marko10_000
/
wine-wine
forked from Mirrors/wine-wine
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

gdi32: Tighten range checking in PlayEnhMetaFileRecord() and remove four useless checks.

oldstable
Gerald Pfeifer 2008-01-06 18:42:57 +01:00 committed by Alexandre Julliard
parent ad92cdcf55
commit 43837ed227
1 changed files with 7 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
dlls/gdi32/enhmetafile.c
View File

@ -1669,11 +1669,13 @@ BOOL WINAPI PlayEnhMetaFileRecord(
const EMRCREATEDIBPATTERNBRUSHPT *lpCreate = (const EMRCREATEDIBPATTERNBRUSHPT *)mr; const EMRCREATEDIBPATTERNBRUSHPT *lpCreate = (const EMRCREATEDIBPATTERNBRUSHPT *)mr;
LPVOID lpPackedStruct; LPVOID lpPackedStruct;
/* check that offsets and data are contained within the record */ /* Check that offsets and data are contained within the record
if ( !( (lpCreate->cbBmi>=0) && (lpCreate->cbBits>=0) && * (including checking for wrap arounds).
(lpCreate->offBmi>=0) && (lpCreate->offBits>=0) && */
((lpCreate->offBmi +lpCreate->cbBmi ) <= mr->nSize) && if ( lpCreate->offBmi + lpCreate->cbBmi > mr->nSize
((lpCreate->offBits+lpCreate->cbBits) <= mr->nSize) ) ) || lpCreate->offBits + lpCreate->cbBits > mr->nSize
|| lpCreate->offBmi + lpCreate->cbBmi < lpCreate->offBmi
|| lpCreate->offBits + lpCreate->cbBits < lpCreate->offBits )
{ {
ERR("Invalid EMR_CREATEDIBPATTERNBRUSHPT record\n"); ERR("Invalid EMR_CREATEDIBPATTERNBRUSHPT record\n");
break; break;