Author: tkreuzer
Date: Fri Aug 7 05:14:55 2009
New Revision: 42454
URL: http://svn.reactos.org/svn/reactos?rev=42454&view=rev
Log:
Fix a serious bug, that led to reading beyound the end of the mask bitmap, if
it was not twice as big as the color bitmap.
Modified:
trunk/reactos/subsystems/win32/win32k/eng/mouse.c
Modified: trunk/reactos/subsystems/win32/win32k/eng/mouse.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/subsystems/win32/win32k/eng/mouse.c?rev=42454&r1=42453&r2=42454&view=diff
==============================================================================
--- trunk/reactos/subsystems/win32/win32k/eng/mouse.c [iso-8859-1] (original)
+++ trunk/reactos/subsystems/win32/win32k/eng/mouse.c [iso-8859-1] Fri Aug 7
05:14:55 2009
@@ -331,7 +331,7 @@
if (psoMask)
{
// CHECKME: Is this really required? if we have a color surface,
- // we only need the and part of the mask.
+ // we only need the AND part of the mask.
/* Check if the sizes match as they should */
if (psoMask->sizlBitmap.cx != psoColor->sizlBitmap.cx ||
psoMask->sizlBitmap.cy != psoColor->sizlBitmap.cy * 2)
@@ -429,7 +429,7 @@
hbmp = EngCreateBitmap(psoMask->sizlBitmap,
lDelta,
pso->iBitmapFormat,
- 0,
+ BMF_TOPDOWN | BMF_NOZEROINIT,
NULL);
pgp->psurfMask = SURFACE_ShareLockSurface(hbmp);
@@ -443,7 +443,7 @@
RGB(0xff,0xff,0xff),
RGB(0,0,0));
- rcl.bottom = pgp->Size.cy * 2;
+ rcl.bottom = psoMask->sizlBitmap.cy;
IntEngCopyBits(&pgp->psurfMask->SurfObj,
psoMask,
NULL,
@@ -472,7 +472,7 @@
pgp->psurfColor = SURFACE_ShareLockSurface(hbmp);
if (pgp->psurfColor)
{
- rcl.bottom = pgp->Size.cy;
+ rcl.bottom = psoColor->sizlBitmap.cy;
IntEngCopyBits(&pgp->psurfColor->SurfObj,
psoColor,
NULL,
