Gerald Pfeifer : gdi32: Tighten range checking in PlayEnhMetaFileRecord() and remove four useless checks.
Alexandre Julliard
julliard at winehq.org
Wed Jan 9 07:02:12 CST 2008
Module: wine
Branch: master
Commit: 43837ed227b076edcf1e29cb55528a4faa1aa3e3
URL: http://source.winehq.org/git/wine.git/?a=commit;h=43837ed227b076edcf1e29cb55528a4faa1aa3e3
Author: Gerald Pfeifer <gerald at pfeifer.com>
Date: Sun Jan 6 18:42:57 2008 +0100
gdi32: Tighten range checking in PlayEnhMetaFileRecord() and remove four useless checks.
---
dlls/gdi32/enhmetafile.c | 12 +++++++-----
1 files changed, 7 insertions(+), 5 deletions(-)
diff --git a/dlls/gdi32/enhmetafile.c b/dlls/gdi32/enhmetafile.c
index 081f7c1..150b82a 100644
--- a/dlls/gdi32/enhmetafile.c
+++ b/dlls/gdi32/enhmetafile.c
@@ -1669,11 +1669,13 @@ BOOL WINAPI PlayEnhMetaFileRecord(
const EMRCREATEDIBPATTERNBRUSHPT *lpCreate = (const EMRCREATEDIBPATTERNBRUSHPT *)mr;
LPVOID lpPackedStruct;
- /* check that offsets and data are contained within the record */
- if ( !( (lpCreate->cbBmi>=0) && (lpCreate->cbBits>=0) &&
- (lpCreate->offBmi>=0) && (lpCreate->offBits>=0) &&
- ((lpCreate->offBmi +lpCreate->cbBmi ) <= mr->nSize) &&
- ((lpCreate->offBits+lpCreate->cbBits) <= mr->nSize) ) )
+ /* Check that offsets and data are contained within the record
+ * (including checking for wrap arounds).
+ */
+ if ( lpCreate->offBmi + lpCreate->cbBmi > mr->nSize
+ || lpCreate->offBits + lpCreate->cbBits > mr->nSize
+ || lpCreate->offBmi + lpCreate->cbBmi < lpCreate->offBmi
+ || lpCreate->offBits + lpCreate->cbBits < lpCreate->offBits )
{
ERR("Invalid EMR_CREATEDIBPATTERNBRUSHPT record\n");
break;
More information about the wine-cvs
mailing list