ReceiveTempSMS
/
Sweden-Number
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

GetObjectA() now rejects GDI handles which are invalid.

This commit is contained in:
Matthew Cline 2000-02-13 16:00:17 +00:00 committed by Alexandre Julliard
parent 7dcd343fa8
commit 20512fd854
2 changed files with 34 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
include/gdi.h
View File

@ -460,9 +460,9 @@ extern WORD GDI_HeapSel;
0 : LOCAL_Unlock( GDI_HeapSel, (handle) )) 0 : LOCAL_Unlock( GDI_HeapSel, (handle) ))
extern BOOL GDI_Init(void); extern BOOL GDI_Init(void);
extern HGDIOBJ16 GDI_AllocObject( WORD, WORD ); extern HGDIOBJ GDI_AllocObject( WORD, WORD );
extern BOOL GDI_FreeObject( HGDIOBJ16 ); extern BOOL GDI_FreeObject( HGDIOBJ );
extern GDIOBJHDR * GDI_GetObjPtr( HGDIOBJ16, WORD ); extern GDIOBJHDR * GDI_GetObjPtr( HGDIOBJ, WORD );
extern BOOL DRIVER_RegisterDriver( LPCSTR name, const DC_FUNCTIONS *funcs ); extern BOOL DRIVER_RegisterDriver( LPCSTR name, const DC_FUNCTIONS *funcs );
extern const DC_FUNCTIONS *DRIVER_FindDriver( LPCSTR name ); extern const DC_FUNCTIONS *DRIVER_FindDriver( LPCSTR name );

