archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 5c6fe3db62
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5c6fe3db62'
${ noResults }
windows-server-2003/windows/core/ntgdi/fondrv/bmfd/fon16.c

587 lines
16 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. /******************************Module*Header*******************************\
  2. * Module Name: fon16.c
  3. *
  4. * routines for accessing font resources within *.fon files
  5. * (win 3.0 16 bit dlls)
  6. *
  7. * Created: 08-May-1991 12:55:14
  8. * Author: Bodin Dresevic [BodinD]
  9. *
  10. * Copyright (c) 1990 Microsoft Corporation
  11. *
  12. \**************************************************************************/
  14. /*
  15. local Hungarian
  17. j byte
  18. cj count of bytes
  19. pj pointer to byte
  20. off offset
  21. rt resource type
  22. rn resource name
  23. dp offset (ptrdiff_t)
  24. ne new exe, Win16 format, see windows\core\ntgdi\inc\exehdr.h
  25. */
  27. #include "fd.h"
  28. #include "exehdr.h"
  30. // GETS ushort at (PBYTE)pv + off. both pv and off must be even
  32. #define US_GET(pv,off) ( *(UNALIGNED PUSHORT)((PBYTE)(pv) + (off)) )
  34. #if DBG
  35. DWORD g_BreakAboutBadFonts;
  36. DWORD g_PrintAboutBadFonts = TRUE;
  37. #endif
  39. VOID
  40. __cdecl
  41. NotifyBadFont(
  42. PCSTR Format,
  43. ...
  44. )
  45. {
  46. #if DBG
  47. if (g_PrintAboutBadFonts
  48. || g_BreakAboutBadFonts
  49. )
  50. {
  51. va_list Args;
  53. va_start(Args, Format);
  54. vDbgPrintEx(DPFLTR_SYSTEM_ID, DPFLTR_ERROR_LEVEL, (PSTR)Format, Args);
  55. va_end(Args);
  56. }
  57. if (g_BreakAboutBadFonts)
  58. {
  59. DbgBreakPoint();
  60. }
  61. #endif
  62. }
  64. BOOL
  65. bMappedViewStrlen(
  66. PVOID pvViewBase,
  67. SIZE_T cjViewSize,
  68. PVOID pvString,
  69. OUT PSIZE_T pcjOutLength OPTIONAL
  70. )
  71. /*++
  73. Routine Description:
  75. Given a mapped view and size and starting address, verify that the 8bit string
  76. starting at the address is nul terminated within the mapped view, optionally
  77. returning the length of the string.
  79. Arguments:
  81. pvViewBase -
  82. cjViewSize -
  83. pvString -
  84. pcjOutLength -
  86. Return Value:
  88. TRUE: the string is nul terminated within the view
  89. FALSE: the string is not nul terminated within the view
  90. --*/
  91. {
  92. BOOL bSuccess;
  93. PBYTE pjViewBase;
  94. PBYTE pjViewEnd;
  95. PBYTE pjString;
  96. PBYTE pjStringEnd;
  98. bSuccess = FALSE;
  99. if (pcjOutLength != NULL)
  100. {
  101. *pcjOutLength = 0;
  102. }
  103. pjViewBase = (PBYTE)pvViewBase;
  104. pjViewEnd = cjViewSize + pjViewBase;
  105. pjString = (PBYTE)pvString;
  107. if (!(pjString >= pjViewBase && pjString < pjViewEnd))
  108. {
  109. goto Exit;
  110. }
  111. for (pjStringEnd = pjString ; pjStringEnd != pjViewEnd && *pjStringEnd != 0 ; ++pjStringEnd)
  112. {
  113. // nothing
  114. }
  115. if (pjStringEnd == pjViewEnd)
  116. {
  117. goto Exit;
  118. }
  119. if (pcjOutLength != NULL)
  120. {
  121. *pcjOutLength = (SIZE_T)(pjStringEnd - pjString);
  122. }
  123. bSuccess = TRUE;
  124. Exit:
  125. #if DBG
  126. if (!bSuccess)
  127. {
  128. NotifyBadFont(
  129. "WIN32K: bMappedViewStrlen(%p,0x%Ix,%p) returning false\n",
  130. pvViewBase,
  131. cjViewSize,
  132. pvString
  133. );
  134. }
  135. #endif
  136. return bSuccess;
  137. }
  139. BOOL
  140. bMappedViewRangeCheck(
  141. PVOID ViewBase,
  142. SIZE_T ViewSize,
  143. PVOID DataAddress,
  144. SIZE_T DataSize
  145. )
