Alex Villacís Lasso : user32: LoadImage(IMAGE_BITMAP ) should reject invalid BMP files (with tests).

Alexandre Julliard julliard at winehq.org
Mon Apr 14 07:14:07 CDT 2008 

Module: wine
Branch: master
Commit: 1fcc4ffdfa84dd6d56f7947c43ebe1d8446b9d8d
URL:    http://source.winehq.org/git/wine.git/?a=commit;h=1fcc4ffdfa84dd6d56f7947c43ebe1d8446b9d8d

Author: Alex Villacís Lasso <a_villacis at palosanto.com>
Date:   Fri Apr 11 10:19:00 2008 -0500

user32: LoadImage(IMAGE_BITMAP) should reject invalid BMP files (with tests).

---

 dlls/user32/cursoricon.c       |   11 ++++
 dlls/user32/tests/cursoricon.c |  111 ++++++++++++++++++++++++++++++++++++++++
 2 files changed, 122 insertions(+), 0 deletions(-)

diff --git a/dlls/user32/cursoricon.c b/dlls/user32/cursoricon.c
index df6a408..153a2a4 100644
--- a/dlls/user32/cursoricon.c
+++ b/dlls/user32/cursoricon.c
@@ -2148,8 +2148,19 @@ static HBITMAP BITMAP_Load( HINSTANCE instance, LPCWSTR name,
     }
     else
     {
+        BITMAPFILEHEADER * bmfh;
+
         if (!(ptr = map_fileW( name, NULL ))) return 0;
         info = (BITMAPINFO *)(ptr + sizeof(BITMAPFILEHEADER));
+        bmfh = (BITMAPFILEHEADER *)ptr;
+        if (!(  bmfh->bfType == 0x4d42 /* 'BM' */ &&
+                bmfh->bfReserved1 == 0 &&
+                bmfh->bfReserved2 == 0))
+        {
+            WARN("Invalid/unsupported bitmap format!\n");
+            UnmapViewOfFile( ptr );
+            return 0;
+        }
     }
 
     size = bitmap_info_size(info, DIB_RGB_COLORS);
diff --git a/dlls/user32/tests/cursoricon.c b/dlls/user32/tests/cursoricon.c
index 7ea79ad..40f3a14 100644
--- a/dlls/user32/tests/cursoricon.c
+++ b/dlls/user32/tests/cursoricon.c
@@ -583,6 +583,111 @@ static void test_CreateIcon(void)
     DeleteObject(hbmColor);
 }
 
