commit 20512fd854f3e471bf59b8b8ea307bd76e4384ce
author Matthew Cline <matt@nightrealms.com> Sun Feb 13 16:00:17 2000 +0000
committer Alexandre Julliard <julliard@winehq.org> Sun Feb 13 16:00:17 2000 +0000
tree c6d74b7c06959e9cf3a76d8b9e1edb061385dd56
parent 7dcd343fa83a33bd9c194b2ad25377eded21ffd3

GetObjectA() now rejects GDI handles which are invalid.

include/gdi.h

diff --git a/include/gdi.h b/include/gdi.h
index 89bb433..11ed311 100644
--- a/include/gdi.h
+++ b/include/gdi.h
@@ -460,9 +460,9 @@
       0 : LOCAL_Unlock( GDI_HeapSel, (handle) ))
 
 extern BOOL GDI_Init(void);
-extern HGDIOBJ16 GDI_AllocObject( WORD, WORD );
-extern BOOL GDI_FreeObject( HGDIOBJ16 );
-extern GDIOBJHDR * GDI_GetObjPtr( HGDIOBJ16, WORD );
+extern HGDIOBJ GDI_AllocObject( WORD, WORD );
+extern BOOL GDI_FreeObject( HGDIOBJ );
+extern GDIOBJHDR * GDI_GetObjPtr( HGDIOBJ, WORD );
 
 extern BOOL DRIVER_RegisterDriver( LPCSTR name, const DC_FUNCTIONS *funcs );
 extern const DC_FUNCTIONS *DRIVER_FindDriver( LPCSTR name );

objects/gdiobj.c

diff --git a/objects/gdiobj.c b/objects/gdiobj.c
index c9af679..e930c5a 100644
--- a/objects/gdiobj.c
+++ b/objects/gdiobj.c
@@ -372,7 +372,7 @@
 /***********************************************************************
  *           GDI_AllocObject
  */
-HGDIOBJ16 GDI_AllocObject( WORD size, WORD magic )
+HGDIOBJ GDI_AllocObject( WORD size, WORD magic )
 {
     static DWORD count = 0;
     GDIOBJHDR * obj;
@@ -394,7 +394,7 @@
 /***********************************************************************
  *           GDI_FreeObject
  */
-BOOL GDI_FreeObject( HGDIOBJ16 handle )
+BOOL GDI_FreeObject( HGDIOBJ handle )
 {
     GDIOBJHDR * object;
 
@@ -420,12 +420,14 @@
  * Movable GDI objects are locked in memory: it is up to the caller to unlock
  * it after the caller is done with the pointer.
  */
-GDIOBJHDR * GDI_GetObjPtr( HGDIOBJ16 handle, WORD magic )
+GDIOBJHDR * GDI_GetObjPtr( HGDIOBJ handle, WORD magic )
 {
     GDIOBJHDR * ptr = NULL;
 
-    if ((handle >= FIRST_STOCK_HANDLE) && (handle <= LAST_STOCK_HANDLE))
-      ptr = StockObjects[handle - FIRST_STOCK_HANDLE];
+    if (handle >= FIRST_STOCK_HANDLE)
+    {
+        if (handle <= LAST_STOCK_HANDLE) ptr = StockObjects[handle - FIRST_STOCK_HANDLE];
+    }
     else 
       ptr = (GDIOBJHDR *) GDI_HEAP_LOCK( handle );
     if (!ptr) return NULL;
@@ -510,16 +512,12 @@
  */
 INT16 WINAPI GetObject16( HANDLE16 handle, INT16 count, LPVOID buffer )
 {
-    GDIOBJHDR * ptr = NULL;
+    GDIOBJHDR * ptr;
     INT16 result = 0;
     TRACE("%04x %d %p\n", handle, count, buffer );
     if (!count) return 0;
 
