurf = dc->dclevel.pSurface;
if (psurf == NULL)

30
reactos/win32ss/gdi/ntgdi/fillshap.c
View file

@ -931,8 +931,7 @@ GreGradientFill(
return TRUE;
}
psurf = pdc->dclevel.pSurface;
if(!psurf)
if (!pdc->dclevel.pSurface)
{
/* Memory DC with no surface selected */
DC_UnlockDc(pdc);
@ -962,10 +961,12 @@ GreGradientFill(
ptlDitherOrg.x += pdc->ptlDCOrig.x;
ptlDitherOrg.y += pdc->ptlDCOrig.y;
EXLATEOBJ_vInitialize(&exlo, &gpalRGB, psurf->ppal, 0, 0, 0);
DC_vPrepareDCsForBlit(pdc, &rclExtent, NULL, NULL);
psurf = pdc->dclevel.pSurface;
EXLATEOBJ_vInitialize(&exlo, &gpalRGB, psurf->ppal, 0, 0, 0);
bRet = IntEngGradientFill(&psurf->SurfObj,
&pdc->co.ClipObj,
&exlo.xlo,
@ -1091,8 +1092,7 @@ NtGdiExtFloodFill(
return TRUE;
}
psurf = dc->dclevel.pSurface;
if (!psurf)
if (!dc->dclevel.pSurface)
{
Ret = FALSE;
goto cleanup;
@ -1100,28 +1100,30 @@ NtGdiExtFloodFill(
pdcattr = dc->pdcattr;
if (pdcattr->ulDirty_ & (DIRTY_FILL | DC_BRUSH_DIRTY))
DC_vUpdateFillBrush(dc);
if (pdcattr->ulDirty_ & (DIRTY_LINE | DC_PEN_DIRTY))
DC_vUpdateLineBrush(dc);
Pt.x = XStart;
Pt.y = YStart;
IntLPtoDP(dc, (LPPOINT)&Pt, 1);
DC_vPrepareDCsForBlit(dc, &DestRect, NULL, NULL);
/// FIXME: what about prgnVIS? And what about REAL clipping?
if (dc->prgnRao)
{
Ret = REGION_PtInRegion(dc->prgnRao, Pt.x, Pt.y);
if (Ret)
REGION_GetRgnBox(dc->prgnRao ,(LPRECT)&DestRect);
REGION_GetRgnBox(dc->prgnRao, (LPRECT)&DestRect);
else
{
DC_vFinishBlit(dc, NULL);
goto cleanup;
}
}
else
{
RECTL_vSetRect(&DestRect, 0, 0, psurf->SurfObj.sizlBitmap.cx, psurf->SurfObj.sizlBitmap.cy);
}
DC_vPrepareDCsForBlit(dc, &DestRect, NULL, NULL);
psurf = dc->dclevel.pSurface;
EXLATEOBJ_vInitialize(&exlo, &gpalRGB, psurf->ppal, 0, 0xffffff, 0);

12
reactos/win32ss/gdi/ntgdi/freetype.c
View file

@ -3366,10 +3366,10 @@ GreExtTextOutW(
BrushOrigin.x = 0;
BrushOrigin.y = 0;
psurf = dc->dclevel.pSurface;
if(!psurf)
psurf = psurfDefaultBitmap;
if (!dc->dclevel.pSurface)
{
goto fail;
}
if ((fuOptions & ETO_OPAQUE) && lprc)
{
@ -3388,6 +3388,7 @@ GreExtTextOutW(
if (pdcattr->ulDirty_ & DIRTY_BACKGROUND)
DC_vUpdateBackgroundBrush(dc);
psurf = dc->dclevel.pSurface;
IntEngBitBlt(
&psurf->SurfObj,
NULL,
@ -3579,12 +3580,13 @@ GreExtTextOutW(
/* Lock blit with a dummy rect */
DC_vPrepareDCsForBlit(dc, NULL, NULL, NULL);
psurf = dc->dclevel.pSurface;
SurfObj = &psurf->SurfObj ;
EXLATEOBJ_vInitialize(&exloRGB2Dst, &gpalRGB, psurf->ppal, 0, 0, 0);
EXLATEOBJ_vInitialize(&exloDst2RGB, psurf->ppal, &gpalRGB, 0, 0, 0);
if ((fuOptions & ETO_OPAQUE) && (dc->pdcattr->ulDirty_ & DIRTY_BACKGROUND))
if ((fuOptions & ETO_OPAQUE) && (dc->pdcattr->ulDirty_ & DIRTY_BACKGROUND))
DC_vUpdateBackgroundBrush(dc) ;
if(dc->pdcattr->ulDirty_ & DIRTY_TEXT)

