patch for dlls/gdi32/dib.c: fixes crash
Wolfgang Walter
wine at stwm.de
Wed Jul 27 10:44:58 CDT 2011
Hello,
an application started to crash with recent versions of wine:
err:seh:setup_exception_record stack overflow 820 bytes in thread 0039 eip 7bc80a06 esp 00240ffc stack
I bisected it down to commit
6ce6f890bef2257af50a78e7deee86bdce052189 is the first bad commit
commit 6ce6f890bef2257af50a78e7deee86bdce052189
Author: Huw Davies <huw at codeweavers.com>
Date: Fri Jul 22 15:09:58 2011 +0100
gdi32: Add a helper to sanitize a BITMAPINFO structure.
:040000 040000 b6325072f7f3139321547d96568aa1177b1ed69a 4c949357226436c1e93c06b629a3471db75bc5e4 M dlls
This patch fixes the problem:
diff --git a/dlls/gdi32/dib.c b/dlls/gdi32/dib.c
index f7b9037..d544598 100644
--- a/dlls/gdi32/dib.c
+++ b/dlls/gdi32/dib.c
@@ -504,10 +504,8 @@ INT WINAPI SetDIBits( HDC hdc, HBITMAP hbitmap, UINT startscan,
BOOL delete_hdc = FALSE;
PHYSDEV physdev;
BITMAPOBJ *bitmap;
- char src_bmibuf[FIELD_OFFSET( BITMAPINFO, bmiColors[256] )];
- BITMAPINFO *src_info = (BITMAPINFO *)src_bmibuf;
- char dst_bmibuf[FIELD_OFFSET( BITMAPINFO, bmiColors[256] )];
- BITMAPINFO *dst_info = (BITMAPINFO *)dst_bmibuf;
+ BITMAPINFO *src_info = 0;
+ BITMAPINFO *dst_info = 0;
INT result = 0;
DWORD err;
struct gdi_image_bits src_bits;
@@ -538,6 +536,11 @@ INT WINAPI SetDIBits( HDC hdc, HBITMAP hbitmap, UINT startscan,
return 0;
}
+ if(!(src_info = HeapAlloc( GetProcessHeap(), 0, FIELD_OFFSET( BITMAPINFO, bmiColors[256] ) ))) {
+ SetLastError( ERROR_OUTOFMEMORY );
+ goto done;
+ }
+
if (!bitmapinfo_from_user_bitmapinfo( src_info, info, coloruse )) goto done;
if (coloruse == DIB_PAL_COLORS)
@@ -603,6 +606,10 @@ INT WINAPI SetDIBits( HDC hdc, HBITMAP hbitmap, UINT startscan,
dst.width = dst.visrect.right - dst.visrect.left;
dst.height = dst.visrect.bottom - dst.visrect.top;
+ if(!(dst_info = HeapAlloc( GetProcessHeap(), 0, FIELD_OFFSET( BITMAPINFO, bmiColors[256] ) ))) {
+ SetLastError( ERROR_OUTOFMEMORY );
+ goto done;
+ }
memcpy( dst_info, src_info, FIELD_OFFSET( BITMAPINFO, bmiColors[256] ));
err = physdev->funcs->pPutImage( physdev, hbitmap, clip, dst_info, &src_bits, &src, &dst, 0 );
@@ -629,6 +636,8 @@ INT WINAPI SetDIBits( HDC hdc, HBITMAP hbitmap, UINT startscan,
if(err) result = 0;
done:
+ HeapFree( GetProcessHeap(), 0, dst_info);
+ HeapFree( GetProcessHeap(), 0, src_info);
if (src_bits.free) src_bits.free( &src_bits );
if (clip) DeleteObject( clip );
GDI_ReleaseObj( hbitmap );
Regards,
--
Wolfgang Walter
Studentenwerk München
Anstalt des öffentlichen Rechts
More information about the wine-patches
mailing list