Author: gadamopoulos
Date: Tue May 23 09:40:07 2017
New Revision: 74633
URL: http://svn.reactos.org/svn/reactos?rev=74633&view=rev
Log:
[WIN32l:NTGDI] -Check the return value IntGetOutlineTextMetrics and stop using
garbage from the pool in case of error. CORE-13089, CORE-12752
Modified:
trunk/reactos/win32ss/gdi/ntgdi/freetype.c
Modified: trunk/reactos/win32ss/gdi/ntgdi/freetype.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/win32ss/gdi/ntgdi/freetype.c?rev=74633&r1=74632&r2=74633&view=diff
==============================================================================
--- trunk/reactos/win32ss/gdi/ntgdi/freetype.c [iso-8859-1] (original)
+++ trunk/reactos/win32ss/gdi/ntgdi/freetype.c [iso-8859-1] Tue May 23
09:40:07 2017
@@ -2264,7 +2264,12 @@
{
return;
}
- IntGetOutlineTextMetrics(FontGDI, Size, Otm);
+ Size = IntGetOutlineTextMetrics(FontGDI, Size, Otm);
+ if (!Size)
+ {
+ ExFreePoolWithTag(Otm, GDITAG_TEXT);
+ return;
+ }
Lf = &Info->EnumLogFontEx.elfLogFont;
TM = &Otm->otmTextMetrics;
@@ -3182,7 +3187,14 @@
TEXTOBJ_UnlockText(TextObj);
return GDI_ERROR;
}
- IntGetOutlineTextMetrics(FontGDI, Size, potm);
+ Size = IntGetOutlineTextMetrics(FontGDI, Size, potm);
+ if (!Size)
+ {
+ /* FIXME: last error? */
+ ExFreePoolWithTag(potm, GDITAG_TEXT);
+ TEXTOBJ_UnlockText(TextObj);
+ return GDI_ERROR;
+ }
IntLockFreeType;
TextIntUpdateSize(dc, TextObj, FontGDI, FALSE);
@@ -4441,7 +4453,10 @@
/* update FontObj if lowest penalty */
if (Otm)
{
- IntGetOutlineTextMetrics(FontGDI, OtmSize, Otm);
+ OtmSize = IntGetOutlineTextMetrics(FontGDI, OtmSize, Otm);
+ if (!OtmSize)
+ continue;
+
OldOtmSize = OtmSize;
Penalty = GetFontPenalty(LogFont, Otm, Face->style_name);
@@ -6467,8 +6482,9 @@
cwc = GDI_ERROR;
goto ErrorRet;
}
- IntGetOutlineTextMetrics(FontGDI, Size, potm);
- DefChar = potm->otmTextMetrics.tmDefaultChar;
+ Size = IntGetOutlineTextMetrics(FontGDI, Size, potm);
+ if (Size)
+ DefChar = potm->otmTextMetrics.tmDefaultChar;
ExFreePoolWithTag(potm, GDITAG_TEXT);
}
}
