Author: akhaldi
Date: Tue Dec 29 20:49:33 2015
New Revision: 70465
URL: http://svn.reactos.org/svn/reactos?rev=70465&view=rev
Log:
[0.4.0] * Merge the gdi32 and win32k fixes by Timo in r70464. CORE-10583
Modified:
branches/ros-branch-0_4_0/reactos/ (props changed)
branches/ros-branch-0_4_0/reactos/win32ss/gdi/gdi32/objects/bitmap.c
branches/ros-branch-0_4_0/reactos/win32ss/gdi/ntgdi/dibobj.c
Propchange: branches/ros-branch-0_4_0/reactos/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Tue Dec 29 20:49:33 2015
@@ -20,4 +20,4 @@
/branches/usb-bringup:51335,51337,51341-51343,51348,51350,51353,51355,51365-51369,51372,51384-54388,54396-54398,54736-54737,54752-54754,54756-54760,54762,54764-54765,54767-54768,54772,54774-54777,54781,54787,54790-54792,54797-54798,54806,54808,54834-54838,54843,54850,54852,54856,54858-54859
/branches/usb-bringup-trunk:55019-55543,55548-55554,55556-55567
/branches/wlan-bringup:54809-54998
-/trunk/reactos:70000-70321,70323-70324,70328-70337,70339-70340,70347,70349,70354-70358,70360,70363,70369,70373,70375-70378,70381,70384-70385,70387-70389,70398,70400,70408,70424,70436-70437,70443
+/trunk/reactos:70000-70321,70323-70324,70328-70337,70339-70340,70347,70349,70354-70358,70360,70363,70369,70373,70375-70378,70381,70384-70385,70387-70389,70398,70400,70408,70424,70436-70437,70443,70464
Modified: branches/ros-branch-0_4_0/reactos/win32ss/gdi/gdi32/objects/bitmap.c
URL:
http://svn.reactos.org/svn/reactos/branches/ros-branch-0_4_0/reactos/win32ss/gdi/gdi32/objects/bitmap.c?rev=70465&r1=70464&r2=70465&view=diff
==============================================================================
--- branches/ros-branch-0_4_0/reactos/win32ss/gdi/gdi32/objects/bitmap.c
[iso-8859-1] (original)
+++ branches/ros-branch-0_4_0/reactos/win32ss/gdi/gdi32/objects/bitmap.c
[iso-8859-1] Tue Dec 29 20:49:33 2015
@@ -408,23 +408,30 @@
// PDC_ATTR pDc_Attr;
UINT InfoSize = 0;
UINT cjBmpScanSize = 0;
- HBITMAP hBmp;
+ HBITMAP hBmp = NULL;
NTSTATUS Status = STATUS_SUCCESS;
+ PBITMAPINFO pbmiConverted;
+ UINT cjInfoSize;
+
+ /* Convert the BITMAPINFO if it is a COREINFO */
+ pbmiConverted = ConvertBitmapInfo(Data, ColorUse, &cjInfoSize, FALSE);
/* Check for CBM_CREATDIB */
if (Init & CBM_CREATDIB)
{
/* CBM_CREATDIB needs Data. */
- if (!Data)
- {
- return 0;
+ if (pbmiConverted == NULL)
+ {
+ DPRINT1("CBM_CREATDIB needs a BITMAINFO!\n");
+ goto Exit;
}
/* It only works with PAL or RGB */
if (ColorUse > DIB_PAL_COLORS)
{
+ DPRINT1("Invalid ColorUse: %lu\n", ColorUse);
GdiSetLastError(ERROR_INVALID_PARAMETER);
- return 0;
+ goto Exit;
}
/* Use the header from the data */
@@ -434,38 +441,48 @@
/* Header is required */
if (!Header)
{
+ DPRINT1("Header is NULL\n");
GdiSetLastError(ERROR_INVALID_PARAMETER);
- return 0;
+ goto Exit;
}
/* Get the bitmap format and dimensions */
if (DIB_GetBitmapInfo(Header, &width, &height, &planes, &bpp, &compr,
&dibsize) == -1)
{
+ DPRINT1("DIB_GetBitmapInfo failed!\n");
GdiSetLastError(ERROR_INVALID_PARAMETER);
- return NULL;
+ goto Exit;
}
/* Check if the Compr is incompatible */
if ((compr == BI_JPEG) || (compr == BI_PNG) || (compr == BI_BITFIELDS))
- return 0;
+ {
+ DPRINT1("invalid compr: %lu!\n", compr);
+ goto Exit;
+ }
/* Only DIB_RGB_COLORS (0), DIB_PAL_COLORS (1) and 2 are valid. */
if (ColorUse > DIB_PAL_COLORS + 1)
{
+ DPRINT1("invalid compr: %lu!\n", compr);
GdiSetLastError(ERROR_INVALID_PARAMETER);
- return 0;
+ goto Exit;
}
/* If some Bits are given, only DIB_PAL_COLORS and DIB_RGB_COLORS are
valid */
if (Bits && (ColorUse > DIB_PAL_COLORS))
{
+ DPRINT1("Invalid ColorUse: %lu\n", ColorUse);
GdiSetLastError(ERROR_INVALID_PARAMETER);
- return 0;
+ goto Exit;
}
/* Negative width is not allowed */
if (width < 0)
- return 0;
+ {
+ DPRINT1("Negative width: %li\n", width);
+ goto Exit;
+ }
/* Top-down DIBs have a negative height. */
height = abs(height);
@@ -473,13 +490,13 @@
// For Icm support.
