The application AutoGK was getting the length of the text with
WM_GETTEXTLENGTH to allocate an appropriate buffer size, but then
claimed the buffer was twice the size when sending WM_GETTEXTEX. This
caused the memcpy call to overflow the actual buffer since the count
is based on the size of the buffer alone, regardless of the amount of
text retrieved.
ME_GetTextEx directly handles EM_GETTEXTEX, and previously a NULL buffer
would be dereferenced, and a 0 buffer length would cause nCount an
underflow in the nCount value which would allow a buffer overflow to
occur.
The application Blitzin2 was sending WM_VSCROLL messages to the
richedit control directly, when normally this message is supposed to
be a notification sent after the scrollinfo is set. Native richedit
controls always use the 16-bit value passed to this message to set the
scroll position for SB_THUMBPOSITION, rather than trying to find a
32-bit value through GetScrollInfo like I had previously done.
The missing return was to prevent automatic vertically scrolling when
style for it is not set, but is set for the horizontal scrollbar. I
initially missed this by testing with no autoscrolling on either
scrollbar.
Rich text files have groupings of text, where styles are pushed onto
the stack when encountering a start of the group, then popped at the
end of the group. This was being handled improperly before, because a
single styleChanged flag was being stored to keep track of whether the
style needed to be restored at the end of a group. This fails to work
properly since the single flag isn't keeping track of all the levels
of the stack, so some styles are not restored properly.
When a colour table entry is empty, then the default colour is used.
For an incomplete colour table entry 0 is used for the missing colours.
Previously the -1 value used internally for missing colours was being
converted into white, where it should be using the default colour that
is normally black.
This bug could be seen by loading the following rich text into wordpad:
{\rtf{\colortbl;;}\cf1 text}
Previously after initial window creation of a richedit control with the
ES_DISABLENOSCROLL window style flag the scrollbar would be shown but
not disabled. This patch fixes this issue by explicitly disabling and
showing the scrollbar.
When the richedit control is created without the ES_AUTOHSCROLL or the
ES_AUTOVSCROLL, then scrolling isn't done automatically when moving the
cursor with the arrow keys, drag selecting with the mouse, or even from
using the EM_SCROLLCARET (based on testing using a modified version of
wordpad).
WM_SETTEXT seems to check for {\rtf or {\urtf to determine if it is an
ascii RTF string, even if it is a unicode message. So I removed the
check to see if it is a unicode message, and added a check for {\urtf.
This was partially handled by ungetting the end group token (i.e. '}')
so that it was read again at the proper place. Unfortunately there is a
read hook that maintains a stackTop variable, which is decremented when
receiving this end group token. Therefore stackTop would get
decremented twice, and the rich text file would end prematurely.
This is fixed by incrementing the stackTop variable to compensate for it
being decremented twice.
Wine was not doing bounds checks for EM_GETTEXTRANGE, which was causing
a crash in Bug 17822. The added tests would cause a crash without the
added bounds checks in the richedit code.
The bounds checks I put in HandleMessage, since ME_GetTextRange is also
called for ME_GETSELTEXT which should not have bounds checks, since it
uses the selection range.
When the ME_GETTEXTRANGE message returns 0, no text is copied, not even
the NULL terminating charter. This differs from EM_GETSELTEXT which
will copy the NULL terminating character when no text is selected. This
behaviour is consistent with native richedit controls.
Images that are inserted into richedit controls store a space for the
text, since that is the character returned when getting the plain text
from the control.
When calculating the width of a line, the space character is skipped,
but images should not be skipped. This can be seen by inserting an
image into wordpad on a line by it's own, then centering the line. The
image will start from the center rather than being centered in the
control.
EM_SETCHARFORMAT can be used to make text links. Automatic URL
detection being enable would cause these links to be removed if the text
is not a URL, so this must be prevented.
Previously checks were made for AutoURLDetect_bEnable before calling
ME_UpdateSelectionLinkAttribute, or ME_UpdateLinkAttribute. This is
more error prone than checking for this within the function, so one call
was missing this check.
ME_SetCursor also didn't respect this behaviour, since it wouldn't set
the cursor to the hand when hovering over a link without automatic URL
detection disabled.
