[Bug 11237] New: heap corruption in freetype font loader

[wine-bugs at winehq.org]

http://bugs.winehq.org/show_bug.cgi?id=11237

           Summary: heap corruption in freetype font loader
           Product: Wine
           Version: 0.9.53.
          Platform: Other
               URL: http://www.bahn.de/p/view/static/spiele/virtuelle_bahnfa
                    hrt.exe
        OS/Version: other
            Status: NEW
          Severity: major
          Priority: P2
         Component: fonts
        AssignedTo: wine-bugs at winehq.org
        ReportedBy: marcus at jet.franken.de


The "Virtuelle Bahnfahrt" Screensaver of the German Rail company
has a heap corruption in its About Dialog.

To reproduce:
- download URL
- install by running "wine virtuelle_bahnfahrt.exe"
- run by:
  cd .wine/drive_c/windows
  wine Virtuelle\ Bahnfahrt.scr

this will result in heap corruption.

I tracked this down to dlls/gdi32/freetype.c, and it loads a bitmap font
which is larger than the requested size.

I will attach a patch that fixes the problem.


-- 
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.