Author: tkreuzer
Date: Thu May 5 15:45:08 2011
New Revision: 51590
URL: http://svn.reactos.org/svn/reactos?rev=51590&view=rev
Log:
[GDI FONT DRIVER]
- Fix buffer overflow checks in FtfdQueryTrueTypeTable and return the correct
value
- Implement FtfdGetTrueTypeFile
Modified:
branches/GSoC_2011/GdiFontDriver/drivers/video/font/ftfd/font.c
branches/GSoC_2011/GdiFontDriver/drivers/video/font/ftfd/todo.txt
Modified: branches/GSoC_2011/GdiFontDriver/drivers/video/font/ftfd/font.c
URL:
http://svn.reactos.org/svn/reactos/branches/GSoC_2011/GdiFontDriver/drivers/video/font/ftfd/font.c?rev=51590&r1=51589&r2=51590&view=diff
==============================================================================
--- branches/GSoC_2011/GdiFontDriver/drivers/video/font/ftfd/font.c
[iso-8859-1] (original)
+++ branches/GSoC_2011/GdiFontDriver/drivers/video/font/ftfd/font.c
[iso-8859-1] Thu May 5 15:45:08 2011
@@ -697,11 +697,10 @@
ULONG *pcjTable)
{
PFTFD_FILE pfile = (PFTFD_FILE)diFile;
- PBYTE pjTable, pjData;
+ PBYTE pjTable;
ULONG cjTable;
DbgPrint("FtfdQueryTrueTypeTable\n");
- __debugbreak();
/* Check if this file supports TrueType tables */
if (pfile->ulFileFormat != FILEFMT_TTF &&
@@ -710,6 +709,8 @@
DbgPrint("File format doesn't support true type tables\n");
return FD_ERROR;
}
+
+ // FIXME: handle ulFont
/* Check if the whole file is requested */
if (ulTag == 0)
@@ -729,29 +730,32 @@
}
}
- // FIXME: handle ulFont
-
- /* Check for overflow and if the offset and size fit into the view */
- pjData = pjTable + dpStart;
- if ( (pjData < pjTable) || (pjData + cjBuf < pjData) ||
- (pjData + cjBuf > (PBYTE)pfile->pvView + pfile->cjView) )
- {
- DbgPrint("Overflow: dpStart=0x%lx, cjBuf=0x%lx\n", dpStart, cjBuf);
- return FD_ERROR;
- }
-
- /* Check if we shall copy data */
- if (pjBuf)
- {
- /* Copy the data to the buffer */
- RtlCopyMemory(pjBuf, pjTable + dpStart, cjBuf);
- }
-
/* Return requested pointers */
if (ppjTable) *ppjTable = pjTable;
if (pcjTable) *pcjTable = cjTable;
- return FD_ERROR;
+
+ /* Check if we shall copy data */
+ if (pjBuf)
+ {
+ /* Check if the offset is inside the table */
+ if (dpStart < 0 || (ULONG_PTR)dpStart >= cjTable)
+ {
+ DbgPrint("dpStart outside the table: %p\n", dpStart);
+ return FD_ERROR;
+ }
+
+ /* Don't copy beyond the table end */
+ cjTable -= dpStart;
+
+ /* Don't copy more then the buffer can hold */
+ if (cjBuf < cjTable) cjTable = cjBuf;
+
+ /* Copy the data to the buffer */
+ RtlCopyMemory(pjBuf, pjTable + dpStart, cjTable);
+ }
+
+ return cjTable;
}
PVOID
@@ -760,9 +764,21 @@
ULONG_PTR diFile,
ULONG *pcj)
{
+ PFTFD_FILE pfile = (PFTFD_FILE)diFile;
+
DbgPrint("FtfdGetTrueTypeFile\n");
- __debugbreak();
- return 0;
+
+ /* Check if this file is TrueType */
+ if (pfile->ulFileFormat != FILEFMT_TTF &&
+ pfile->ulFileFormat != FILEFMT_OTF)
+ {
+ DbgPrint("File format is not TrueType or Opentype\n");
+ return NULL;
+ }
+
+ /* Return the pointer and size */
+ if (pcj) *pcj = pfile->cjView;
+ return pfile->pvView;
}
#if 0 // not needed atm
Modified: branches/GSoC_2011/GdiFontDriver/drivers/video/font/ftfd/todo.txt
URL:
http://svn.reactos.org/svn/reactos/branches/GSoC_2011/GdiFontDriver/drivers/video/font/ftfd/todo.txt?rev=51590&r1=51589&r2=51590&view=diff
==============================================================================
--- branches/GSoC_2011/GdiFontDriver/drivers/video/font/ftfd/todo.txt
[iso-8859-1] (original)
+++ branches/GSoC_2011/GdiFontDriver/drivers/video/font/ftfd/todo.txt
[iso-8859-1] Thu May 5 15:45:08 2011
@@ -15,7 +15,7 @@
- implement QFF_DESCRIPTION, unimportant
- FtfdQueryFontCaps: 100% done
- FtfdQueryTrueTypeTable: 100% done
-- FtfdGetTrueTypeFile: unimplemented
+- FtfdGetTrueTypeFile: 100% done
- FtfdQueryFontData: 10%, depends on FtfdLoadGlyph
- QFD_MAXEXTENTS: dependes on FtfdQueryMaxExtents
