ReceiveTempSMS/Sweden-Number
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

richedit: Prevent buffer overrun for tab stops buffer.

Browse Source
This commit is contained in:
Dylan Smith 2008-09-11 17:25:16 -04:00 committed by Alexandre Julliard
parent fab258022e
commit 2aa69c6c9e
1 changed files with 8 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
dlls/riched20/editor.c
View File

@ -843,24 +843,27 @@ void ME_RTFTblAttrHook(RTF_Info *info)
break; break;
} }
case rtfCellPos: case rtfCellPos:
{
int cellNum;
if (!info->tableDef) if (!info->tableDef)
{ {
info->tableDef = ME_MakeTableDef(info->editor); info->tableDef = ME_MakeTableDef(info->editor);
} }
if (info->tableDef->numCellsDefined >= MAX_TABLE_CELLS) cellNum = info->tableDef->numCellsDefined;
if (cellNum >= MAX_TABLE_CELLS)
break; break;
info->tableDef->cells[info->tableDef->numCellsDefined].rightBoundary = info->rtfParam; info->tableDef->cells[cellNum].rightBoundary = info->rtfParam;
{ if (cellNum < MAX_TAB_STOPS) {
/* Tab stops were used to store cell positions before v4.1 but v4.1 /* Tab stops were used to store cell positions before v4.1 but v4.1
* still seems to set the tabstops without using them. */ * still seems to set the tabstops without using them. */
ME_DisplayItem *para = ME_GetParagraph(info->editor->pCursors[0].pRun); ME_DisplayItem *para = ME_GetParagraph(info->editor->pCursors[0].pRun);
PARAFORMAT2 *pFmt = para->member.para.pFmt; PARAFORMAT2 *pFmt = para->member.para.pFmt;
int cellNum = info->tableDef->numCellsDefined;
pFmt->rgxTabs[cellNum] &= ~0x00FFFFFF; pFmt->rgxTabs[cellNum] &= ~0x00FFFFFF;
pFmt->rgxTabs[cellNum] = 0x00FFFFFF & info->rtfParam; pFmt->rgxTabs[cellNum] = 0x00FFFFFF & info->rtfParam;
} }
info->tableDef->numCellsDefined++; info->tableDef->numCellsDefined++;
break; break;
}
case rtfRowBordTop: case rtfRowBordTop:
info->borderType = RTFBorderRowTop; info->borderType = RTFBorderRowTop;
break; break;
@ -1045,7 +1048,7 @@ void ME_RTFSpecialCharHook(RTF_Info *info)
ME_InsertTextFromCursor(info->editor, 0, &tab, 1, info->style); ME_InsertTextFromCursor(info->editor, 0, &tab, 1, info->style);
tableDef->numCellsInserted++; tableDef->numCellsInserted++;
} }
pFmt->cTabCount = tableDef->numCellsDefined; pFmt->cTabCount = min(tableDef->numCellsDefined, MAX_TAB_STOPS);
if (!tableDef->numCellsDefined) if (!tableDef->numCellsDefined)
pFmt->wEffects &= ~PFE_TABLE; pFmt->wEffects &= ~PFE_TABLE;
ME_InsertTextFromCursor(info->editor, 0, &endl, 1, info->style); ME_InsertTextFromCursor(info->editor, 0, &endl, 1, info->style);