-    if ((handle >= FIRST_STOCK_HANDLE) && (handle <= LAST_STOCK_HANDLE))
-      ptr = StockObjects[handle - FIRST_STOCK_HANDLE];
-    else
-      ptr = (GDIOBJHDR *) GDI_HEAP_LOCK( handle );
-    if (!ptr) return 0;
+    if (!(ptr = GDI_GetObjPtr( handle, MAGIC_DONTCARE ))) return 0;
     
     switch(ptr->wMagic)
       {
@@ -556,17 +554,13 @@
  */
 INT WINAPI GetObjectA( HANDLE handle, INT count, LPVOID buffer )
 {
-    GDIOBJHDR * ptr = NULL;
+    GDIOBJHDR * ptr;
     INT result = 0;
     TRACE("%08x %d %p\n", handle, count, buffer );
     if (!count) return 0;
 
-    if ((handle >= FIRST_STOCK_HANDLE) && (handle <= LAST_STOCK_HANDLE))
-      ptr = StockObjects[handle - FIRST_STOCK_HANDLE];
-    else
-      ptr = (GDIOBJHDR *) GDI_HEAP_LOCK( handle );
-    if (!ptr) return 0;
-    
+    if (!(ptr = GDI_GetObjPtr( handle, MAGIC_DONTCARE ))) return 0;
+
     switch(ptr->wMagic)
     {
       case PEN_MAGIC:
@@ -591,30 +585,39 @@
       case PALETTE_MAGIC:
 	  result = PALETTE_GetObject( (PALETTEOBJ *)ptr, count, buffer );
 	  break;
-      default:
+
+      case REGION_MAGIC:
+      case DC_MAGIC:
+      case DISABLED_DC_MAGIC:
+      case META_DC_MAGIC:
+      case METAFILE_MAGIC:
+      case METAFILE_DC_MAGIC:
+      case ENHMETAFILE_MAGIC:
+      case ENHMETAFILE_DC_MAGIC:
           FIXME("Magic %04x not implemented\n",
                    ptr->wMagic );
           break;
+
+      default:
+          ERR("Invalid GDI Magic %04x\n", ptr->wMagic);
+	  return 0;
     }
     GDI_HEAP_UNLOCK( handle );
     return result;
 }
+
 /***********************************************************************
  *           GetObject32W    (GDI32.206)
  */
 INT WINAPI GetObjectW( HANDLE handle, INT count, LPVOID buffer )
 {
-    GDIOBJHDR * ptr = NULL;
+    GDIOBJHDR * ptr;
     INT result = 0;
     TRACE("%08x %d %p\n", handle, count, buffer );
     if (!count) return 0;
 
-    if ((handle >= FIRST_STOCK_HANDLE) && (handle <= LAST_STOCK_HANDLE))
-      ptr = StockObjects[handle - FIRST_STOCK_HANDLE];
-    else
-      ptr = (GDIOBJHDR *) GDI_HEAP_LOCK( handle );
-    if (!ptr) return 0;
-    
+    if (!(ptr = GDI_GetObjPtr( handle, MAGIC_DONTCARE ))) return 0;
+
     switch(ptr->wMagic)
     {
       case PEN_MAGIC:
@@ -653,15 +656,11 @@
  */
 DWORD WINAPI GetObjectType( HANDLE handle )
 {
-    GDIOBJHDR * ptr = NULL;
+    GDIOBJHDR * ptr;
     INT result = 0;
     TRACE("%08x\n", handle );
 
-    if ((handle >= FIRST_STOCK_HANDLE) && (handle <= LAST_STOCK_HANDLE))
-      ptr = StockObjects[handle - FIRST_STOCK_HANDLE];
-    else
-      ptr = (GDIOBJHDR *) GDI_HEAP_LOCK( handle );
-    if (!ptr) return 0;
+    if (!(ptr = GDI_GetObjPtr( handle, MAGIC_DONTCARE ))) return 0;
     
     switch(ptr->wMagic)
     {