You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
809 lines
25 KiB
809 lines
25 KiB
#include <windows.h>
|
|
#include <windowsx.h>
|
|
#ifdef UNDER_CE // stub for CE
|
|
#include "stub_ce.h"
|
|
#endif // UNDER_CE
|
|
#include "imepadsv.h"
|
|
#include "cpadcb.h"
|
|
#include "cpaddbg.h"
|
|
#include "ipoint1.h"
|
|
#include "iimecb.h"
|
|
#include "imepad.h"
|
|
|
|
#define Unref(a) UNREFERENCED_PARAMETER(a)
|
|
//990812:ToshiaK For Win64. Use Global Alloc/Free Ptr.
|
|
#include <windowsx.h>
|
|
#define MemAlloc(a) GlobalAllocPtr(GMEM_FIXED, a)
|
|
#define MemFree(a) GlobalFreePtr(a)
|
|
|
|
|
|
BOOL IsBadVtbl(IUnkDummy *lpIUnk)
|
|
{
|
|
#ifdef _DEBUG
|
|
BOOL fBad = ::IsBadReadPtr(lpIUnk, sizeof(VOID*)) ||
|
|
::IsBadReadPtr(lpIUnk->lpVtbl, sizeof(VOID*)) ||
|
|
::IsBadCodePtr((FARPROC)lpIUnk->lpVtbl->QueryInterface) ||
|
|
::IsBadCodePtr((FARPROC)lpIUnk->lpVtbl->AddRef) ||
|
|
::IsBadCodePtr((FARPROC)lpIUnk->lpVtbl->Release);
|
|
if(fBad) {
|
|
DBG(("--> IsBadVtbl HIT HIT HIT\n"));
|
|
}
|
|
return fBad;
|
|
#else
|
|
return ::IsBadReadPtr(lpIUnk, sizeof(VOID*)) ||
|
|
::IsBadReadPtr(lpIUnk->lpVtbl, sizeof(VOID*)) ||
|
|
::IsBadCodePtr((FARPROC)lpIUnk->lpVtbl->QueryInterface) ||
|
|
::IsBadCodePtr((FARPROC)lpIUnk->lpVtbl->AddRef) ||
|
|
::IsBadCodePtr((FARPROC)lpIUnk->lpVtbl->Release);
|
|
#endif
|
|
}
|
|
|
|
HRESULT __stdcall CImePadCallback::QueryInterface(REFIID riid, void**ppv)
|
|
{
|
|
if(riid == IID_IUnknown) {
|
|
*ppv = static_cast<IImePadCallback *>(this);
|
|
}
|
|
else if (riid == IID_IImePadCallback) {
|
|
*ppv = static_cast<IImePadCallback *>(this);
|
|
}
|
|
else {
|
|
return (*ppv = 0), E_NOINTERFACE;
|
|
}
|
|
reinterpret_cast<IUnknown*>(*ppv)->AddRef();
|
|
return S_OK;
|
|
}
|
|
|
|
ULONG __stdcall
|
|
CImePadCallback::AddRef(void)
|
|
{
|
|
//DBG(("CImePadCallback::AddRef Always return 2\n"));
|
|
DBG(("CImePadCallback::AddRef m_cRef[%d] -> [%d]\n", m_cRef, m_cRef+1));
|
|
return ::InterlockedIncrement(&m_cRef);
|
|
}
|
|
|
|
ULONG __stdcall
|
|
CImePadCallback::Release(void)
|
|
{
|
|
//Never call delete in it.
|
|
DBG(("CImePadCallback::Release (Never Delete) m_cRef[%d] -> [%d]\n", m_cRef, m_cRef-1));
|
|
::InterlockedDecrement(&m_cRef);
|
|
return m_cRef;
|
|
}
|
|
|
|
//////////////////////////////////////////////////////////////////
|
|
// Function : CImePadCallback::OnStart
|
|
// Type : HRESULT __stdcall
|
|
// Purpose :
|
|
// Args :
|
|
// : DWORD dwParam
|
|
// Return :
|
|
// DATE : Tue Aug 31 16:49:37 1999
|
|
// Histroy :
|
|
//////////////////////////////////////////////////////////////////
|
|
HRESULT __stdcall
|
|
CImePadCallback::OnStart(DWORD dwParam)
|
|
{
|
|
DBG(("OnClose come dwParam[%d]\n", dwParam));
|
|
IUnknown *lpUnk;
|
|
IImeCallback *lp = NULL;
|
|
if(!m_lpCImePadSvr) {
|
|
DBG(("-->m_lpCImePadSvr is NULL ?\n"));
|
|
return -1;
|
|
}
|
|
|
|
lpUnk = m_lpCImePadSvr->GetIUnkIImeCallback();
|
|
if(!lpUnk) {
|
|
DBG(("-->IImeCallback does not set\n"));
|
|
return -1;
|
|
}
|
|
|
|
#if 0
|
|
if(IsBadVtbl((IUnkDummy*)lpUnk)) {
|
|
DBG(("lpIUnk is BAD Pointer \n"));
|
|
return E_FAIL;
|
|
}
|
|
#endif
|
|
|
|
__try {
|
|
lpUnk->QueryInterface(IID_IImeCallback, (LPVOID *)&lp);
|
|
if(!lp) {
|
|
DBG(("-->QuertyInterface Failed\n"));