+/* Shamelessly ripped from dlls/oleaut32/tests/olepicture.c */
+/* 1x1 pixel gif */
+static const unsigned char gifimage[35] = {
+0x47,0x49,0x46,0x38,0x37,0x61,0x01,0x00,0x01,0x00,0x80,0x00,0x00,0xff,0xff,0xff,
+0xff,0xff,0xff,0x2c,0x00,0x00,0x00,0x00,0x01,0x00,0x01,0x00,0x00,0x02,0x02,0x44,
+0x01,0x00,0x3b
+};
+
+/* 1x1 pixel jpg */
+static const unsigned char jpgimage[285] = {
+0xff,0xd8,0xff,0xe0,0x00,0x10,0x4a,0x46,0x49,0x46,0x00,0x01,0x01,0x01,0x01,0x2c,
+0x01,0x2c,0x00,0x00,0xff,0xdb,0x00,0x43,0x00,0x05,0x03,0x04,0x04,0x04,0x03,0x05,
+0x04,0x04,0x04,0x05,0x05,0x05,0x06,0x07,0x0c,0x08,0x07,0x07,0x07,0x07,0x0f,0x0b,
+0x0b,0x09,0x0c,0x11,0x0f,0x12,0x12,0x11,0x0f,0x11,0x11,0x13,0x16,0x1c,0x17,0x13,
+0x14,0x1a,0x15,0x11,0x11,0x18,0x21,0x18,0x1a,0x1d,0x1d,0x1f,0x1f,0x1f,0x13,0x17,
+0x22,0x24,0x22,0x1e,0x24,0x1c,0x1e,0x1f,0x1e,0xff,0xdb,0x00,0x43,0x01,0x05,0x05,
+0x05,0x07,0x06,0x07,0x0e,0x08,0x08,0x0e,0x1e,0x14,0x11,0x14,0x1e,0x1e,0x1e,0x1e,
+0x1e,0x1e,0x1e,0x1e,0x1e,0x1e,0x1e,0x1e,0x1e,0x1e,0x1e,0x1e,0x1e,0x1e,0x1e,0x1e,
+0x1e,0x1e,0x1e,0x1e,0x1e,0x1e,0x1e,0x1e,0x1e,0x1e,0x1e,0x1e,0x1e,0x1e,0x1e,0x1e,
+0x1e,0x1e,0x1e,0x1e,0x1e,0x1e,0x1e,0x1e,0x1e,0x1e,0x1e,0x1e,0x1e,0x1e,0xff,0xc0,
+0x00,0x11,0x08,0x00,0x01,0x00,0x01,0x03,0x01,0x22,0x00,0x02,0x11,0x01,0x03,0x11,
+0x01,0xff,0xc4,0x00,0x15,0x00,0x01,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x08,0xff,0xc4,0x00,0x14,0x10,0x01,0x00,0x00,
+0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff,0xc4,
+0x00,0x14,0x01,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+0x00,0x00,0x00,0x00,0xff,0xc4,0x00,0x14,0x11,0x01,0x00,0x00,0x00,0x00,0x00,0x00,
+0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff,0xda,0x00,0x0c,0x03,0x01,
+0x00,0x02,0x11,0x03,0x11,0x00,0x3f,0x00,0xb2,0xc0,0x07,0xff,0xd9
+};
+
+/* 1x1 pixel png */
+static const unsigned char pngimage[285] = {
+0x89,0x50,0x4e,0x47,0x0d,0x0a,0x1a,0x0a,0x00,0x00,0x00,0x0d,0x49,0x48,0x44,0x52,
+0x00,0x00,0x00,0x01,0x00,0x00,0x00,0x01,0x08,0x02,0x00,0x00,0x00,0x90,0x77,0x53,
+0xde,0x00,0x00,0x00,0x09,0x70,0x48,0x59,0x73,0x00,0x00,0x0b,0x13,0x00,0x00,0x0b,
+0x13,0x01,0x00,0x9a,0x9c,0x18,0x00,0x00,0x00,0x07,0x74,0x49,0x4d,0x45,0x07,0xd5,
+0x06,0x03,0x0f,0x07,0x2d,0x12,0x10,0xf0,0xfd,0x00,0x00,0x00,0x0c,0x49,0x44,0x41,
+0x54,0x08,0xd7,0x63,0xf8,0xff,0xff,0x3f,0x00,0x05,0xfe,0x02,0xfe,0xdc,0xcc,0x59,
+0xe7,0x00,0x00,0x00,0x00,0x49,0x45,0x4e,0x44,0xae,0x42,0x60,0x82
+};
+
+/* 1x1 pixel bmp */
+static const unsigned char bmpimage[66] = {
+0x42,0x4d,0x42,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x3e,0x00,0x00,0x00,0x28,0x00,
+0x00,0x00,0x01,0x00,0x00,0x00,0x01,0x00,0x00,0x00,0x01,0x00,0x01,0x00,0x00,0x00,
+0x00,0x00,0x04,0x00,0x00,0x00,0x12,0x0b,0x00,0x00,0x12,0x0b,0x00,0x00,0x02,0x00,
+0x00,0x00,0x02,0x00,0x00,0x00,0xff,0xff,0xff,0x00,0xff,0xff,0xff,0x00,0x00,0x00,
+0x00,0x00
+};
+
+/* 2x2 pixel gif */