// GdiGetHandleUserData(hdc, GDI_OBJECT_TYPE_DC, (PVOID)&pDc_Attr))
- if (Data)
+ if (pbmiConverted)
{
_SEH2_TRY
{
- cjBmpScanSize = GdiGetBitmapBitsSize((BITMAPINFO *) Data);
- CalculateColorTableSize(&Data->bmiHeader, &ColorUse, &InfoSize);
- InfoSize += Data->bmiHeader.biSize;
+ cjBmpScanSize = GdiGetBitmapBitsSize(pbmiConverted);
+ CalculateColorTableSize(&pbmiConverted->bmiHeader, &ColorUse,
&InfoSize);
+ InfoSize += pbmiConverted->bmiHeader.biSize;
}
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
{
@@ -490,8 +507,9 @@
if (!NT_SUCCESS(Status))
{
+ DPRINT1("Got an exception!\n");
GdiSetLastError(ERROR_INVALID_PARAMETER);
- return NULL;
+ goto Exit;
}
DPRINT("pBMI %p, Size bpp %u, dibsize %d, Conv %u, BSS %u\n", Data, bpp,
dibsize, InfoSize,
@@ -501,9 +519,18 @@
hBmp = GetStockObject(DEFAULT_BITMAP);
else
{
- hBmp = NtGdiCreateDIBitmapInternal(hDC, width, height, Init, (LPBYTE)
Bits,
- (LPBITMAPINFO) Data, ColorUse, InfoSize, cjBmpScanSize, 0, 0);
- }
+ hBmp = NtGdiCreateDIBitmapInternal(hDC, width, height, Init,
(LPBYTE)Bits,
+ (LPBITMAPINFO)pbmiConverted, ColorUse, InfoSize, cjBmpScanSize, 0,
0);
+ }
+
+Exit:
+
+ /* Cleanup converted BITMAPINFO */
+ if ((pbmiConverted != NULL) && (pbmiConverted != Data))
+ {
+ RtlFreeHeap(RtlGetProcessHeap(), 0, pbmiConverted);
+ }
+
return hBmp;
}
Modified: branches/ros-branch-0_4_0/reactos/win32ss/gdi/ntgdi/dibobj.c
URL:
http://svn.reactos.org/svn/reactos/branches/ros-branch-0_4_0/reactos/win32ss/gdi/ntgdi/dibobj.c?rev=70465&r1=70464&r2=70465&view=diff
==============================================================================
--- branches/ros-branch-0_4_0/reactos/win32ss/gdi/ntgdi/dibobj.c
[iso-8859-1] (original)
+++ branches/ros-branch-0_4_0/reactos/win32ss/gdi/ntgdi/dibobj.c
[iso-8859-1] Tue Dec 29 20:49:33 2015
@@ -248,6 +248,7 @@
UINT StartScan,
UINT ScanLines,
CONST VOID *Bits,
+ ULONG cjMaxBits,
CONST BITMAPINFO *bmi,
UINT ColorUse)
{
@@ -258,8 +259,39 @@
POINTL ptSrc;
EXLATEOBJ exlo;
PPALETTE ppalDIB = 0;
+ ULONG cjSizeImage;
if (!bmi) return 0;
+
+ /* Check if the header provided an image size */
+ if (bmi->bmiHeader.biSizeImage != 0)
+ {
+ /* Use the given size */
+ cjSizeImage = bmi->bmiHeader.biSizeImage;
+ }
+ /* Otherwise check for uncompressed formats */
+ else if ((bmi->bmiHeader.biCompression == BI_RGB) ||
+ (bmi->bmiHeader.biCompression == BI_BITFIELDS))
+ {
+ /* Calculate the image size */
+ cjSizeImage = DIB_GetDIBImageBytes(bmi->bmiHeader.biWidth,
+ ScanLines,
+ bmi->bmiHeader.biBitCount);
