[PATCH v2] gdi32: Fail in ExtTextOut if count is larger than INT_MAX.
Huw Davies
huw at codeweavers.com
Tue Feb 2 02:54:50 CST 2021
On Sat, Jan 30, 2021 at 04:02:09PM +0200, Gabriel Ivăncescu wrote:
> Some applications pass values like -1 and crash when BIDI_Reorder can't
> allocate the memory.
>
> Signed-off-by: Gabriel Ivăncescu <gabrielopcode at gmail.com>
> ---
> dlls/gdi32/font.c | 3 +++
> dlls/gdi32/tests/font.c | 2 ++
> dlls/gdi32/tests/metafile.c | 8 +++++++-
> 3 files changed, 12 insertions(+), 1 deletion(-)
>
> diff --git a/dlls/gdi32/font.c b/dlls/gdi32/font.c
> index 74ca482..de50bf0 100644
> --- a/dlls/gdi32/font.c
> +++ b/dlls/gdi32/font.c
> @@ -5823,6 +5823,8 @@ BOOL WINAPI ExtTextOutA( HDC hdc, INT x, INT y, UINT flags,
> BOOL ret;
> LPINT lpDxW = NULL;
>
> + if (count > INT_MAX) return FALSE;
> +
What happens if ETO_OPAQUE and a valid rect are passed in this case?
Does the rect get drawn? You could test this by adding such a call
to draw_text_2() in gdi32/tests/dib.c
> diff --git a/dlls/gdi32/tests/metafile.c b/dlls/gdi32/tests/metafile.c
> index 8dae908..15af24a 100644
> --- a/dlls/gdi32/tests/metafile.c
> +++ b/dlls/gdi32/tests/metafile.c
> @@ -222,7 +222,13 @@ static void test_ExtTextOut(void)
> ret = ExtTextOutA(hdcMetafile, 0, 40, 0, NULL, text, lstrlenA(text), NULL);
> ok( ret, "ExtTextOutA error %d\n", GetLastError());
>
> - /* 4. test with unmatched BeginPath/EndPath calls */
> + /* 4. pass -1 to length */
> + SetLastError(0xdeadbeef);
> + ret = ExtTextOutA(hdcMetafile, 0, 0, 0, &rc, text, -1, NULL);
> + ok( !ret, "ExtTextOutA succeeded\n");
> + ok( GetLastError() == 0xdeadbeef, "ExtTextOutA error %d\n", GetLastError());
> +
> + /* 5. test with unmatched BeginPath/EndPath calls */
> ret = BeginPath(hdcMetafile);
> ok( ret, "BeginPath error %d\n", GetLastError());
> ret = BeginPath(hdcMetafile);
It would be interesting to know whether the metafile record actually gets
created in this case. Probably a stand-alone test at the end of this
function would be easier. Likewise for EMFs.
Huw.
More information about the wine-devel
mailing list