gdi32: fix unchecked NULL ptr and off by one error in BIDI_Reorder
Michael Stefaniuc
mstefani at redhat.com
Sat Oct 20 18:20:57 CDT 2007
Hello Alexander!
Alexander Dorofeyev wrote:
> This patch fixes two problems that are causing crashes in
Thanks for the patch. Could you please split the patch in two; one patch
for each problem fixed. Please also do not use C++ style comments aka //
> BIDI_Reorder. In particular, Skype 3.5.0 crashed every time I type
> anything in the chat edit box.
>
> One problem is that it wasn't assured lpOutString isn't NULL, and NULL
> was getting passed to this routine by GetCharacterPlacementW. so it was
> crashing in memcpy. This patch creates a temporary buffer when
> lpOutString is NULL and it is used for in-place modifications instead in
> such case.
>
> Another is off by one error in setting lpOrder.
>
> ---
> dlls/gdi32/bidi.c | 33 ++++++++++++++++++++++++++++-----
> 1 files changed, 28 insertions(+), 5 deletions(-)
>
>
> ------------------------------------------------------------------------
>
> diff --git a/dlls/gdi32/bidi.c b/dlls/gdi32/bidi.c
> index cac9453..2b1320e 100644
> --- a/dlls/gdi32/bidi.c
> +++ b/dlls/gdi32/bidi.c
> +
> + if (!lpOutString)
> + {
> + //temporary buffer was created
> + HeapFree(GetProcessHeap(), 0, lpReorderBuffer);
> + }
> +
> return TRUE;
> }
thanks
bye
michael
--
Michael Stefaniuc Tel.: +49-711-96437-199
Sr. Network Engineer Fax.: +49-711-96437-111
More information about the wine-devel
mailing list