+static const unsigned char gif4pixel[42] = {
+0x47,0x49,0x46,0x38,0x37,0x61,0x02,0x00,0x02,0x00,0xa1,0x00,0x00,0x00,0x00,0x00,
+0x39,0x62,0xfc,0xff,0x1a,0xe5,0xff,0xff,0xff,0x2c,0x00,0x00,0x00,0x00,0x02,0x00,
+0x02,0x00,0x00,0x02,0x03,0x14,0x16,0x05,0x00,0x3b
+};
+
+static void test_LoadImageFile(const unsigned char * image_data,
+    unsigned int image_size, const char * ext, BOOL expect_success)
+{
+    HANDLE handle;
+    BOOL ret;
+    DWORD error, bytes_written;
+    char filename[64];
+
+    strcpy(filename, "test.");
+    strcat(filename, ext);
+
+    /* Create the test image. */
+    handle = CreateFileA(filename, GENERIC_READ|GENERIC_WRITE, 0, NULL, CREATE_NEW,
+        FILE_ATTRIBUTE_NORMAL, NULL);
+    ok(handle != INVALID_HANDLE_VALUE, "CreateFileA failed. %u\n", GetLastError());
+    ret = WriteFile(handle, image_data, image_size, &bytes_written, NULL);
+    ok(bytes_written == image_size, "test file created improperly.\n");
+    CloseHandle(handle);
+
+    /* Load as cursor. For all tested formats, this should fail */
+    SetLastError(0xdeadbeef);
+    handle = LoadImageA(NULL, filename, IMAGE_CURSOR, 0, 0, LR_LOADFROMFILE);
+    ok(handle == NULL, "LoadImage(%s) as IMAGE_CURSOR succeeded incorrectly.\n", ext);
+    error = GetLastError();
+    ok(error == 0, "Last error: %u\n", error);
+    if (handle != NULL) DestroyCursor(handle);
+
+    /* Load as icon. For all tested formats, this should fail */
+    SetLastError(0xdeadbeef);
+    handle = LoadImageA(NULL, filename, IMAGE_ICON, 0, 0, LR_LOADFROMFILE);
+    ok(handle == NULL, "LoadImage(%s) as IMAGE_ICON succeeded incorrectly.\n", ext);
+    error = GetLastError();
+    ok(error == 0, "Last error: %u\n", error);
+    if (handle != NULL) DestroyIcon(handle);
+
+    /* Load as bitmap. Should succeed if bmp, fail for everything else */
+    SetLastError(0xdeadbeef);
+    handle = LoadImageA(NULL, filename, IMAGE_BITMAP, 0, 0, LR_LOADFROMFILE);
+    if (expect_success)
+	ok(handle != NULL, "LoadImage(%s) as IMAGE_BITMAP failed.\n", ext);
+    else ok(handle == NULL, "LoadImage(%s) as IMAGE_BITMAP succeeded incorrectly.\n", ext);
+    error = GetLastError();
+    ok(error == 0, "Last error: %u\n", error);
+    if (handle != NULL) DeleteObject(handle);
+
+    DeleteFileA(filename);
+}
+
 static void test_LoadImage(void)
 {
     HANDLE handle;
@@ -668,6 +773,12 @@ static void test_LoadImage(void)
 
     HeapFree(GetProcessHeap(), 0, icon_data);
     DeleteFileA("icon.ico");
+
+    test_LoadImageFile(bmpimage, sizeof(bmpimage), "bmp", 1);
+    test_LoadImageFile(gifimage, sizeof(gifimage), "gif", 0);
+    test_LoadImageFile(gif4pixel, sizeof(gif4pixel), "gif", 0);
+    test_LoadImageFile(jpgimage, sizeof(jpgimage), "jpg", 0);
+    test_LoadImageFile(pngimage, sizeof(pngimage), "png", 0);
 }
 
 static void test_DestroyCursor(void)

More information about the wine-cvs mailing list