14
reactos/win32ss/gdi/ntgdi/line.c
View file

@ -100,6 +100,7 @@ IntGdiLineTo(DC *dc,
RECTL Bounds;
POINT Points[2];
PDC_ATTR pdcattr = dc->pdcattr;
ASSERT_DC_PREPARED(dc);
if (PATH_IsPathOpen(dc->dclevel))
{
@ -248,8 +249,7 @@ IntGdiPolyline(DC *dc,
LONG i;
PDC_ATTR pdcattr = dc->pdcattr;
psurf = dc->dclevel.pSurface;
if (!psurf)
if (!dc->dclevel.pSurface)
{
return FALSE;
}
@ -258,12 +258,7 @@ IntGdiPolyline(DC *dc,
return PATH_Polyline(dc, pt, Count);
DC_vPrepareDCsForBlit(dc, NULL, NULL, NULL);
if (pdcattr->ulDirty_ & (DIRTY_FILL | DC_BRUSH_DIRTY))
DC_vUpdateFillBrush(dc);
if (pdcattr->ulDirty_ & (DIRTY_LINE | DC_PEN_DIRTY))
DC_vUpdateLineBrush(dc);
psurf = dc->dclevel.pSurface;
/* Get BRUSHOBJ from current pen. */
pbrLine = dc->dclevel.pbrLine;
@ -412,9 +407,6 @@ NtGdiLineTo(HDC hDC,
DC_vPrepareDCsForBlit(dc, &rcLockRect, NULL, NULL);
if (dc->pdcattr->ulDirty_ & (DIRTY_LINE | DC_PEN_DIRTY))
DC_vUpdateLineBrush(dc);
Ret = IntGdiLineTo(dc, XEnd, YEnd);
DC_vFinishBlit(dc, NULL);

23
reactos/win32ss/gdi/ntgdi/palette.c
View file

@ -673,6 +673,7 @@ NtGdiGetNearestColor(
return CLR_INVALID;
}
/// FIXME: shouldn't dereference pSurface while the PDEV is not locked
if(dc->dclevel.pSurface == NULL)
ppal = gppalMono;
else
@ -731,7 +732,7 @@ IntGdiRealizePalette(HDC hDC)
PALETTE *ppalSurf, *ppalDC;
pdc = DC_LockDc(hDC);
if(!pdc)
if (!pdc)
{
EngSetLastError(ERROR_INVALID_HANDLE);
return 0;
@ -742,16 +743,17 @@ IntGdiRealizePalette(HDC hDC)
goto cleanup;
}
if(pdc->dctype == DCTYPE_DIRECT)
{
UNIMPLEMENTED;
goto cleanup;
}
if (pdc->dctype == DCTYPE_DIRECT)
{
UNIMPLEMENTED;
goto cleanup;
}
/// FIXME: shouldn't dereference pSurface while the PDEV is not locked
ppalSurf = pdc->dclevel.pSurface->ppal;
ppalDC = pdc->dclevel.ppal;
if(!(ppalSurf->flFlags & PAL_INDEXED))
if (!(ppalSurf->flFlags & PAL_INDEXED))
{
// FIXME: Set error?
goto cleanup;
@ -762,7 +764,7 @@ IntGdiRealizePalette(HDC hDC)
// FIXME: Should we resize ppalSurf if it's too small?
realize = (ppalDC->NumColors < ppalSurf->NumColors) ? ppalDC->NumColors : ppalSurf->NumColors;
for(i=0; i<realize; i++)
for (i=0; i<realize; i++)
{
InterlockedExchange((LONG*)&ppalSurf->IndexedColors[i], *(LONG*)&ppalDC->IndexedColors[i]);
}
@ -993,14 +995,15 @@ GreGetSetColorTable(
return 0;
}
/* Get the surace from the DC */
/* Get the surface from the DC */
psurf = pdc->dclevel.pSurface;
/* Check if we have the default surface */
if (psurf == NULL)
{
/* Use a mono palette */
if(!bSet) ppal = gppalMono;
if (!bSet)
ppal = gppalMono;
}
else if (psurf->SurfObj.iType == STYPE_BITMAP)
{

10
reactos/win32ss/gdi/ntgdi/print.c
View file

@ -85,15 +85,19 @@ IntGdiExtEscape(
INT OutSize,
LPSTR OutData)
{
SURFACE *psurf = dc->dclevel.pSurface;
SURFACE *psurf;
INT Result;
if (!dc->ppdev->DriverFunctions.Escape || !psurf)
if ((dc->ppdev->DriverFunctions.Escape == NULL) ||
(dc->dclevel.pSurface == NULL))
{
Result = 0;
}
else
{
DC_vPrepareDCsForBlit(dc, NULL, NULL, NULL);
psurf = dc->dclevel.pSurface;
Result = dc->ppdev->DriverFunctions.Escape(
&psurf->SurfObj,
Escape,
@ -101,6 +105,8 @@ IntGdiExtEscape(
(PVOID)InData,
OutSize,
(PVOID)OutData );
DC_vFinishBlit(dc, NULL);
}
return Result;