|
|
}
|
|
lp->Notify(IMECBNOTIFY_IMEPADOPENED, 0, 0);
|
|
lp->Release();
|
|
}
|
|
__except(EXCEPTION_EXECUTE_HANDLER) {
|
|
return E_FAIL;
|
|
}
|
|
|
|
return S_OK;
|
|
Unref(dwParam);
|
|
}
|
|
|
|
HRESULT __stdcall CImePadCallback::OnClose(DWORD dwParam)
|
|
{
|
|
DBG(("OnClose come dwParam[%d]\n", dwParam));
|
|
IUnknown *lpUnk;
|
|
IImeCallback *lp = NULL;
|
|
if(!m_lpCImePadSvr) {
|
|
DBG(("-->m_lpCImePadSvr is NULL ?\n"));
|
|
return -1;
|
|
}
|
|
m_lpCImePadSvr->OnIMEPadClose();
|
|
|
|
lpUnk = m_lpCImePadSvr->GetIUnkIImeCallback();
|
|
if(!lpUnk) {
|
|
DBG(("-->IImeCallback does not set\n"));
|
|
return -1;
|
|
}
|
|
|
|
#if 0
|
|
if(IsBadVtbl((IUnkDummy*)lpUnk)) {
|
|
DBG(("lpIUnk is BAD Pointer \n"));
|
|
return E_FAIL;
|
|
}
|
|
#endif
|
|
|
|
__try {
|
|
lpUnk->QueryInterface(IID_IImeCallback, (LPVOID *)&lp);
|
|
if(!lp) {
|
|
DBG(("-->QuertyInterface Failed\n"));
|
|
}
|
|
lp->Notify(IMECBNOTIFY_IMEPADCLOSED, 0, 0);
|
|
lp->Release();
|
|
}
|
|
__except(EXCEPTION_EXECUTE_HANDLER) {
|
|
return E_FAIL;
|
|
}
|
|
|
|
return S_OK;
|
|
Unref(dwParam);
|
|
}
|
|
|
|
HRESULT __stdcall
|
|
CImePadCallback::OnPing(DWORD dwParam)
|
|
{
|
|
return S_OK;
|
|
Unref(dwParam);
|
|
}
|
|
|
|
typedef struct tagPADCTRL2IPCTRL {
|
|
DWORD dwImePadCtrl;
|
|
DWORD dwIPointCtrl;
|
|
}PADCTL2IPCTRL;
|
|
|
|
static PADCTL2IPCTRL padCtrl2Ip[]= {
|
|
{ IMEPADCTRL_CONVERTALL, IPCTRL_CONVERTALL, },
|
|
{ IMEPADCTRL_DETERMINALL, IPCTRL_DETERMINALL, },
|
|
{ IMEPADCTRL_DETERMINCHAR, IPCTRL_DETERMINCHAR, },
|
|
{ IMEPADCTRL_CLEARALL, IPCTRL_CLEARALL, },
|
|
{ IMEPADCTRL_CARETSET, IPCTRL_CARETSET, },
|
|
{ IMEPADCTRL_CARETLEFT, IPCTRL_CARETLEFT, },
|
|
{ IMEPADCTRL_CARETRIGHT, IPCTRL_CARETRIGHT, },
|
|
{ IMEPADCTRL_CARETTOP, IPCTRL_CARETTOP, },
|
|
{ IMEPADCTRL_CARETBOTTOM, IPCTRL_CARETBOTTOM, },
|
|
{ IMEPADCTRL_CARETBACKSPACE, IPCTRL_CARETBACKSPACE, },
|
|
{ IMEPADCTRL_CARETDELETE, IPCTRL_CARETDELETE, },
|
|
{ IMEPADCTRL_PHRASEDELETE, IPCTRL_PHRASEDELETE, },
|
|
{ IMEPADCTRL_INSERTSPACE, IPCTRL_INSERTSPACE, },
|
|
{ IMEPADCTRL_INSERTFULLSPACE, IPCTRL_INSERTFULLSPACE, },
|
|
{ IMEPADCTRL_INSERTHALFSPACE, IPCTRL_INSERTHALFSPACE, },
|
|
{ IMEPADCTRL_ONIME, IPCTRL_ONIME, },
|
|
{ IMEPADCTRL_OFFIME, IPCTRL_OFFIME, },
|
|
{ IMEPADCTRL_ONPRECONVERSION, IPCTRL_PRECONVERSION, },
|
|
{ IMEPADCTRL_PHONETICCANDIDATE, IPCTRL_PHONETICCANDIDATE, },
|
|
};
|
|
|
|
HRESULT __stdcall
|
|
CImePadCallback::PassData(long nSize, byte *pByte, DWORD *pdwCharID)
|
|
{
|
|
DBG(("CImePadCallback::PassData START\n"));
|
|
LPIMEDATAHEADER lpImeDataHeader = (LPIMEDATAHEADER)pByte;
|
|
|
|
HRESULT hr = S_OK;
|
|
IUnknown *lpIUnk = NULL;
|
|
IImeIPoint1 *lpIImeIPoint = NULL;
|
|
DWORD dwCharID = 0;
|
|
|
|
// Security Fix: Attack surface reduction
|
|
if(!pByte) {
|
|
return E_FAIL;
|
|
}
|
|
|
|
if(!m_lpCImePadSvr) {
|
|
DBG(("m_lpCImePadSvr is NULL Error\n"));
|
|
return E_FAIL;
|
|
}
|
|
lpIUnk = m_lpCImePadSvr->GetIUnkIImeIPoint();
|
|
if(!lpIUnk) {
|
|
DBG(("lpIUnk is NULL\n"));
|
|
return E_FAIL;
|
|
}
|
|
|
|
#if 0
|
|
if(IsBadVtbl((IUnkDummy*)lpIUnk)) {
|
|
return E_FAIL;
|
|
}
|
|
#endif
|
|
|
|
__try {
|
|
hr = lpIUnk->QueryInterface(IID_IImeIPoint1, (VOID **)&lpIImeIPoint);
|
|
if(hr != S_OK) {