  146. /*++
  148. Routine Description:
  150. Given a mapped view and size, range check a data address and size.
  152. Arguments:
  154. ViewBase -
  155. ViewSize -
  156. DataAddress -
  157. DataSize -
  159. Return Value:
  161. TRUE: all of the data is within the view
  162. FALSE: some of the data is outside the view
  163. --*/
  164. {
  165. ULONG_PTR iViewBegin;
  166. ULONG_PTR iViewEnd;
  167. ULONG_PTR iDataBegin;
  168. ULONG_PTR iDataEnd;
  169. BOOL fResult;
  171. //
  172. // iDataBegin is a valid address.
  173. // iDataEnd is one past a valid address.
  174. // We must not allow iDataBegin == iViewEnd.
  175. // We must allow iDataEnd == iViewEnd.
  176. // Therefore, we must not allow iDataBegin == iDataEnd.
  177. // This can be achieved by not allowing DataSize == 0.
  178. //
  179. if (DataSize == 0)
  180. {
  181. DataSize = 1;
  182. }
  184. iViewBegin = (ULONG_PTR)ViewBase;
  185. iViewEnd = iViewBegin + ViewSize;
  186. iDataBegin = (ULONG_PTR)DataAddress;
  187. iDataEnd = iDataBegin + DataSize;
  189. fResult =
  190. ( iDataBegin >= iViewBegin
  191. && iDataBegin < iDataEnd
  192. && iDataEnd <= iViewEnd
  193. && DataSize <= ViewSize
  194. );
  196. #if DBG
  197. if (!fResult)
  198. {
  199. NotifyBadFont(
  200. "WIN32K: bMappedViewRangeCheck(%p,0x%Ix,%p,0x%Ix) returning false\n",
  201. ViewBase,
  202. ViewSize,
  203. DataAddress,
  204. DataSize
  205. );
  206. }
  207. #endif
  209. return fResult;
  210. }
  212. /******************************Public*Routine******************************\
  213. * bInitWinResData
  214. *
  215. * Initializes the fields of the WINRESDATA structure so as to make it
  216. * possible for the user to access *.fnt resources within the
  217. * corresponding *.fon file
  218. *
  219. * The function returns True if *.fnt resources found in the *.fon
  220. * file, otherwise false (if not an *.fon file or if it contains no
  221. * *.fnt resources
  222. *
  223. *
  224. * History:
  225. * January 2002 -by- Jay Krell [JayKrell]
  226. * range check memory mapped i/o
  227. * 09-May-1991 -by- Bodin Dresevic [BodinD]
  228. * Wrote it.
  229. \**************************************************************************/
  231. BOOL
  232. bInitWinResData(
  233. PVOID pvView,
  234. COUNT cjView,
  235. PWINRESDATA pwrd
  236. )
  237. {
  238. PBYTE pjNewExe; // ptr to the beginning of the new exe hdr
  239. PBYTE pjResType; // ptr to the beginning of TYPEINFO struct
  240. PBYTE pjResName; // ptr to the beginning of NAMEINFO struct
  241. ULONG iResID; // resource type id
  242. COUNT cFdirEntries;
  243. BOOL bZeroUponFailure;
  244. BOOL bSuccess;
  245. ULONG crn;
  246. PBYTE pjView;
  247. PBYTE pjResType_FNT;
  248. PBYTE pjResType_FDIR;
  249. BOOL bBreakWhile;
  251. #ifdef DUMPCALL
  252. DbgPrint("\nbInitWinResData(");
  253. DbgPrint("\n PFILEVIEW pfvw = %-#8lx", pfvw);
