Uploaded image for project: 'Core ReactOS'
  1. Core ReactOS
  2. CORE-12825

NtGdiGetGlyphIndicesW crashes at a ExAllocatePoolWithTag call

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Major
    • 0.4.13
    • Win32SS
    • None

    Description

      NtGdiGetGlyphIndicesW crashes at a ExAllocatePoolWithTag call because it tries to allocate a buffer of zero size. This is triggered e.g. when attempting to list the available fonts, under any Office application.

      *** Assertion failed: NumberOfBytes != 0
      		 
      ***   Source File: /srv/buildbot/Build_GCCLin_x86/build/reactos/ntoskrnl/mm/ARM3/expool.c, line 1584
      		 
      kdb:> bt
      		 
      Execute '.cxr F6FA7380' to dump context
      		 
      Entered debugger on embedded INT3 at 0x0008:0x8094267e.
      		 
      Eip:
      		 
      <NTOSKRNL.EXE:14267f (:0 (DbgBreakPoint))>
      		 
      Frames:
      		 
      <NTOSKRNL.EXE:9f383 (ntoskrnl/mm/ARM3/expool.c:1584 (ExAllocatePoolWithTag))>
      		 
      <win32k.sys:c1fa2 (win32ss/gdi/ntgdi/freetype.c:4447 (NtGdiGetGlyphIndicesW))>
      		 
      <NTOSKRNL.EXE:127594 (ntoskrnl/include/internal/i386/ke.h:706 (KiSystemServiceHandler))>
      		 
      <NTOSKRNL.EXE:3da9 (:0 (KiFastCallEntry))>
      		 
      <ntdll.dll:c81d>

      When listing fonts with Word 2010 the function

      __kernel_entry
      		 
      W32KAPI
      		 
      DWORD
      		 
      APIENTRY
      		 
      NtGdiGetGlyphIndicesW(
      		 
          _In_ HDC hdc,
      		 
          _In_reads_opt_(cwc) LPCWSTR pwc,
      		 
          _In_ INT cwc,
      		 
          _Out_writes_opt_(cwc) LPWORD pgi,
      		 
          _In_ DWORD iMode)

      is called with cwc == 0 (but pwc == "" i.e. not NULL, pgi not NULL e.g. 0x00810000, and iMode == 1 == GGI_MARK_NONEXISTING_GLYPHS):

      (H:\trunk\reactos_clean\win32ss\gdi\ntgdi\freetype.c:4432) ERR: !pwc || cwc == 0 is TRUE!!
      		 
      Break instruction exception - code 80000003 (first chance)
      		 
      win32k!NtGdiGetGlyphIndicesW+0x101:
      		 
      f86411a1 cc              int     3

      Attachments

        1. Debug_Word2010_trick2_OK.txt
          15 kB
        2. Debug_Word2010_trick3_OK.txt
          24 kB
        3. Debug_Word2010.txt
          2 kB
        4. freetype_Substitute_Min.patch
          0.5 kB
        5. trick.patch
          1 kB
        6. trick2.patch
          3 kB
        7. trick3.patch
          3 kB

        Issue Links

          blocks

          Epic - Created by Jira Software - do not edit or delete. Issue type for a big user story that needs to be broken down. CORE-12279 Word 2010 support for ReactOS Community Edition

          • Major - Major loss of function.
          • Open

          Epic - Created by Jira Software - do not edit or delete. Issue type for a big user story that needs to be broken down. CORE-6621 Improve font rendering

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Open
          relates to

          Bug - A problem which impairs or prevents the functions of the product. CORE-867 OpenOffice: v 1.x.x displays garbled text in setup and app itself

          • Major - Major loss of function.
          • Resolved

          Activity

            People

              hbelusca hbelusca
              hbelusca hbelusca
              Votes:
              2 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: