Remove four useless checks in dlls/gdi32/enhmetafile.c
Gerald Pfeifer
gerald at pfeifer.com
Sun Jan 6 11:42:57 CST 2008
On Mon, 3 Dec 2007, Alexandre Julliard wrote:
> It's closer, but overflow should be treated as an error even if the
> result is within range.
Fair point. While we are fixing things, it's a good opportunity to
tighten the checks.
I just noticed that I failed to reply to this so far, so please find
below an updated patch. I'm not really familiar with this, so please
double check and adjust/fix as you see fit!
Thanks,
Gerald
ChangeLog:
Tighten range checking in PlayEnhMetaFileRecord() and remove four
useless checks.
Index: dlls/gdi32/enhmetafile.c
===================================================================
RCS file: /home/wine/wine/dlls/gdi32/enhmetafile.c,v
retrieving revision 1.6
diff -u -3 -p -r1.6 enhmetafile.c
--- dlls/gdi32/enhmetafile.c 3 Aug 2007 13:06:43 -0000 1.6
+++ dlls/gdi32/enhmetafile.c 6 Jan 2008 17:35:46 -0000
@@ -1669,11 +1669,13 @@ BOOL WINAPI PlayEnhMetaFileRecord(
const EMRCREATEDIBPATTERNBRUSHPT *lpCreate = (const EMRCREATEDIBPATTERNBRUSHPT *)mr;
LPVOID lpPackedStruct;
- /* check that offsets and data are contained within the record */
- if ( !( (lpCreate->cbBmi>=0) && (lpCreate->cbBits>=0) &&
- (lpCreate->offBmi>=0) && (lpCreate->offBits>=0) &&
- ((lpCreate->offBmi +lpCreate->cbBmi ) <= mr->nSize) &&
- ((lpCreate->offBits+lpCreate->cbBits) <= mr->nSize) ) )
+ /* Check that offsets and data are contained within the record
+ * (including checking for wrap arounds).
+ */
+ if ( lpCreate->offBmi + lpCreate->cbBmi > mr->nSize
+ || lpCreate->offBits + lpCreate->cbBits > mr->nSize
+ || lpCreate->offBmi + lpCreate->cbBmi < lpCreate->offBmi
+ || lpCreate->offBits + lpCreate->cbBits < lpCreate->offBits
{
ERR("Invalid EMR_CREATEDIBPATTERNBRUSHPT record\n");
break;
More information about the wine-patches
mailing list