|
|
DBG(("QuertyInterface Failed\n"));
|
|
return E_FAIL;
|
|
}
|
|
if(!lpIImeIPoint) {
|
|
DBG(("QuertyInterface failed\n"));
|
|
return E_FAIL;
|
|
}
|
|
DBG(("m_hwndIF [0x%08x]\n", m_hwndIF));
|
|
|
|
|
|
switch(lpImeDataHeader->dwDataID) {
|
|
case IMEDATAID_CONTROL:
|
|
{
|
|
LPIMEDATACONTROL lpImeDataCtrl = (LPIMEDATACONTROL)lpImeDataHeader;
|
|
for(int i = 0; i < sizeof(padCtrl2Ip)/sizeof(padCtrl2Ip[0]); i++) {
|
|
if(lpImeDataCtrl->dwControl == padCtrl2Ip[i].dwImePadCtrl) {
|
|
hr = lpIImeIPoint->ControlIME((WORD)padCtrl2Ip[i].dwIPointCtrl,
|
|
IPCTRLPARAM_DEFAULT);
|
|
//hr = lpIImeIPoint->UpdateContext(TRUE);
|
|
break;
|
|
}
|
|
}
|
|
}
|
|
break;
|
|
case IMEDATAID_STRING:
|
|
{
|
|
DBG(("--> IMEDATAID_STRING\n"));
|
|
LPIMEDATASTRING lpImeDataStr = (LPIMEDATASTRING)lpImeDataHeader;
|
|
switch(lpImeDataHeader->dwCmdID) {
|
|
case IMECMDID_INSERTSTRING:
|
|
{
|
|
DBG(("--> IMECMDID_INSERTSTRING START\n"));
|
|
LPWSTR lpwstr = (LPWSTR)((LPIMEDATASTRING)lpImeDataHeader)->wChar;
|
|
INT len = lpwstr ? lstrlenW(lpwstr) : 0;
|
|
DBGW((L"lpwstr [%s] len[%d]\n", lpwstr, len));
|
|
BOOL fPreConv = lpImeDataStr->fPreConv;
|
|
//990818:ToshiaK for KOTAE #1775.
|
|
dwCharID = lpImeDataStr->dwCharID;
|
|
hr = lpIImeIPoint->ControlIME(IPCTRL_ONIME, IPCTRLPARAM_DEFAULT);
|
|
hr = lpIImeIPoint->ControlIME(IPCTRL_PRECONVERSION,
|
|
fPreConv ? IPCTRLPARAM_ON : IPCTRLPARAM_OFF);
|
|
hr = lpIImeIPoint->InsertStringEx(lpwstr,
|
|
len,
|
|
&dwCharID);
|
|
hr = lpIImeIPoint->ControlIME(IPCTRL_PRECONVERSION, IPCTRLPARAM_ON);
|
|
if(pdwCharID) {
|
|
*pdwCharID = dwCharID;
|
|
}
|
|
fPreConv = 0;
|
|
DBG(("--> IMECMDID_INSERTSTRING END\n"));
|
|
}
|
|
break;
|
|
case IMECMDID_CHANGESTRING:
|
|
{
|
|
DBG(("--> IMECMDID_CHANGESTRING\n"));
|
|
LPWSTR lpwstr = (LPWSTR)((LPIMEDATASTRING)lpImeDataHeader)->wChar;
|
|
INT len = lpwstr ? lstrlenW(lpwstr) : 0;
|
|
dwCharID = ((LPIMEDATASTRING)lpImeDataHeader)->dwCharID;
|
|
BOOL fPreConv = lpImeDataStr->fPreConv;
|
|
hr = lpIImeIPoint->ControlIME(IPCTRL_ONIME, IPCTRLPARAM_DEFAULT);
|
|
hr = lpIImeIPoint->ControlIME(IPCTRL_PRECONVERSION,
|
|
fPreConv ? IPCTRLPARAM_ON : IPCTRLPARAM_OFF);
|
|
hr = lpIImeIPoint->ReplaceCompString(lpImeDataStr->dwStartPos,
|
|
lpImeDataStr->dwDeleteLength,
|
|
lpwstr,
|
|
len,
|
|
&dwCharID);
|
|
hr = lpIImeIPoint->ControlIME(IPCTRL_PRECONVERSION, IPCTRLPARAM_ON);
|
|
//hr = lpIImeIPoint->UpdateContext(TRUE);
|
|
if(pdwCharID) {
|
|
*pdwCharID = dwCharID;
|
|
}
|
|
hr = (HRESULT)dwCharID;
|
|
}
|
|
break;
|
|
case IMECMDID_DELETESTRING:
|
|
{
|
|
DBG(("--> IMECMDID_DELETESTRING\n"));
|
|
hr = lpIImeIPoint->ControlIME(IPCTRL_ONIME, IPCTRLPARAM_DEFAULT);
|
|
hr = lpIImeIPoint->ControlIME(IPCTRL_PRECONVERSION, IPCTRLPARAM_ON);
|
|
hr = lpIImeIPoint->DeleteCompString((DWORD)lpImeDataStr->dwStartPos,
|
|
(DWORD)lpImeDataStr->dwDeleteLength);
|
|
hr = lpIImeIPoint->ControlIME(IPCTRL_PRECONVERSION, IPCTRLPARAM_ON);
|
|
//hr = lpIImeIPoint->UpdateContext(TRUE);
|
|
}
|
|
break;
|
|
case IMECMDID_INSERTSTRINGINFO:
|
|
case IMECMDID_CHANGESTRINGINFO:
|
|
{
|
|
DBG(("--> IMECMDID_INSERT(Change)STRINGINFO\n"));
|
|
LPWSTR lpwstr = (LPWSTR)((LPIMEDATASTRING)lpImeDataHeader)->wChar;
|
|
INT len = lpwstr ? lstrlenW(lpwstr) : 0;