  254. DbgPrint("\n PWINRESDATA pwrd = %-#8lx", pwrd);
  255. DbgPrint("\n )\n");
  256. #endif
  258. bSuccess = FALSE;
  259. bZeroUponFailure = FALSE;
  261. pwrd->pvView = pvView;
  262. pwrd->cjView = cjView;
  263. pjView = (PBYTE)pvView;
  265. // check the magic # at the beginning of the old header
  266. { C_ASSERT(OFF_e_lfanew > OFF_e_magic); }
  268. if (!bMappedViewRangeCheck(pjView, cjView, pjView + OFF_e_lfanew, sizeof(DWORD)))
  269. {
  270. goto Exit;
  271. }
  273. if (US_GET(pjView, OFF_e_magic) != EMAGIC)
  274. {
  275. goto Exit;
  276. }
  278. pwrd->dpNewExe = (PTRDIFF)READ_DWORD(pjView + OFF_e_lfanew);
  280. pjNewExe = pjView + pwrd->dpNewExe;
  282. // make sure that offset is consistent
  283. { C_ASSERT(OFF_ne_magic < CJ_NEW_EXE);
  284. C_ASSERT(OFF_ne_restab < CJ_NEW_EXE);
  285. C_ASSERT(OFF_ne_rsrctab < CJ_NEW_EXE);
  286. }
  287. if (!bMappedViewRangeCheck(pjView, cjView, pjNewExe, CJ_NEW_EXE))
  288. {
  289. goto Exit;
  290. }
  292. if (US_GET(pjNewExe, OFF_ne_magic) != NEMAGIC)
  293. {
  294. goto Exit;
  295. }
  297. pwrd->cjResTab = (ULONG)(US_GET(pjNewExe, OFF_ne_restab) -
  298. US_GET(pjNewExe, OFF_ne_rsrctab));
  300. if (pwrd->cjResTab == 0L)
  301. {
  302. //
  303. // The following test is applied by DOS, so I presume that it is
  304. // legitimate. The assumption is that the resident name table
  305. // FOLLOWS the resource table directly, and that if it points to
  306. // the same location as the resource table, then there are no
  307. // resources.
  309. WARNING("No resources in *.fon file\n");
  310. goto Exit;
  311. }
  313. // want offset from pvView, not from pjNewExe => must add dpNewExe
  315. pwrd->dpResTab = (PTRDIFF)US_GET(pjNewExe, OFF_ne_rsrctab) + pwrd->dpNewExe;
  317. // make sure that offset is consistent
  319. if (!bMappedViewRangeCheck(pjView, cjView, pjView + pwrd->dpResTab, sizeof(USHORT) + CJ_TYPEINFO))
  320. {
  321. goto Exit;
  322. }
  324. // what really lies at the offset OFF_ne_rsrctab is a NEW_RSRC.rs_align field
  325. // that is used in computing resource data offsets and sizes as a shift factor.
  326. // This field occupies two bytes on the disk and the first TYPEINFO structure
  327. // follows right after. We want pwrd->dpResTab to point to the first
  328. // TYPEINFO structure, so we must add 2 to get there and subtract 2 from
  329. // the length
  331. pwrd->ulShift = (ULONG) US_GET(pjView, pwrd->dpResTab);
  332. pwrd->dpResTab += 2;
  333. pwrd->cjResTab -= 2;
  335. // Now we want to determine where the resource data is located.
  336. // The data consists of a RSRC_TYPEINFO structure, followed by
  337. // an array of RSRC_NAMEINFO structures, which are then followed
  338. // by a RSRC_TYPEINFO structure, again followed by an array of
  339. // RSRC_NAMEINFO structures. This continues until an RSRC_TYPEINFO
  340. // structure which has a 0 in the rt_id field.
