[Bug 19241] winemenubuilder crashes during extraction of high-res Windows Vista+ 256x256 PNG compressed icon resources
wine-bugs at winehq.org
wine-bugs at winehq.org
Sun Aug 24 13:50:04 CDT 2014
https://bugs.winehq.org/show_bug.cgi?id=19241
Indrek <efbiaiinzinz at hotmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |efbiaiinzinz at hotmail.com
--- Comment #15 from Indrek <efbiaiinzinz at hotmail.com> ---
Created attachment 49409
--> https://bugs.winehq.org/attachment.cgi?id=49409
fix for out-of-bounds read
This patch should help for InnoSetup issue.
Issue seems to be GRPICONDIRENTRY with invalid information.
The dwBytesInRes has a value that exceeds the Size value in
IMAGE_RESOURCE_DATA_ENTRY, causing out-of-bounds memcpy and thus crash.
Added check+clipping against the out-of-bounds read.
As per MSDN blog, icon resources can contain raw PNG information instead of
regular BITMAPINFO, but due to weird decisions, only way to differentiate
between them is to check if the resource starts with PNG header bytes.
http://blogs.msdn.com/b/oldnewthing/archive/2010/10/22/10079192.aspx
Added check+skip for PNG icons to avoid issues arising from invalid BITMAPINFO
since I did not see that winemenubuilder supports/checks PNG icons anywhere.
--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.
More information about the wine-bugs
mailing list