Before the code was modifying the format rect to compensate for space
being added or removed for the selection bar, but this should only
happen when the ECO_SELECTIONBAR setting bit changes.
When all the text fits on the screen, the scrollbars are not shown from
EM_SHOWSCROLLBAR. The message instead adds support for the specified
scrollbar when lParam is TRUE, so that the scrollbar will be shown when
sufficient text is in the document.
The scrollbar visibility can be changed from SetScrollRange or
SetScrollInfo, but the visiblity that is a result of these calls are
not consistent with the calculation made by richedit controls to
decide whether to show or hide the scrollbars.
The ME_TextBuffer structure is what is used to store the document (as
a linked list), so the ME_Document structure isn't being used. There
was also a document pointer in the ME_Paragraph structure that was
also unused, so I removed it because it is probably related to this
used structure.
This prevents some needless searching for the start of the paragraph
from a run stored in a cursor. Usually a pointer to the paragraph is
already available when the cursor is set anyway.
These functions were just being used for addition, so it was simpler to
remove the functions and modify the places it was used.
The ME_StrRelPos2 and ME_PosToVPos were just simple wrappers around
ME_StrRelPos, and ME_PosToVPos wasn't being used.
These two functions were being used for simple operations, to get the
first or last character when pre-computing flags for splitting runs.
The call to ME_GetCharBack wasn't even giving the correct result, it
would always return -1 since it is being called with nPos of 0.
This patch simplifies the code by removing the functions and getting the
characters directly from the string.
These functions were probably previously needed because of some wierd
special handling of backspace characters, but currently there is no
reason why the nLen field can't be accessed directly.
Having to functions that just access the string length field just causes
slightly more effort for someone to look at the code, because they need
to enter the function to find out what it actually is doing.
The function was just returning the second parameter. It had some
commented out code that indicated that previously backslashes weren't
included in the length. Native wordpad doesn't handle backspaces in a
special way, so this must have been an internal representation that
complicated finding the position of characters.
ME_GetCursorCoordinates had two conditions that were always taken. The
first condition was if(pCursor->pRun->type == diRun) was following an
assertion making the exact same check. The next one, if(row), should
always be taken, otherwise the richedit controls are in a corrupt state,
therefore an assertion is more appropriate.
I found that ME_MakeStringB was previously unused, and that the other
ME_MakeString functions repeated code that was already in ME_MakeStringB.
Making ME_MakeStringB static and using it to avoid duplicate code seemed
like a better idea than removing the function.
Previously it found the start or end by traversing the linked lists of
run, rows, paragraphs, and cells from the current position of the
cursors. Clearly it is better to get the start or end directly to make
it a constant time operation.
Wrapping is needed to be done even when repainting isn't done since
later messages expect line breaks to reflect the current text. Some
message can specify not to paint the sceen, but this should prevent
wrapping from being done.
- A HWND can be safely marshaled over a LONG as its payload is not
a pointer but a user handle.
- Use GetWindowLongPtr instead of GetWindowLong to retrieve a pointer.
When finding an adjacent paragraph, the next_para and prev_para pointers
should be used because they are direct pointers, a constant time
operation. Instead I found some places in the code that searched through
the general linked list to get to an adjacent paragraph, which is a linear
time operation, depending on the number of rows and runs in between
paragraphs.
The fixme comment is suggesting wrapping a paragraph within a function
that is for moving the selection cursor up or down a line when the up
or down keys are pressed. The contents fo paragraph aren't being
changed, so there is no need to wrap the paragraph.
More case of searching for the paragraph through the linked list when
is was already previously available. Since each wrap context is used
for wrapping each paragraph, I decided to add the reference to the
paragarph in the structure.
Rather than get the paragraph from the run, the function allows the
caller to provide the paragraph, since it is already available. This
reduces unnecessary traversals of lists that take longer as more runs
and rows are in the paragraph.
The ME_RunOfsFromCharOfs function finds the paragraph before finding the
run and offset within the run, so the function may as well be able to
return this paragraph to the caller. Many callers to the function
instead find the paragraph from the run, which ends up unnecessarily
traversing a linked list of runs within the paragraph.