|
|
dwCharID = ((LPIMEDATASTRING)lpImeDataHeader)->dwCharID;
|
|
BOOL fPreConv = lpImeDataStr->fPreConv;
|
|
hr = lpIImeIPoint->ControlIME(IPCTRL_ONIME, IPCTRLPARAM_DEFAULT);
|
|
hr = lpIImeIPoint->ControlIME(IPCTRL_PRECONVERSION,
|
|
fPreConv ? IPCTRLPARAM_ON : IPCTRLPARAM_OFF);
|
|
hr = lpIImeIPoint->ReplaceCompString(lpImeDataStr->dwStartPos,
|
|
lpImeDataStr->dwDeleteLength,
|
|
lpwstr,
|
|
len,
|
|
&dwCharID);
|
|
hr = lpIImeIPoint->ControlIME(IPCTRL_PRECONVERSION, IPCTRLPARAM_ON);
|
|
if(pdwCharID) {
|
|
*pdwCharID = dwCharID;
|
|
}
|
|
hr = (HRESULT)dwCharID;
|
|
}
|
|
break;
|
|
default:
|
|
break;
|
|
}
|
|
}
|
|
break;
|
|
case IMEDATAID_STRINGCAND:
|
|
{
|
|
DBG(("Data ID is IMEDATAID_STRINGCAND\n"));
|
|
HRESULT hr;
|
|
LPIMEDATASTRINGCAND lpStrCand = (LPIMEDATASTRINGCAND)lpImeDataHeader;
|
|
PIPCANDIDATE lpIpCand;
|
|
INT textCount, byteCount, i, nSize;
|
|
PBYTE p;
|
|
textCount = byteCount = 0;
|
|
DBG(("--> dwStringCount %d\n", lpStrCand->dwStringCount));
|
|
for(i = 0; i < (INT)lpStrCand->dwStringCount; i++) {
|
|
DBG(("--> %d offset [%d]\n", i, lpStrCand->dwOffsetString[i]));
|
|
textCount++;
|
|
LPWSTR lpwstr = (LPWSTR)(((LPBYTE)lpStrCand) + lpStrCand->dwOffsetString[i]);
|
|
DBGW((L"--> %d %s\n", i, lpwstr));
|
|
byteCount += (lstrlenW(lpwstr)+1) * sizeof(WCHAR);
|
|
}
|
|
if(textCount == 0) {
|
|
return S_OK;
|
|
}
|
|
dwCharID = lpStrCand->dwCharID;
|
|
DWORD dwExInfo = lpStrCand->dwExtraInfoSize;
|
|
nSize = sizeof(IPCANDIDATE) + (textCount-1) * sizeof(DWORD) + byteCount + dwExInfo;
|
|
lpIpCand = (IPCANDIDATE *)MemAlloc(nSize);
|
|
if (lpIpCand == NULL)
|
|
return E_OUTOFMEMORY;
|
|
|
|
lpIpCand->dwSize = nSize;
|
|
lpIpCand->dwFlags = lpStrCand->dwInfoMask;
|
|
lpIpCand->iSelIndex = lpStrCand->dwSelIndex;
|
|
lpIpCand->nCandidate = textCount;
|
|
lpIpCand->dwPrivateDataOffset = 0;
|
|
lpIpCand->dwPrivateDataSize = 0;
|
|
DBG(("lpIpCand[0x%08x] \n", lpIpCand));
|
|
DBG(("sizeof(IPCANDIDATE) [%d]\n", sizeof(IPCANDIDATE)));
|
|
DBG(("size add [%d]\n", sizeof(DWORD) * (textCount -1)));
|
|
DWORD dwOffset = sizeof(IPCANDIDATE)+sizeof(DWORD)*(textCount-1);
|
|
p = ((PBYTE)lpIpCand) + dwOffset;
|
|
|
|
for(i = 0; i < (INT)lpStrCand->dwStringCount; i++) {
|
|
LPWSTR lpwstr = (LPWSTR)(((LPBYTE)lpStrCand) + lpStrCand->dwOffsetString[i]);
|
|
DWORD dwStrSize = (lstrlenW(lpwstr) + 1) * sizeof(WCHAR);
|
|
CopyMemory((LPWSTR)p,
|
|
(WCHAR *)lpwstr,
|
|
dwStrSize);
|
|
lpIpCand->dwOffset[i] = dwOffset;
|
|
dwOffset += dwStrSize;
|
|
p += dwStrSize;
|
|
}
|
|
if(dwExInfo > 0) {
|
|
lpIpCand->dwPrivateDataSize = dwExInfo;
|
|
#ifdef _WIN64
|
|
lpIpCand->dwPrivateDataOffset = (DWORD)((DWORD_PTR)p - (DWORD_PTR)lpIpCand);
|
|
#else
|
|
lpIpCand->dwPrivateDataOffset = (DWORD)p - (DWORD)lpIpCand;
|
|
#endif
|
|
CopyMemory(p,
|
|
(LPBYTE)((LPBYTE)lpStrCand + lpStrCand->dwExtraInfoOffset),
|
|
lpStrCand->dwExtraInfoSize);
|
|
}
|
|
BOOL fPreConv = lpStrCand->fPreConv;
|
|
hr = lpIImeIPoint->ControlIME(IPCTRL_ONIME, IPCTRLPARAM_DEFAULT);
|
|
hr = lpIImeIPoint->ControlIME(IPCTRL_PRECONVERSION,
|
|
fPreConv ? IPCTRLPARAM_ON : IPCTRLPARAM_OFF);
|
|
//----------------------------------------------------------------
|
|
|
|
//990713: need to set Start position for IPoint.
