[ros-diffs] [gschneider] 43655: [gdi32] Prevent possible buffer overrun in TranslateCharsetInfo, see wine bug 19819 for more info
gschneider at svn.reactos.org
gschneider at svn.reactos.org
Tue Oct 20 20:34:23 CEST 2009
Author: gschneider
Date: Tue Oct 20 20:34:22 2009
New Revision: 43655
URL: http://svn.reactos.org/svn/reactos?rev=43655&view=rev
Log:
[gdi32] Prevent possible buffer overrun in TranslateCharsetInfo, see wine bug 19819 for more info
Modified:
trunk/reactos/dll/win32/gdi32/objects/font.c
Modified: trunk/reactos/dll/win32/gdi32/objects/font.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/gdi32/objects/font.c?rev=43655&r1=43654&r2=43655&view=diff
==============================================================================
--- trunk/reactos/dll/win32/gdi32/objects/font.c [iso-8859-1] (original)
+++ trunk/reactos/dll/win32/gdi32/objects/font.c [iso-8859-1] Tue Oct 20 20:34:22 2009
@@ -1724,13 +1724,13 @@
int index = 0;
switch (flags) {
case TCI_SRCFONTSIG:
- while (!(*lpSrc>>index & 0x0001) && index<MAXTCIINDEX) index++;
+ while (index < MAXTCIINDEX && !(*lpSrc>>index & 0x0001)) index++;
break;
case TCI_SRCCODEPAGE:
- while (PtrToUlong(lpSrc) != FONT_tci[index].ciACP && index < MAXTCIINDEX) index++;
+ while (index < MAXTCIINDEX && PtrToUlong(lpSrc) != FONT_tci[index].ciACP) index++;
break;
case TCI_SRCCHARSET:
- while (PtrToUlong(lpSrc) != FONT_tci[index].ciCharset && index < MAXTCIINDEX) index++;
+ while (index < MAXTCIINDEX && PtrToUlong(lpSrc) != FONT_tci[index].ciCharset) index++;
break;
default:
return FALSE;
More information about the Ros-diffs
mailing list