  342. pjResType = pjView + pwrd->dpResTab;
  343. pjResType_FNT = NULL;
  344. pjResType_FDIR = NULL;
  345. bBreakWhile = FALSE;
  346. while (TRUE)
  347. {
  348. iResID = (ULONG) US_GET(pjResType,OFF_rt_id);
  349. switch (iResID)
  350. {
  351. default:
  352. break;
  353. case 0:
  354. bBreakWhile = TRUE;
  355. break;
  356. case RT_FNT:
  357. pjResType_FNT = pjResType;
  358. if (pjResType_FDIR != NULL)
  359. bBreakWhile = TRUE;
  360. break;
  361. case RT_FDIR:
  362. pjResType_FDIR = pjResType;
  363. if (pjResType_FNT != NULL)
  364. bBreakWhile = TRUE;
  365. break;
  366. }
  367. if (bBreakWhile)
  368. break;
  370. // # of NAMEINFO structures that follow = resources of this type
  371. crn = (ULONG)US_GET(pjResType, OFF_rt_nres);
  373. // get ptr to the new TYPEINFO struc and the new resource id
  374. pjResType = pjResType + CJ_TYPEINFO + crn * CJ_NAMEINFO;
  376. if (!bMappedViewRangeCheck(pjView, cjView, pjResType, CJ_TYPEINFO))
  377. {
  378. goto Exit;
  379. }
  380. }
  382. bZeroUponFailure = TRUE;
  384. ASSERT((iResID == 0) == (pjResType_FNT == NULL || pjResType_FDIR == NULL));
  385. if (iResID == 0)
  386. { // we did not find one or both of them
  387. goto Exit;
  388. }
  390. pjResType = pjResType_FNT;
  392. // # of NAMEINFO structures that follow == # of font resources
  393. pwrd->cFntRes = (ULONG)US_GET(pjResType, OFF_rt_nres);
  395. // this is ptr to the first NAMEINFO struct that follows
  396. // an RT_FNT TYPEINFO structure
  398. pjResName = pjResType + CJ_TYPEINFO;
  399. pwrd->dpFntTab = (PTRDIFF)(pjResName - pjView);
  401. // make sure that offset is consistent
  403. if ((ULONG)pwrd->dpFntTab > pwrd->cjView)
  404. {
  405. goto Exit;
  406. }
  408. // Now we search for the FONDIR resource. Windows actually grabs facenames
  409. // from the FONDIR entries and not the FNT entries. For some wierd fonts this
  410. // makes a difference. [gerritv]
  412. pjResType = pjResType_FDIR;
  414. // this is ptr to the first NAMEINFO struct that follows
  415. // an RT_FDIR TYPEINFO structure
  417. pjResName = pjResType + CJ_TYPEINFO;
  418. if (!bMappedViewRangeCheck(pjView, cjView, pjResName, CJ_NAMEINFO))
  419. {
  420. goto Exit;
  421. }
  423. // Get the offset to res data computed from the top of the new header
  425. pwrd->dpFdirRes = (PTRDIFF)((ULONG)US_GET(pjResName,OFF_rn_offset) <<
  426. pwrd->ulShift);
  428. // Now pwrd->dpFdirRes is an offset to the FONTDIR resource, the first
  429. // byte [ushort?] will be the number of entries in the font dir. Lets make sure it
  430. // matches the number of FNT resources in the file.
  432. if (!bMappedViewRangeCheck(pjView, cjView, pjView + pwrd->dpFdirRes, sizeof(USHORT)))
  433. {
  434. goto Exit;
  435. }
  436. cFdirEntries = (ULONG)US_GET(pjView,pwrd->dpFdirRes);
  438. if( cFdirEntries != pwrd->cFntRes )
  439. {
  440. WARNING( "bInitWinResData: # of FONTDIR entries != # of FNT entries.\n");
  441. goto Exit;
  442. }
  444. // now increment dpFdirRes so it points passed the count of entries and
  445. // to the first entry.
  447. pwrd->dpFdirRes += 2;
  449. bSuccess = TRUE;
  450. Exit:
  451. if (!bSuccess)
  452. {
  453. #if DBG
  454. NotifyBadFont("WIN32K: %s failing\n", __FUNCTION__);
  455. #endif
  456. if (bZeroUponFailure && pwrd != NULL)
  457. {
  458. pwrd->cFntRes = (ULONG)0;
  459. pwrd->dpFntTab = (PTRDIFF)0;
  460. }
  461. }
  462. return bSuccess;
  463. }
  465. /******************************Public*Routine******************************\
  466. * bGetFntResource
  467. *
  468. * Writes the pointer to and the size of the iFntRes-th *.fnt resource
  469. * of the *.fon file identified by pwrd. The info is written into RES_ELEM
  470. * structure if successful. The function returns FALSE if it is not possible
  471. * to locate iFntRes-th *.fnt resource in the file.
  472. *
  473. *
  474. * History:
  475. * January 2002 -by- Jay Krell [JayKrell]
  476. * range check memory mapped i/o
  477. * 09-May-1991 -by- Bodin Dresevic [BodinD]
  478. * Wrote it.