|
|
//----------------------------------------------------------------
|
|
DWORD dwInsertPos; // = IPINS_CURRENT; //Default.
|
|
DWORD dwLen;
|
|
//990823:Toshiak for KOTAE #1779.
|
|
//000825:Satori #2123
|
|
if(lpStrCand->dwStartPos == IMECMDVALUE_DEFAULT_INSERT_POS) {
|
|
dwInsertPos = IPINS_CURRENT; //Set IPoint's value
|
|
}
|
|
else {
|
|
dwInsertPos = lpStrCand->dwStartPos;
|
|
}
|
|
|
|
dwLen = lpStrCand->dwDeleteLength;
|
|
switch(lpStrCand->header.dwCmdID) {
|
|
case IMECMDID_INSERTSTRINGCANDINFO:
|
|
hr = lpIImeIPoint->InsertImeItem(lpIpCand,
|
|
dwInsertPos,
|
|
&dwCharID);
|
|
break;
|
|
case IMECMDID_CHANGESTRINGCANDINFO:
|
|
hr = lpIImeIPoint->ReplaceImeItem(dwInsertPos,
|
|
dwLen,
|
|
lpIpCand,
|
|
&dwCharID);
|
|
break;
|
|
default:
|
|
break;
|
|
}
|
|
hr = lpIImeIPoint->ControlIME(IPCTRL_PRECONVERSION, IPCTRLPARAM_ON);
|
|
//hr = lpIImeIPoint->UpdateContext(TRUE);
|
|
MemFree(lpIpCand);
|
|
if(pdwCharID) {
|
|
*pdwCharID = dwCharID;
|
|
}
|
|
}
|
|
break;
|
|
default:
|
|
break;
|
|
}
|
|
//990630:ToshiaK for #1327.
|
|
//In WinWord, if call UpdateContext(TRUE) here,
|
|
//Word does NOT repaint composition string.
|
|
//once return the SendMessageTimeout() procedure,
|
|
//and update context asynchronously.
|
|
//in WM_USER_UPDATECONTEXT's lParam, set IImeIPoint interface pointer.
|
|
//and message procedure, check it with current iimeipoint.
|
|
::PostMessage(m_hwndIF, WM_USER_UPDATECONTEXT, (WPARAM)0, (LPARAM)lpIImeIPoint);
|
|
lpIImeIPoint->Release();
|
|
}
|
|
__except(EXCEPTION_EXECUTE_HANDLER) {
|
|
hr = E_FAIL;
|
|
}
|
|
|
|
return hr;
|
|
Unref(nSize);
|
|
}
|
|
|
|
|
|
HRESULT STDMETHODCALLTYPE
|
|
CImePadCallback::ReceiveData(
|
|
/* [in] */ DWORD dwCmdID,
|
|
/* [in] */ DWORD dwDataID,
|
|
/* [out] */ long __RPC_FAR *pSize,
|
|
/* [size_is][size_is][out] */ byte __RPC_FAR *__RPC_FAR *ppByte)
|
|
{
|
|
DBG(("CImePadCallback::ReceiveData START\n"));
|
|
DBG(("-->dwCmdID [0x%08x]\n", dwCmdID));
|
|
DBG(("-->dwDataID [0x%08x]\n", dwDataID));
|
|
DBG(("-->pSize [0x%08x]\n", pSize));
|
|
DBG(("-->ppByte [0x%08x]\n", ppByte));
|
|
|
|
HRESULT hr = S_OK;
|
|
IUnknown *lpIUnk = NULL;
|
|
IImeIPoint1 *lpIImeIPoint = NULL;
|
|
|
|
// Security Fix: Attack surface reduction
|
|
if((!ppByte) || (!pSize)) {
|
|
return E_FAIL;
|
|
}
|
|
|
|
DBG(("-->Check m_lpCImePadSvr\n"));
|
|
if(!m_lpCImePadSvr) {
|
|
DBG(("m_lpCImePadSvr is NULL Error\n"));
|
|
return E_FAIL;
|
|
}
|
|
DBG(("-->Check m_fnCoTaskMemAlloc\n"));
|
|
if(!m_lpCImePadSvr->m_fnCoTaskMemAlloc ||
|
|
!m_lpCImePadSvr->m_fnCoTaskMemFree) {
|
|
DBG(("--> OLE32.DLL does NOT EXIST ? Error\n"));
|
|
return E_FAIL;
|
|
}
|
|
|
|
|
|
lpIUnk = m_lpCImePadSvr->GetIUnkIImeIPoint();
|
|
DBG(("-->Check lpIUnk [0x%08x]\n", lpIUnk));
|
|
if(!lpIUnk) {
|
|
DBG(("lpIUnk is NULL\n"));
|
|
return E_FAIL;
|
|
}
|
|
|
|
#if 0
|
|
DBG(("-->Check lpIUnk IsBadVtbl[0x%08x]\n", lpIUnk));
|
|
if(IsBadVtbl((IUnkDummy*)lpIUnk)) {
|
|
DBG(("lpIUnk is BAD Pointer \n"));
|
|
return E_FAIL;
|
|
}
|
|
#endif
|
|
|
|
__try {
|
|
DBG(("-->Call QuertyInterface\n"));