59
objects/gdiobj.c
View File

@ -372,7 +372,7 @@ BOOL GDI_Init(void)
/*********************************************************************** /***********************************************************************
* GDI_AllocObject * GDI_AllocObject
*/ */
HGDIOBJ16 GDI_AllocObject( WORD size, WORD magic ) HGDIOBJ GDI_AllocObject( WORD size, WORD magic )
{ {
static DWORD count = 0; static DWORD count = 0;
GDIOBJHDR * obj; GDIOBJHDR * obj;
@ -394,7 +394,7 @@ HGDIOBJ16 GDI_AllocObject( WORD size, WORD magic )
/*********************************************************************** /***********************************************************************
* GDI_FreeObject * GDI_FreeObject
*/ */
BOOL GDI_FreeObject( HGDIOBJ16 handle ) BOOL GDI_FreeObject( HGDIOBJ handle )
{ {
GDIOBJHDR * object; GDIOBJHDR * object;
@ -420,12 +420,14 @@ BOOL GDI_FreeObject( HGDIOBJ16 handle )
* Movable GDI objects are locked in memory: it is up to the caller to unlock * Movable GDI objects are locked in memory: it is up to the caller to unlock
* it after the caller is done with the pointer. * it after the caller is done with the pointer.
*/ */
GDIOBJHDR * GDI_GetObjPtr( HGDIOBJ16 handle, WORD magic ) GDIOBJHDR * GDI_GetObjPtr( HGDIOBJ handle, WORD magic )
{ {
GDIOBJHDR * ptr = NULL; GDIOBJHDR * ptr = NULL;
if ((handle >= FIRST_STOCK_HANDLE) && (handle <= LAST_STOCK_HANDLE)) if (handle >= FIRST_STOCK_HANDLE)
ptr = StockObjects[handle - FIRST_STOCK_HANDLE]; {
if (handle <= LAST_STOCK_HANDLE) ptr = StockObjects[handle - FIRST_STOCK_HANDLE];
}
else else
ptr = (GDIOBJHDR *) GDI_HEAP_LOCK( handle ); ptr = (GDIOBJHDR *) GDI_HEAP_LOCK( handle );
if (!ptr) return NULL; if (!ptr) return NULL;
@ -510,16 +512,12 @@ HGDIOBJ WINAPI GetStockObject( INT obj )
*/ */
INT16 WINAPI GetObject16( HANDLE16 handle, INT16 count, LPVOID buffer ) INT16 WINAPI GetObject16( HANDLE16 handle, INT16 count, LPVOID buffer )
{ {
GDIOBJHDR * ptr = NULL; GDIOBJHDR * ptr;
INT16 result = 0; INT16 result = 0;
TRACE("%04x %d %p\n", handle, count, buffer ); TRACE("%04x %d %p\n", handle, count, buffer );
if (!count) return 0; if (!count) return 0;
if ((handle >= FIRST_STOCK_HANDLE) && (handle <= LAST_STOCK_HANDLE)) if (!(ptr = GDI_GetObjPtr( handle, MAGIC_DONTCARE ))) return 0;
ptr = StockObjects[handle - FIRST_STOCK_HANDLE];
else
ptr = (GDIOBJHDR *) GDI_HEAP_LOCK( handle );
if (!ptr) return 0;
switch(ptr->wMagic) switch(ptr->wMagic)
{ {
@ -556,16 +554,12 @@ INT16 WINAPI GetObject16( HANDLE16 handle, INT16 count, LPVOID buffer )
*/ */
INT WINAPI GetObjectA( HANDLE handle, INT count, LPVOID buffer ) INT WINAPI GetObjectA( HANDLE handle, INT count, LPVOID buffer )
{ {
GDIOBJHDR * ptr = NULL; GDIOBJHDR * ptr;
INT result = 0; INT result = 0;
TRACE("%08x %d %p\n", handle, count, buffer ); TRACE("%08x %d %p\n", handle, count, buffer );
if (!count) return 0; if (!count) return 0;
if ((handle >= FIRST_STOCK_HANDLE) && (handle <= LAST_STOCK_HANDLE)) if (!(ptr = GDI_GetObjPtr( handle, MAGIC_DONTCARE ))) return 0;
ptr = StockObjects[handle - FIRST_STOCK_HANDLE];
else
ptr = (GDIOBJHDR *) GDI_HEAP_LOCK( handle );
if (!ptr) return 0;
switch(ptr->wMagic) switch(ptr->wMagic)
{ {
@ -591,29 +585,38 @@ INT WINAPI GetObjectA( HANDLE handle, INT count, LPVOID buffer )
case PALETTE_MAGIC: case PALETTE_MAGIC:
result = PALETTE_GetObject( (PALETTEOBJ *)ptr, count, buffer ); result = PALETTE_GetObject( (PALETTEOBJ *)ptr, count, buffer );
break; break;
default:
case REGION_MAGIC:
case DC_MAGIC:
case DISABLED_DC_MAGIC:
case META_DC_MAGIC:
case METAFILE_MAGIC:
case METAFILE_DC_MAGIC:
case ENHMETAFILE_MAGIC:
case ENHMETAFILE_DC_MAGIC:
FIXME("Magic %04x not implemented\n", FIXME("Magic %04x not implemented\n",
ptr->wMagic ); ptr->wMagic );
break; break;
default:
ERR("Invalid GDI Magic %04x\n", ptr->wMagic);
return 0;
} }
GDI_HEAP_UNLOCK( handle ); GDI_HEAP_UNLOCK( handle );
return result; return result;
} }
/*********************************************************************** /***********************************************************************
* GetObject32W (GDI32.206) * GetObject32W (GDI32.206)
*/ */
INT WINAPI GetObjectW( HANDLE handle, INT count, LPVOID buffer ) INT WINAPI GetObjectW( HANDLE handle, INT count, LPVOID buffer )
{ {
GDIOBJHDR * ptr = NULL; GDIOBJHDR * ptr;
INT result = 0; INT result = 0;
TRACE("%08x %d %p\n", handle, count, buffer ); TRACE("%08x %d %p\n", handle, count, buffer );
if (!count) return 0; if (!count) return 0;
if ((handle >= FIRST_STOCK_HANDLE) && (handle <= LAST_STOCK_HANDLE)) if (!(ptr = GDI_GetObjPtr( handle, MAGIC_DONTCARE ))) return 0;
ptr = StockObjects[handle - FIRST_STOCK_HANDLE];
else
ptr = (GDIOBJHDR *) GDI_HEAP_LOCK( handle );
if (!ptr) return 0;
switch(ptr->wMagic) switch(ptr->wMagic)
{ {
@ -653,15 +656,11 @@ INT WINAPI GetObjectW( HANDLE handle, INT count, LPVOID buffer )
*/ */
DWORD WINAPI GetObjectType( HANDLE handle ) DWORD WINAPI GetObjectType( HANDLE handle )
{ {
GDIOBJHDR * ptr = NULL; GDIOBJHDR * ptr;
INT result = 0; INT result = 0;
TRACE("%08x\n", handle ); TRACE("%08x\n", handle );
if ((handle >= FIRST_STOCK_HANDLE) && (handle <= LAST_STOCK_HANDLE)) if (!(ptr = GDI_GetObjPtr( handle, MAGIC_DONTCARE ))) return 0;
ptr = StockObjects[handle - FIRST_STOCK_HANDLE];
else
ptr = (GDIOBJHDR *) GDI_HEAP_LOCK( handle );
if (!ptr) return 0;
switch(ptr->wMagic) switch(ptr->wMagic)
{ {