  479. \**************************************************************************/
  481. BOOL
  482. bGetFntResource(
  483. PWINRESDATA pwrd ,
  484. ULONG iFntRes,
  485. PRES_ELEM pre
  486. )
  487. {
  488. //
  489. // This function is called in a loop for iFntRes in [0..pwrd->cFntRes),
  490. // and therefore has quadratic perf.
  491. //
  492. PBYTE pjResName;
  493. PBYTE pjFaceName;
  494. PTRDIFF dpResData;
  495. BOOL bSuccess;
  496. PBYTE pjView;
  497. PBYTE pjViewEnd;
  498. SIZE_T cjView;
  499. SIZE_T cjFaceNameLength;
  501. #ifdef DUMPCALL
  502. DbgPrint("\nbGetFntResource(");
  503. DbgPrint("\n PWINRESDATA pwrd = %-#8lx", pwrd);
  504. DbgPrint("\n ULONG iFntRes = %-#8lx", iFntRes);
  505. DbgPrint("\n PRES_ELEM pre = %-#8lx", pre);
  506. DbgPrint("\n )\n");
  507. #endif
  509. ASSERTGDI((pwrd->cFntRes != 0L) && (iFntRes < pwrd->cFntRes),
  510. "bGetFntResource\n");
  512. bSuccess = FALSE;
  513. pjView = (PBYTE)pwrd->pvView;
  514. cjView = pwrd->cjView;
  516. // get to the Beginning of the NAMEINFO struct that correspoonds to
  517. // the iFntRes-th *.fnt resource. (Note: iFntRes is zero based)
  519. pjResName = pjView + pwrd->dpFntTab + iFntRes * CJ_NAMEINFO;
  521. // Get the offset to res data computed from the top of the new header
  523. if (!bMappedViewRangeCheck(pjView, cjView, pjResName, CJ_NAMEINFO))
  524. {
  525. goto Exit;
  526. }
  527. dpResData = (PTRDIFF)((ULONG)US_GET(pjResName,OFF_rn_offset) <<
  528. pwrd->ulShift);
  530. pre->pvResData = (PVOID)(pjView + dpResData);
  531. pre->dpResData = dpResData;
  533. pre->cjResData = (ULONG)US_GET(pjResName,OFF_rn_length) << pwrd->ulShift;
  535. if (!bMappedViewRangeCheck(pjView, cjView, pre->pvResData, pre->cjResData))
  536. {
  537. goto Exit;
  538. }
  540. // Get the face name from the FONTDIR
  542. pjFaceName = pjView + pwrd->dpFdirRes;
  543. pjViewEnd = pjView + cjView;
  544. do
  545. {
  546. // The first two bytes of the entry are the resource index so we will skip
  547. // past that. After that add in the size of the font header. This will
  548. // point us to the string for the device_name
  550. pjFaceName += 2 + OFF_BitsOffset;
  552. if (!bMappedViewStrlen(pjView, cjView, pjFaceName, &cjFaceNameLength))
  553. {
  554. goto Exit;
  555. }
  556. pjFaceName += cjFaceNameLength + 1;
  558. // pjFaceName now really points to the facename
  559. if( iFntRes )
  560. {
  561. if (!bMappedViewStrlen(pjView, cjView, pjFaceName, &cjFaceNameLength))
  562. {
  563. goto Exit;
  564. }
  565. pjFaceName += cjFaceNameLength + 1;
  566. }
  567. }
  568. while( iFntRes-- );
  570. //
  571. // Later on strlen is going to be called on pjFaceName.
  572. // Let's do a range checked version first.
  573. //
  574. if (!bMappedViewStrlen(pjView, cjView, pjFaceName, NULL))
  575. {
  576. goto Exit;
  577. }
  578. pre->pjFaceName = pjFaceName;
  580. #ifdef FOOGOO
  581. KdPrint(("%s: offset= 0x%lx, charset = %ld\n", pjFaceName, dpResData + OFF_CharSet, *((BYTE *)pjView + dpResData + OFF_CharSet)));
  582. #endif
  584. bSuccess = TRUE;
  585. Exit:
  586. return bSuccess;
  587. }