ReceiveTempSMS
/
Sweden-Number
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Test for invalid large handles in GDI_GetObjPtr and GDI_FreeObject.

This commit is contained in:
Gerard Patel 2001-08-18 16:08:27 +00:00 committed by Alexandre Julliard
parent 0a5ab16aee
commit 4bd80eaa5f
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
objects/gdiobj.c
View File

@ -320,11 +320,12 @@ BOOL GDI_FreeObject( HGDIOBJ handle, void *ptr )
else /* large heap handle */ else /* large heap handle */
{ {
int i = (handle >> 2) - FIRST_LARGE_HANDLE; int i = (handle >> 2) - FIRST_LARGE_HANDLE;
if (i >= 0 && large_handles[i]) if (i >= 0 && i < MAX_LARGE_HANDLES && large_handles[i])
{ {
HeapFree( GetProcessHeap(), 0, large_handles[i] ); HeapFree( GetProcessHeap(), 0, large_handles[i] );
large_handles[i] = NULL; large_handles[i] = NULL;
} }
else ERR( "Invalid handle %x\n", handle );
} }
TRACE_SEC( handle, "leave" ); TRACE_SEC( handle, "leave" );
_LeaveSysLevel( &GDI_level ); _LeaveSysLevel( &GDI_level );
@ -357,7 +358,7 @@ void *GDI_GetObjPtr( HGDIOBJ handle, WORD magic )
else /* large heap handle */ else /* large heap handle */
{ {
int i = (handle >> 2) - FIRST_LARGE_HANDLE; int i = (handle >> 2) - FIRST_LARGE_HANDLE;
if (i >= 0) if (i >= 0 && i < MAX_LARGE_HANDLES)
{ {
ptr = large_handles[i]; ptr = large_handles[i];
if (ptr && (magic != MAGIC_DONTCARE) && (GDIMAGIC(ptr->wMagic) != magic)) ptr = NULL; if (ptr && (magic != MAGIC_DONTCARE) && (GDIMAGIC(ptr->wMagic) != magic)) ptr = NULL;
@ -368,6 +369,7 @@ void *GDI_GetObjPtr( HGDIOBJ handle, WORD magic )
{ {
_LeaveSysLevel( &GDI_level ); _LeaveSysLevel( &GDI_level );
SetLastError( ERROR_INVALID_HANDLE ); SetLastError( ERROR_INVALID_HANDLE );
WARN( "Invalid handle %x\n", handle );
} }
else TRACE_SEC( handle, "enter" ); else TRACE_SEC( handle, "enter" );