[PATCH v2] gdi32: Fail in ExtTextOut if count is larger than INT_MAX.
Gabriel Ivăncescu
gabrielopcode at gmail.com
Tue Feb 2 10:28:52 CST 2021
Hi Huw,
On 02/02/2021 10:54, Huw Davies wrote:
> On Sat, Jan 30, 2021 at 04:02:09PM +0200, Gabriel Ivăncescu wrote:
>> Some applications pass values like -1 and crash when BIDI_Reorder can't
>> allocate the memory.
>>
>> Signed-off-by: Gabriel Ivăncescu <gabrielopcode at gmail.com>
>> ---
>> dlls/gdi32/font.c | 3 +++
>> dlls/gdi32/tests/font.c | 2 ++
>> dlls/gdi32/tests/metafile.c | 8 +++++++-
>> 3 files changed, 12 insertions(+), 1 deletion(-)
>>
>> diff --git a/dlls/gdi32/font.c b/dlls/gdi32/font.c
>> index 74ca482..de50bf0 100644
>> --- a/dlls/gdi32/font.c
>> +++ b/dlls/gdi32/font.c
>> @@ -5823,6 +5823,8 @@ BOOL WINAPI ExtTextOutA( HDC hdc, INT x, INT y, UINT flags,
>> BOOL ret;
>> LPINT lpDxW = NULL;
>>
>> + if (count > INT_MAX) return FALSE;
>> +
>
> What happens if ETO_OPAQUE and a valid rect are passed in this case?
> Does the rect get drawn? You could test this by adding such a call
> to draw_text_2() in gdi32/tests/dib.c
>
>> diff --git a/dlls/gdi32/tests/metafile.c b/dlls/gdi32/tests/metafile.c
>> index 8dae908..15af24a 100644
>> --- a/dlls/gdi32/tests/metafile.c
>> +++ b/dlls/gdi32/tests/metafile.c
>> @@ -222,7 +222,13 @@ static void test_ExtTextOut(void)
>> ret = ExtTextOutA(hdcMetafile, 0, 40, 0, NULL, text, lstrlenA(text), NULL);
>> ok( ret, "ExtTextOutA error %d\n", GetLastError());
>>
>> - /* 4. test with unmatched BeginPath/EndPath calls */
>> + /* 4. pass -1 to length */
>> + SetLastError(0xdeadbeef);
>> + ret = ExtTextOutA(hdcMetafile, 0, 0, 0, &rc, text, -1, NULL);
>> + ok( !ret, "ExtTextOutA succeeded\n");
>> + ok( GetLastError() == 0xdeadbeef, "ExtTextOutA error %d\n", GetLastError());
>> +
>> + /* 5. test with unmatched BeginPath/EndPath calls */
>> ret = BeginPath(hdcMetafile);
>> ok( ret, "BeginPath error %d\n", GetLastError());
>> ret = BeginPath(hdcMetafile);
>
> It would be interesting to know whether the metafile record actually gets
> created in this case. Probably a stand-alone test at the end of this
> function would be easier. Likewise for EMFs.
>
> Huw.
>
Good points. The patch seems to be correct, but I've sent a v3 with
added tests for all these situations, except for normal metafiles. When
I tested on Windows 7, ExtTextOutA crashed with -1 count if it was a
normal Windows-format metafile, so I just added a comment for it.
More information about the wine-devel
mailing list