|
|
hr = lpIUnk->QueryInterface(IID_IImeIPoint1, (VOID **)&lpIImeIPoint);
|
|
if(hr != S_OK) {
|
|
DBG(("QuertyInterface Failed\n"));
|
|
return E_FAIL;
|
|
}
|
|
DBG(("--> QueryInterface Success \n"));
|
|
if(!lpIImeIPoint) {
|
|
DBG(("QuertyInterface failed\n"));
|
|
return E_FAIL;
|
|
}
|
|
|
|
LPIMEDATACOMPOSITION lpCompoInfo;
|
|
LPIMEDATACOMPOSITION lpCompoTmp;
|
|
LPWSTR lpwstrCompo, lpwstr;
|
|
DWORD *pdwCharID, *pdw;
|
|
DWORD dwSize;
|
|
DWORD dwDtnSize;
|
|
LPBYTE lpbOutOfBuffer;
|
|
switch(dwDataID) {
|
|
case IMEDATAID_COMPOSITION:
|
|
switch(dwCmdID) {
|
|
case IMECMDID_GETCOMPOSITIONINFO:
|
|
DBG(("--> IMECMDID_GETCOMPOSITIONINFO\n"));
|
|
dwSize = sizeof(IMEDATACOMPOSITION);
|
|
lpCompoInfo = (LPIMEDATACOMPOSITION)(*m_lpCImePadSvr->m_fnCoTaskMemAlloc)(dwSize);
|
|
if(!lpCompoInfo) {
|
|
lpIImeIPoint->Release();
|
|
return E_OUTOFMEMORY;
|
|
}
|
|
hr = lpIImeIPoint->GetAllCompositionInfo(NULL,
|
|
NULL,
|
|
(INT *)&lpCompoInfo->dwStringCount,
|
|
(INT *)&lpCompoInfo->dwCaretPos,
|
|
(INT *)&lpCompoInfo->dwUndeterminedStartPos,
|
|
(INT *)&lpCompoInfo->dwUndeterminedLength,
|
|
(INT *)&lpCompoInfo->dwEditStartPos,
|
|
(INT *)&lpCompoInfo->dwEditLength);
|
|
lpCompoInfo->header.dwSize = dwSize;
|
|
lpCompoInfo->header.dwCmdID = dwCmdID;
|
|
lpCompoInfo->header.dwDataID= dwDataID;
|
|
lpCompoInfo->dwOffsetString = 0;
|
|
lpCompoInfo->dwOffsetCharID = 0;
|
|
*pSize = lpCompoInfo->header.dwSize;
|
|
*ppByte = (PBYTE)lpCompoInfo;
|
|
DBG(("--> IMECMDID_GETCOMPOSITIONINFO END\n"));
|
|
break;
|
|
case IMECMDID_GETCOMPOSITIONSTRING:
|
|
DBG(("--> IMECMDID_GETCOMPOSITIONSTRING START\n"));
|
|
lpCompoInfo = (LPIMEDATACOMPOSITION)(*m_lpCImePadSvr->m_fnCoTaskMemAlloc)(sizeof(IMEDATACOMPOSITION));
|
|
if(!lpCompoInfo) {
|
|
DBG(("-->OutofMemory\n"));
|
|
lpIImeIPoint->Release();
|
|
return E_OUTOFMEMORY;
|
|
}
|
|
lpwstrCompo = NULL;
|
|
pdwCharID = NULL;
|
|
ZeroMemory(lpCompoInfo, sizeof(IMEDATACOMPOSITION));
|
|
|
|
hr = lpIImeIPoint->GetAllCompositionInfo(&lpwstrCompo,
|
|
&pdwCharID,
|
|
(INT *)&lpCompoInfo->dwStringCount,
|
|
(INT *)&lpCompoInfo->dwCaretPos,
|
|
(INT *)&lpCompoInfo->dwUndeterminedStartPos,
|
|
(INT *)&lpCompoInfo->dwUndeterminedLength,
|
|
(INT *)&lpCompoInfo->dwEditStartPos,
|
|
(INT *)&lpCompoInfo->dwEditLength);
|
|
DBG(("-->hr [0x%08x]\n", hr));
|
|
DBGW((L"-->lpwstrCompo[%s]\n", lpwstrCompo));
|
|
dwSize = sizeof(IMEDATACOMPOSITION) +
|
|
(lpCompoInfo->dwStringCount+1)*sizeof(WCHAR) +
|
|
(lpCompoInfo->dwStringCount) * sizeof(DWORD);
|
|
DBG(("-->dwSize [%d]\n", dwSize));
|
|
lpCompoTmp = (LPIMEDATACOMPOSITION)(*m_lpCImePadSvr->m_fnCoTaskMemAlloc)(dwSize);
|
|
if(!lpCompoTmp) {
|
|
DBG(("-->OutofMemory\n"));
|
|
lpIImeIPoint->Release();
|
|
return E_OUTOFMEMORY;
|
|
}
|
|
lpCompoTmp->header.dwSize = dwSize;
|
|
lpCompoTmp->header.dwCmdID = dwCmdID;
|
|
lpCompoTmp->header.dwDataID= dwDataID;
|
|
lpCompoTmp->dwStringCount = lpCompoInfo->dwStringCount;
|
|
lpCompoTmp->dwCaretPos = lpCompoInfo->dwCaretPos;
|
|
lpCompoTmp->dwUndeterminedStartPos = lpCompoInfo->dwUndeterminedStartPos;
