gdi32: avoid null pointer dereference in CreateDIBSection (bug 8066)
Nikolay Sivov
bunglehead at gmail.com
Sat May 10 02:14:29 CDT 2008
Changelog:
- CreateDIBSection should check bmi pointer. Test added. Tested on WinXP SP2.
---
dlls/gdi32/dib.c | 5 +++++
dlls/gdi32/tests/bitmap.c | 7 +++++++
2 files changed, 12 insertions(+), 0 deletions(-)
diff --git a/dlls/gdi32/dib.c b/dlls/gdi32/dib.c
index 980e0f3..ffd6f31 100644
--- a/dlls/gdi32/dib.c
+++ b/dlls/gdi32/dib.c
@@ -1258,6 +1258,11 @@ HBITMAP WINAPI CreateDIBSection(HDC hdc, CONST BITMAPINFO *bmi, UINT usage,
DWORD compression, sizeImage;
void *mapBits = NULL;
+ if(!bmi){
+ if(bits) *bits = NULL;
+ return NULL;
+ }
+
if (((bitmap_type = DIB_GetBitmapInfo( &bmi->bmiHeader, &width, &height,
&planes, &bpp, &compression, &sizeImage )) == -1))
return 0;
diff --git a/dlls/gdi32/tests/bitmap.c b/dlls/gdi32/tests/bitmap.c
index 2ef2891..5a9495d 100644
--- a/dlls/gdi32/tests/bitmap.c
+++ b/dlls/gdi32/tests/bitmap.c
@@ -416,6 +416,13 @@ static void test_dibsections(void)
pbmi->bmiHeader.biCompression = BI_RGB;
SetLastError(0xdeadbeef);
+
+ /* invalid pointer for BITMAPINFO
+ (*bits should be NULL on error) */
+ bits = (BYTE*)0xdeadbeef;
+ hdib = CreateDIBSection(hdc, NULL, DIB_RGB_COLORS, (void**)&bits, NULL, 0);
+ ok(hdib == NULL && bits == NULL, "CreateDIBSection failed for invalid parameter: bmi == 0x0\n");
+
hdib = CreateDIBSection(hdc, pbmi, DIB_RGB_COLORS, (void**)&bits, NULL, 0);
ok(hdib != NULL, "CreateDIBSection error %d\n", GetLastError());
ok(GetObject(hdib, sizeof(DIBSECTION), &dibsec) != 0, "GetObject failed for DIBSection\n");
--
1.4.4.4
More information about the wine-patches
mailing list