Alex Villacís Lasso : user32: LoadImage(IMAGE_BITMAP ) should reject invalid BMP files (with tests).
Alexandre Julliard
julliard at winehq.org
Mon Apr 14 07:14:07 CDT 2008
Module: wine
Branch: master
Commit: 1fcc4ffdfa84dd6d56f7947c43ebe1d8446b9d8d
URL: http://source.winehq.org/git/wine.git/?a=commit;h=1fcc4ffdfa84dd6d56f7947c43ebe1d8446b9d8d
Author: Alex Villacís Lasso <a_villacis at palosanto.com>
Date: Fri Apr 11 10:19:00 2008 -0500
user32: LoadImage(IMAGE_BITMAP) should reject invalid BMP files (with tests).
---
dlls/user32/cursoricon.c | 11 ++++
dlls/user32/tests/cursoricon.c | 111 ++++++++++++++++++++++++++++++++++++++++
2 files changed, 122 insertions(+), 0 deletions(-)
diff --git a/dlls/user32/cursoricon.c b/dlls/user32/cursoricon.c
index df6a408..153a2a4 100644
--- a/dlls/user32/cursoricon.c
+++ b/dlls/user32/cursoricon.c
@@ -2148,8 +2148,19 @@ static HBITMAP BITMAP_Load( HINSTANCE instance, LPCWSTR name,
}
else
{
+ BITMAPFILEHEADER * bmfh;
+
if (!(ptr = map_fileW( name, NULL ))) return 0;
info = (BITMAPINFO *)(ptr + sizeof(BITMAPFILEHEADER));
+ bmfh = (BITMAPFILEHEADER *)ptr;
+ if (!( bmfh->bfType == 0x4d42 /* 'BM' */ &&
+ bmfh->bfReserved1 == 0 &&
+ bmfh->bfReserved2 == 0))
+ {
+ WARN("Invalid/unsupported bitmap format!\n");
+ UnmapViewOfFile( ptr );
+ return 0;
+ }
}
size = bitmap_info_size(info, DIB_RGB_COLORS);
diff --git a/dlls/user32/tests/cursoricon.c b/dlls/user32/tests/cursoricon.c
index 7ea79ad..40f3a14 100644
--- a/dlls/user32/tests/cursoricon.c
+++ b/dlls/user32/tests/cursoricon.c
@@ -583,6 +583,111 @@ static void test_CreateIcon(void)
DeleteObject(hbmColor);
}
+/* Shamelessly ripped from dlls/oleaut32/tests/olepicture.c */
+/* 1x1 pixel gif */
+static const unsigned char gifimage[35] = {
+0x47,0x49,0x46,0x38,0x37,0x61,0x01,0x00,0x01,0x00,0x80,0x00,0x00,0xff,0xff,0xff,
+0xff,0xff,0xff,0x2c,0x00,0x00,0x00,0x00,0x01,0x00,0x01,0x00,0x00,0x02,0x02,0x44,
+0x01,0x00,0x3b
+};
+
+/* 1x1 pixel jpg */
+static const unsigned char jpgimage[285] = {
+0xff,0xd8,0xff,0xe0,0x00,0x10,0x4a,0x46,0x49,0x46,0x00,0x01,0x01,0x01,0x01,0x2c,
+0x01,0x2c,0x00,0x00,0xff,0xdb,0x00,0x43,0x00,0x05,0x03,0x04,0x04,0x04,0x03,0x05,
+0x04,0x04,0x04,0x05,0x05,0x05,0x06,0x07,0x0c,0x08,0x07,0x07,0x07,0x07,0x0f,0x0b,
+0x0b,0x09,0x0c,0x11,0x0f,0x12,0x12,0x11,0x0f,0x11,0x11,0x13,0x16,0x1c,0x17,0x13,
+0x14,0x1a,0x15,0x11,0x11,0x18,0x21,0x18,0x1a,0x1d,0x1d,0x1f,0x1f,0x1f,0x13,0x17,
+0x22,0x24,0x22,0x1e,0x24,0x1c,0x1e,0x1f,0x1e,0xff,0xdb,0x00,0x43,0x01,0x05,0x05,
+0x05,0x07,0x06,0x07,0x0e,0x08,0x08,0x0e,0x1e,0x14,0x11,0x14,0x1e,0x1e,0x1e,0x1e,
+0x1e,0x1e,0x1e,0x1e,0x1e,0x1e,0x1e,0x1e,0x1e,0x1e,0x1e,0x1e,0x1e,0x1e,0x1e,0x1e,
+0x1e,0x1e,0x1e,0x1e,0x1e,0x1e,0x1e,0x1e,0x1e,0x1e,0x1e,0x1e,0x1e,0x1e,0x1e,0x1e,
+0x1e,0x1e,0x1e,0x1e,0x1e,0x1e,0x1e,0x1e,0x1e,0x1e,0x1e,0x1e,0x1e,0x1e,0xff,0xc0,
+0x00,0x11,0x08,0x00,0x01,0x00,0x01,0x03,0x01,0x22,0x00,0x02,0x11,0x01,0x03,0x11,
+0x01,0xff,0xc4,0x00,0x15,0x00,0x01,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x08,0xff,0xc4,0x00,0x14,0x10,0x01,0x00,0x00,
+0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff,0xc4,
+0x00,0x14,0x01,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+0x00,0x00,0x00,0x00,0xff,0xc4,0x00,0x14,0x11,0x01,0x00,0x00,0x00,0x00,0x00,0x00,
+0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff,0xda,0x00,0x0c,0x03,0x01,
+0x00,0x02,0x11,0x03,0x11,0x00,0x3f,0x00,0xb2,0xc0,0x07,0xff,0xd9
+};
+
+/* 1x1 pixel png */
+static const unsigned char pngimage[285] = {
+0x89,0x50,0x4e,0x47,0x0d,0x0a,0x1a,0x0a,0x00,0x00,0x00,0x0d,0x49,0x48,0x44,0x52,
+0x00,0x00,0x00,0x01,0x00,0x00,0x00,0x01,0x08,0x02,0x00,0x00,0x00,0x90,0x77,0x53,
+0xde,0x00,0x00,0x00,0x09,0x70,0x48,0x59,0x73,0x00,0x00,0x0b,0x13,0x00,0x00,0x0b,
+0x13,0x01,0x00,0x9a,0x9c,0x18,0x00,0x00,0x00,0x07,0x74,0x49,0x4d,0x45,0x07,0xd5,
+0x06,0x03,0x0f,0x07,0x2d,0x12,0x10,0xf0,0xfd,0x00,0x00,0x00,0x0c,0x49,0x44,0x41,
+0x54,0x08,0xd7,0x63,0xf8,0xff,0xff,0x3f,0x00,0x05,0xfe,0x02,0xfe,0xdc,0xcc,0x59,
+0xe7,0x00,0x00,0x00,0x00,0x49,0x45,0x4e,0x44,0xae,0x42,0x60,0x82
+};
+
+/* 1x1 pixel bmp */
+static const unsigned char bmpimage[66] = {
+0x42,0x4d,0x42,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x3e,0x00,0x00,0x00,0x28,0x00,
+0x00,0x00,0x01,0x00,0x00,0x00,0x01,0x00,0x00,0x00,0x01,0x00,0x01,0x00,0x00,0x00,
+0x00,0x00,0x04,0x00,0x00,0x00,0x12,0x0b,0x00,0x00,0x12,0x0b,0x00,0x00,0x02,0x00,
+0x00,0x00,0x02,0x00,0x00,0x00,0xff,0xff,0xff,0x00,0xff,0xff,0xff,0x00,0x00,0x00,
+0x00,0x00
+};
+
+/* 2x2 pixel gif */
+static const unsigned char gif4pixel[42] = {
+0x47,0x49,0x46,0x38,0x37,0x61,0x02,0x00,0x02,0x00,0xa1,0x00,0x00,0x00,0x00,0x00,
+0x39,0x62,0xfc,0xff,0x1a,0xe5,0xff,0xff,0xff,0x2c,0x00,0x00,0x00,0x00,0x02,0x00,
+0x02,0x00,0x00,0x02,0x03,0x14,0x16,0x05,0x00,0x3b
+};
+
+static void test_LoadImageFile(const unsigned char * image_data,
+ unsigned int image_size, const char * ext, BOOL expect_success)
+{
+ HANDLE handle;
+ BOOL ret;
+ DWORD error, bytes_written;
+ char filename[64];
+
+ strcpy(filename, "test.");
+ strcat(filename, ext);
+
+ /* Create the test image. */
+ handle = CreateFileA(filename, GENERIC_READ|GENERIC_WRITE, 0, NULL, CREATE_NEW,
+ FILE_ATTRIBUTE_NORMAL, NULL);
+ ok(handle != INVALID_HANDLE_VALUE, "CreateFileA failed. %u\n", GetLastError());
+ ret = WriteFile(handle, image_data, image_size, &bytes_written, NULL);
+ ok(bytes_written == image_size, "test file created improperly.\n");
+ CloseHandle(handle);
+
+ /* Load as cursor. For all tested formats, this should fail */
+ SetLastError(0xdeadbeef);
+ handle = LoadImageA(NULL, filename, IMAGE_CURSOR, 0, 0, LR_LOADFROMFILE);
+ ok(handle == NULL, "LoadImage(%s) as IMAGE_CURSOR succeeded incorrectly.\n", ext);
+ error = GetLastError();
+ ok(error == 0, "Last error: %u\n", error);
+ if (handle != NULL) DestroyCursor(handle);
+
+ /* Load as icon. For all tested formats, this should fail */
+ SetLastError(0xdeadbeef);
+ handle = LoadImageA(NULL, filename, IMAGE_ICON, 0, 0, LR_LOADFROMFILE);
+ ok(handle == NULL, "LoadImage(%s) as IMAGE_ICON succeeded incorrectly.\n", ext);
+ error = GetLastError();
+ ok(error == 0, "Last error: %u\n", error);
+ if (handle != NULL) DestroyIcon(handle);
+
+ /* Load as bitmap. Should succeed if bmp, fail for everything else */
+ SetLastError(0xdeadbeef);
+ handle = LoadImageA(NULL, filename, IMAGE_BITMAP, 0, 0, LR_LOADFROMFILE);
+ if (expect_success)
+ ok(handle != NULL, "LoadImage(%s) as IMAGE_BITMAP failed.\n", ext);
+ else ok(handle == NULL, "LoadImage(%s) as IMAGE_BITMAP succeeded incorrectly.\n", ext);
+ error = GetLastError();
+ ok(error == 0, "Last error: %u\n", error);
+ if (handle != NULL) DeleteObject(handle);
+
+ DeleteFileA(filename);
+}
+
static void test_LoadImage(void)
{
HANDLE handle;
@@ -668,6 +773,12 @@ static void test_LoadImage(void)
HeapFree(GetProcessHeap(), 0, icon_data);
DeleteFileA("icon.ico");
+
+ test_LoadImageFile(bmpimage, sizeof(bmpimage), "bmp", 1);
+ test_LoadImageFile(gifimage, sizeof(gifimage), "gif", 0);
+ test_LoadImageFile(gif4pixel, sizeof(gif4pixel), "gif", 0);
+ test_LoadImageFile(jpgimage, sizeof(jpgimage), "jpg", 0);
+ test_LoadImageFile(pngimage, sizeof(pngimage), "png", 0);
}
static void test_DestroyCursor(void)
More information about the wine-cvs
mailing list