|
|
lpCompoTmp->dwUndeterminedLength = lpCompoInfo->dwUndeterminedLength;
|
|
lpCompoTmp->dwEditStartPos = lpCompoInfo->dwEditStartPos;
|
|
lpCompoTmp->dwEditLength = lpCompoInfo->dwEditLength;
|
|
lpCompoTmp->dwOffsetString = (DWORD)sizeof(IMEDATACOMPOSITION);
|
|
|
|
lpwstr = (LPWSTR)((PBYTE)lpCompoTmp + lpCompoTmp->dwOffsetString);
|
|
|
|
// Security Fix: Dangerous API (CopyMemory)
|
|
lpbOutOfBuffer = ((LPBYTE)lpCompoTmp) + dwSize;
|
|
dwDtnSize = (DWORD)(lpbOutOfBuffer - ((LPBYTE)lpwstr));
|
|
if (dwDtnSize < ((lpCompoTmp->dwStringCount+1) * sizeof(WCHAR)) ) {
|
|
lpCompoTmp->dwStringCount = dwDtnSize / sizeof(WCHAR) - 1;
|
|
}
|
|
|
|
//990928:toshiaK for KOTAE #2273
|
|
//Need to check lpwstrCompo is NULL or not.
|
|
if(lpwstrCompo && lpCompoTmp->dwStringCount > 0) {
|
|
CopyMemory(lpwstr,
|
|
(WCHAR *)lpwstrCompo,
|
|
lpCompoTmp->dwStringCount * sizeof(WCHAR));
|
|
}
|
|
lpwstr[lpCompoTmp->dwStringCount] = (WCHAR)0x0000;
|
|
|
|
lpCompoTmp->dwOffsetCharID = (DWORD)(sizeof(IMEDATACOMPOSITION) +
|
|
(lpCompoTmp->dwStringCount+1)*sizeof(WCHAR));
|
|
//990928:toshiaK for KOTAE #2273
|
|
//Need to check pdwCharID is NULL or not.
|
|
if(pdwCharID && lpCompoTmp->dwStringCount > 0) {
|
|
pdw = (DWORD *)((PBYTE)lpCompoTmp + lpCompoTmp->dwOffsetCharID);
|
|
|
|
// Security Fix: Dangerous API (CopyMemory)
|
|
dwDtnSize = (DWORD)(lpbOutOfBuffer - ((LPBYTE)pdw));
|
|
if (dwDtnSize < (lpCompoTmp->dwStringCount * sizeof(DWORD)) ) {
|
|
lpCompoTmp->dwStringCount = dwDtnSize / sizeof(DWORD);
|
|
}
|
|
|
|
CopyMemory(pdw, pdwCharID, sizeof(DWORD)*lpCompoTmp->dwStringCount);
|
|
}
|
|
|
|
*pSize = lpCompoTmp->header.dwSize;
|
|
*ppByte = (PBYTE)lpCompoTmp;
|
|
(*m_lpCImePadSvr->m_fnCoTaskMemFree)(lpCompoInfo);
|
|
|
|
//990928:toshiaK for KOTAE #2273
|
|
if(lpwstrCompo) {
|
|
(*m_lpCImePadSvr->m_fnCoTaskMemFree)(lpwstrCompo);
|
|
}
|
|
//990928:toshiaK for KOTAE #2273
|
|
if(pdwCharID) {
|
|
(*m_lpCImePadSvr->m_fnCoTaskMemFree)(pdwCharID);
|
|
}
|
|
DBG(("--> IMECMDID_GETCOMPOSITIONSTRING END\n"));
|
|
break;
|
|
default:
|
|
// Security Fix: Attack surface reduction
|
|
hr = S_FALSE;
|
|
|
|
break;
|
|
}
|
|
break;
|
|
case IMEDATAID_CONVSTATUS:
|
|
{
|
|
if(dwCmdID != IMECMDID_GETCONVERSIONSTATUS) {
|
|
DBG((" --> INVALID CMDID\n"));
|
|
|
|
// Security Fix: Attack surface reduction
|
|
hr = S_FALSE;
|
|
break;
|
|
}
|
|
DBG(("--> IMECMDID_GETCONVERSIONSTATUS\n"));
|
|
dwSize = sizeof(IMEDATACONVSTATUS);
|
|
LPIMEDATACONVSTATUS lpConvStat;
|
|
lpConvStat = (LPIMEDATACONVSTATUS)(*m_lpCImePadSvr->m_fnCoTaskMemAlloc)(dwSize);
|
|
if(!lpConvStat) {
|
|
DBG(("E_OUTOFMEMORY dwSize [%d]\n", dwSize));
|
|
lpIImeIPoint->Release();
|
|
return E_OUTOFMEMORY;
|
|
}
|
|
LPARAM lConv = 0;
|
|
LPARAM lSent = 0;
|
|
hr = lpIImeIPoint->ControlIME((WORD)IPCTRL_GETCONVERSIONMODE,
|
|
(LPARAM)&lConv);
|
|
|
|
hr = lpIImeIPoint->ControlIME((WORD)IPCTRL_GETSENTENCENMODE,
|
|
(LPARAM)&lSent);
|
|
lpConvStat->header.dwSize = dwSize;
|
|
lpConvStat->header.dwCmdID = IMECMDID_GETCONVERSIONSTATUS;
|
|
lpConvStat->header.dwDataID= IMEDATAID_CONVSTATUS;
