Uploaded image for project: 'Core ReactOS'
  1. Core ReactOS
  2. CORE-12825

NtGdiGetGlyphIndicesW crashes at a ExAllocatePoolWithTag call

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Fix Version/s: None
    • Component/s: Win32SS
    • Labels:
      None

      Description

      NtGdiGetGlyphIndicesW crashes at a ExAllocatePoolWithTag call because it tries to allocate a buffer of zero size. This is triggered e.g. when attempting to list the available fonts, under any Office application.

      *** Assertion failed: NumberOfBytes != 0
      ***   Source File: /srv/buildbot/Build_GCCLin_x86/build/reactos/ntoskrnl/mm/ARM3/expool.c, line 1584
      kdb:> bt
      Execute '.cxr F6FA7380' to dump context
      Entered debugger on embedded INT3 at 0x0008:0x8094267e.
      Eip:
      <NTOSKRNL.EXE:14267f (:0 (DbgBreakPoint))>
      Frames:
      <NTOSKRNL.EXE:9f383 (ntoskrnl/mm/ARM3/expool.c:1584 (ExAllocatePoolWithTag))>
      <win32k.sys:c1fa2 (win32ss/gdi/ntgdi/freetype.c:4447 (NtGdiGetGlyphIndicesW))>
      <NTOSKRNL.EXE:127594 (ntoskrnl/include/internal/i386/ke.h:706 (KiSystemServiceHandler))>
      <NTOSKRNL.EXE:3da9 (:0 (KiFastCallEntry))>
      <ntdll.dll:c81d>

      When listing fonts with Word 2010 the function

      __kernel_entry
      W32KAPI
      DWORD
      APIENTRY
      NtGdiGetGlyphIndicesW(
          _In_ HDC hdc,
          _In_reads_opt_(cwc) LPCWSTR pwc,
          _In_ INT cwc,
          _Out_writes_opt_(cwc) LPWORD pgi,
          _In_ DWORD iMode)

      is called with cwc == 0 (but pwc == "" i.e. not NULL, pgi not NULL e.g. 0x00810000, and iMode == 1 == GGI_MARK_NONEXISTING_GLYPHS):

      (H:\trunk\reactos_clean\win32ss\gdi\ntgdi\freetype.c:4432) ERR: !pwc || cwc == 0 is TRUE!!
      Break instruction exception - code 80000003 (first chance)
      win32k!NtGdiGetGlyphIndicesW+0x101:
      f86411a1 cc              int     3

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                hbelusca HBelusca
                Reporter:
                hbelusca HBelusca
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated: