Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
W
wine-cw
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Registry
Registry
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
wine
wine-cw
Commits
4312be16
Commit
4312be16
authored
Oct 03, 2022
by
Mark Jansen
Committed by
Alexandre Julliard
Oct 11, 2022
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
gdi32: Fix possible overflow.
According to the documentation of ScriptShape function, the psva argument should have the number of elements indicated by cMaxGlyphs.
parent
46f30707
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
8 additions
and
2 deletions
+8
-2
text.c
dlls/gdi32/text.c
+8
-2
No files found.
dlls/gdi32/text.c
View file @
4312be16
...
@@ -471,7 +471,7 @@ static BOOL BIDI_Reorder( HDC hDC, /* [in] Display DC */
...
@@ -471,7 +471,7 @@ static BOOL BIDI_Reorder( HDC hDC, /* [in] Display DC */
WARN
(
"Out of memory
\n
"
);
WARN
(
"Out of memory
\n
"
);
goto
cleanup
;
goto
cleanup
;
}
}
psva
=
HeapAlloc
(
GetProcessHeap
(),
0
,
sizeof
(
SCRIPT_VISATTR
)
*
uCount
);
psva
=
HeapAlloc
(
GetProcessHeap
(),
0
,
sizeof
(
SCRIPT_VISATTR
)
*
cMaxGlyphs
);
if
(
!
psva
)
if
(
!
psva
)
{
{
WARN
(
"Out of memory
\n
"
);
WARN
(
"Out of memory
\n
"
);
...
@@ -604,16 +604,22 @@ static BOOL BIDI_Reorder( HDC hDC, /* [in] Display DC */
...
@@ -604,16 +604,22 @@ static BOOL BIDI_Reorder( HDC hDC, /* [in] Display DC */
while
(
res
==
E_OUTOFMEMORY
)
while
(
res
==
E_OUTOFMEMORY
)
{
{
WORD
*
new_run_glyphs
=
HeapReAlloc
(
GetProcessHeap
(),
0
,
run_glyphs
,
sizeof
(
*
run_glyphs
)
*
cMaxGlyphs
*
2
);
WORD
*
new_run_glyphs
=
HeapReAlloc
(
GetProcessHeap
(),
0
,
run_glyphs
,
sizeof
(
*
run_glyphs
)
*
cMaxGlyphs
*
2
);
if
(
!
new_run_glyphs
)
SCRIPT_VISATTR
*
new_psva
=
HeapReAlloc
(
GetProcessHeap
(),
0
,
psva
,
sizeof
(
*
psva
)
*
cMaxGlyphs
*
2
);
if
(
!
new_run_glyphs
||
!
new_psva
)
{
{
WARN
(
"Out of memory
\n
"
);
WARN
(
"Out of memory
\n
"
);
HeapFree
(
GetProcessHeap
(),
0
,
runOrder
);
HeapFree
(
GetProcessHeap
(),
0
,
runOrder
);
HeapFree
(
GetProcessHeap
(),
0
,
visOrder
);
HeapFree
(
GetProcessHeap
(),
0
,
visOrder
);
HeapFree
(
GetProcessHeap
(),
0
,
*
lpGlyphs
);
HeapFree
(
GetProcessHeap
(),
0
,
*
lpGlyphs
);
*
lpGlyphs
=
NULL
;
*
lpGlyphs
=
NULL
;
if
(
new_run_glyphs
)
run_glyphs
=
new_run_glyphs
;
if
(
new_psva
)
psva
=
new_psva
;
goto
cleanup
;
goto
cleanup
;
}
}
run_glyphs
=
new_run_glyphs
;
run_glyphs
=
new_run_glyphs
;
psva
=
new_psva
;
cMaxGlyphs
*=
2
;
cMaxGlyphs
*=
2
;
res
=
ScriptShape
(
hDC
,
&
psc
,
lpString
+
done
+
curItem
->
iCharPos
,
cChars
,
cMaxGlyphs
,
&
curItem
->
a
,
run_glyphs
,
pwLogClust
,
psva
,
&
cOutGlyphs
);
res
=
ScriptShape
(
hDC
,
&
psc
,
lpString
+
done
+
curItem
->
iCharPos
,
cChars
,
cMaxGlyphs
,
&
curItem
->
a
,
run_glyphs
,
pwLogClust
,
psva
,
&
cOutGlyphs
);
}
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