+ }
+ else
+ {
+ /* Compressed format without a size. This is invalid. */
+ DPRINT1("Compressed format without a size!");
+ return 0;
+ }
+
+ /* Check if the size that we have is ok */
+ if (cjSizeImage > cjMaxBits)
+ {
+ DPRINT1("Size too large! cjSizeImage = %lu, cjMaxBits = %lu\n",
+ cjSizeImage, cjMaxBits);
+ return 0;
+ }
SourceBitmap = GreCreateBitmapEx(bmi->bmiHeader.biWidth,
ScanLines,
@@ -267,7 +299,7 @@
BitmapFormat(bmi->bmiHeader.biBitCount,
bmi->bmiHeader.biCompression),
bmi->bmiHeader.biHeight < 0 ? BMF_TOPDOWN
: 0,
- bmi->bmiHeader.biSizeImage,
+ cjSizeImage,
(PVOID)Bits,
0);
if (!SourceBitmap)
@@ -308,6 +340,8 @@
rcDst.right = psurfDst->SurfObj.sizlBitmap.cx;
ptSrc.x = 0;
ptSrc.y = 0;
+
+ NT_ASSERT(psurfSrc->SurfObj.cjBits <= cjMaxBits);
result = IntEngCopyBits(&psurfDst->SurfObj,
&psurfSrc->SurfObj,
@@ -1316,6 +1350,7 @@
ULONG compression,
DWORD init,
LPBYTE bits,
+ ULONG cjMaxBits,
PBITMAPINFO data,
DWORD coloruse)
{
@@ -1359,7 +1394,11 @@
/* Undocumented flag which creates a DDB of the format specified
by the bitmap info. */
handle = IntCreateCompatibleBitmap(Dc, width, height, planes, bpp);
if (!handle)
+ {
+ DPRINT1("IntCreateCompatibleBitmap() failed!\n");
return NULL;
+ }
+
/* The palette must also match the given data */
Surface = SURFACE_ShareLockSurface(handle);
ASSERT(Surface);
@@ -1390,7 +1429,7 @@
if ((NULL != handle) && (CBM_INIT & init))
{
- IntSetDIBits(Dc, handle, 0, height, bits, data, coloruse);
+ IntSetDIBits(Dc, handle, 0, height, bits, cjMaxBits, data, coloruse);
}
return handle;
@@ -1423,6 +1462,7 @@
safeBits = ExAllocatePoolWithTag(PagedPool, cjMaxBits, TAG_DIB);
if(!safeBits)
{
+ DPRINT1("Failed to allocate %lu bytes\n", cjMaxBits);
EngSetLastError(ERROR_NOT_ENOUGH_MEMORY);
return NULL;
}
@@ -1445,6 +1485,7 @@
if(!NT_SUCCESS(Status))
{
+ DPRINT1("Got an exception! pjInit = %p\n", pjInit);
SetLastNtError(Status);
goto cleanup;
}
@@ -1491,6 +1532,7 @@
hdcDest = NtGdiCreateCompatibleDC(0);
if(!hdcDest)
{
+ DPRINT1("NtGdiCreateCompatibleDC failed\n");
return NULL;
}
}
@@ -1502,6 +1544,7 @@
Dc = DC_LockDc(hdcDest);
if (!Dc)
{
+ DPRINT1("Failed to lock hdcDest %p\n", hdcDest);
EngSetLastError(ERROR_INVALID_HANDLE);
return NULL;
}
@@ -1529,7 +1572,7 @@
planes = 0;
compression = 0;
}
- Bmp = IntCreateDIBitmap(Dc, cx, cy, planes, bpp, compression, fInit,
pjInit, pbmi, iUsage);
+ Bmp = IntCreateDIBitmap(Dc, cx, cy, planes, bpp, compression, fInit,
pjInit, cjMaxBits, pbmi, iUsage);
DC_UnlockDc(Dc);
if(!hDc)