|
|
lpConvStat->dwConversionMode = (DWORD)lConv;
|
|
lpConvStat->dwSentenceMode = (DWORD)lSent;
|
|
DBG((" --> dwConversionMode[0x%8x]\n", lpConvStat->dwConversionMode));
|
|
DBG((" --> dwSentenceMode [0x%8x]\n", lpConvStat->dwSentenceMode));
|
|
*pSize = dwSize;
|
|
*ppByte = (PBYTE)lpConvStat;
|
|
}
|
|
break;
|
|
case IMEDATAID_APPINFO:
|
|
//990816:ToshiaK KOTAE Raid #1757
|
|
if(dwCmdID != IMECMDID_GETAPPLHWND) {
|
|
DBG((" --> INVALID CMDID\n"));
|
|
hr = S_FALSE;
|
|
}
|
|
else {
|
|
IImeCallback *lp = NULL;
|
|
IUnknown *lpUnkCB;
|
|
lpUnkCB = m_lpCImePadSvr->GetIUnkIImeCallback();
|
|
if(!lpUnkCB) {
|
|
DBG(("-->IImeCallback does not set\n"));
|
|
lpIImeIPoint->Release();
|
|
return E_FAIL;
|
|
}
|
|
#if 0
|
|
if(IsBadVtbl((IUnkDummy*)lpUnkCB)) {
|
|
DBG(("lpIUnk is BAD Pointer \n"));
|
|
lpIImeIPoint->Release();
|
|
return E_FAIL;
|
|
}
|
|
#endif
|
|
lpUnkCB->QueryInterface(IID_IImeCallback, (LPVOID *)&lp);
|
|
if(!lp) {
|
|
DBG(("-->QuertyInterface Failed\n"));
|
|
lpIImeIPoint->Release();
|
|
return E_FAIL;
|
|
}
|
|
|
|
dwSize = sizeof(IMEDATAAPPLINFO);
|
|
LPIMEDATAAPPLINFO lpApplInfo;
|
|
lpApplInfo = (LPIMEDATAAPPLINFO)(*m_lpCImePadSvr->m_fnCoTaskMemAlloc)(dwSize);
|
|
if(!lpApplInfo) {
|
|
DBG(("E_OUTOFMEMORY dwSize [%d]\n", dwSize));
|
|
lpIImeIPoint->Release();
|
|
return E_OUTOFMEMORY;
|
|
}
|
|
lpApplInfo->header.dwSize = dwSize;
|
|
lpApplInfo->header.dwCmdID = IMECMDID_GETAPPLHWND;
|
|
lpApplInfo->header.dwDataID= IMEDATAID_APPINFO;
|
|
lpApplInfo->hwndApp = NULL;
|
|
lp->GetApplicationHWND(&lpApplInfo->hwndApp);
|
|
|
|
if(pSize && ppByte) {
|
|
*pSize = dwSize;
|
|
*ppByte = (PBYTE)lpApplInfo;
|
|
}
|
|
else {
|
|
(*m_lpCImePadSvr->m_fnCoTaskMemFree)(lpApplInfo);
|
|
hr = E_FAIL;
|
|
}
|
|
lp->Release();
|
|
}
|
|
break;
|
|
default:
|
|
DBG(("UNKOWN DATAID [0x%08x]\n", dwDataID));
|
|
hr = S_FALSE;
|
|
break;
|
|
}
|
|
|
|
lpIImeIPoint->Release();
|
|
}
|
|
__except(EXCEPTION_EXECUTE_HANDLER) {
|
|
hr = E_FAIL;
|
|
}
|
|
|
|
DBG(("CImePadCallback::ReceiveData END hr[0x%08x]\n", hr));
|
|
return hr;
|
|
}
|
|
|
|
|
|
//----------------------------------------------------------------
|
|
|
|
CImePadCallback::CImePadCallback(HWND hwndIF, LPCImePadSvr lpCImePadSvr)
|
|
{
|
|
DBG(("######## CImePadCallback::CImePadCallback constructor START ##########\n"));
|
|
m_hwndIF = hwndIF;
|
|
m_lpCImePadSvr = lpCImePadSvr;
|
|
m_cRef = 0;
|
|
DBG(("######## CImePadCallback::CImePadCallback constructor END ##########\n"));
|
|
}
|
|
|
|
CImePadCallback::~CImePadCallback()
|
|
{
|
|
DBG(("######## CImePadCallback::~CImePadCallback destructor START ##########\n"));
|
|
m_hwndIF = NULL;
|
|
m_lpCImePadSvr = NULL;
|
|
DBG(("######## CImePadCallback::~CImePadCallback destructor END ##########\n"));
|
|
m_cRef = 0;
|
|
}
|
|
|
|
VOID*
|
|
CImePadCallback::operator new( size_t size )
|
|
{
|
|
LPVOID lp = (LPVOID)MemAlloc(size);
|
|
return lp;
|
|
}
|
|
|
|
VOID
|
|
CImePadCallback::operator delete( VOID *lp )
|
|
{
|
|
if(lp) {
|
|
MemFree(lp);
|
|
}
|
|
return;
|
|
}
|
|
|