Whenever ME_InitContext is called, ME_DestroyContext should be used to
clean it up. This way the context can be extended easily by modifying
those two functions. Instead, these two places of code just released
the DC, without using ME_DestroyContext, so the created brush for the
margin was not deleted.
These calls to ME_WrapMarkedParagraphs never do anything, and don't make
sense to be called in these places. These places are for ME_MoveCaret,
and ME_ArrowHome, which both don't involve any text being modified, and
all (direct and indirect) calls to these functions are done after the
text has already been wrapped.
There was a bug in ME_FindText which would cause the final caracter
offset to be incorrect when a paragraph was crossed while matching
characters. The problem was the character offset of the wrong
paragraph was used in the calculation of the start offset of the
match.
The text mode is already stored, and EM_SETTEXTMODE already exists.
There was however a bug in EM_MakeEditor that could cause TM_PLAINTEXT
and TM_RICHEDIT to be set at the same time. This was corrected to ensure
EM_GETTEXTMODE returned the proper mode being used.
The width for EM_SETTARGETDEVICE is used by some applications to set the
wrapping width to a certain distance in twips. This can be used even
though the target device is ignored.
The internal style flags are used to determine whether to show or hide
the scrollbar when ME_UpdateScrollBar is called. EM_SHOWSCROLLBAR seems
to update this state in native richedit controls.
If the scrollbar style isn't initially used, then the scrollbar should
be shown. Otherwise this can be a problem when the horizontal scrollbar
is shown for a single line richedit control, since it will cover all the
text (See bug 12088).
Previously a count of the carraige returns and line feeds were stored
for end of paragraph runs, and a paragraph sign was stored as the actual
string. This was causing many special cases where the length of the
run needed to be determined differently if the run was or wasn't an
end of paragraph run.
There wasn't any use for storing the paragraph sign unless some drawing
code gets commented out to allow the end paragraphs to be shown,
therefore I changed the code to store the actual string that gets
retrieved by WM_GETTEXT.
The two functions ME_FindItemAtOffset and ME_RunOfsFromCharOfs were almost
identically used, since ME_FindItemAtOffset was always used to find a run.
The only difference was how they returned the offset within the run for an
end of paragraph run.
For ME_FindItemAtOffset it would return the next run if it was in between \r
and \n. ME_RunOfsFromCharOfs would instead return an nOffset of 0 for end
paragraph runs. This subtle difference introduced bugs, so I decided to
avoid having special case in this function when creating this patch, and
instead let the caller handle this case.
EM_GETTEXTRANGE allows the start character offset and end characters
offset to be used to specify the range of text to retrieve. If the
start offset is in the middle of an end of paragraph run (i.e. \r\n),
then it should only retrieve the characters after the specified
character offset.
I found that ME_FindItemAtOffset and ME_CursorFromCharOfs are used
almost identically, except for how they handle a character offset that
is between a carriage return and line feed. In this case
ME_CursorFromCharOfs sets the cursor's run offset to 0, but
ME_FindItemAtOffset instead returns the next run which is what was
causing ME_LINELENGTH to incorrectly return the length of the next
line.
riched32.dll does preserve the carriage returns and line feeds unlike
later versions of the richedit control, however the tests previously
missed the fact that a sequence of carriage returns followed by a line
feed (e.g. \r\r\r\n) can actually cause multiple paragraph breaks.
I noticed a while ago that on Windows XP richedit controls ignored
characters typed while the mouse is captured (e.g. from holding the left
or middle button down). Arrow keys, delete, and backspace, copying,
cutting, pasting, and everything else handled on WM_CHAR and WM_KEYDOWN
messages are also ignored.
Certain operations will simply not be done for windowless richedit
controls, such as WM_PAINT which isn't done for windowless richedit
controls since ITextServices provides a TxDraw method.
The methods in ITextHost are mostly thin wrappers around functions that
take a handle to a window as their first parameter. This patch just
uses the wrapper functions provided by ITextHost instead of using the
functions that require a handle to a window that the editor might now
have (for windowless richedit controls).