Vincent Povirk : gdi32: Check that emf records are within the file.
Alexandre Julliard
julliard at winehq.org
Thu Sep 13 03:49:17 CDT 2018
Module: wine
Branch: stable
Commit: cb42844c7e3f952bdf0a59bad87c50f3820e8a55
URL: https://source.winehq.org/git/wine.git/?a=commit;h=cb42844c7e3f952bdf0a59bad87c50f3820e8a55
Author: Vincent Povirk <vincent at codeweavers.com>
Date: Tue May 8 12:46:20 2018 -0500
gdi32: Check that emf records are within the file.
Signed-off-by: Vincent Povirk <vincent at codeweavers.com>
Signed-off-by: Huw Davies <huw at codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard at winehq.org>
(cherry picked from commit b6da3547d8990c3c3affc3a5865aefd2a0946949)
Signed-off-by: Michael Stefaniuc <mstefani at winehq.org>
---
dlls/gdi32/enhmetafile.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/dlls/gdi32/enhmetafile.c b/dlls/gdi32/enhmetafile.c
index 045015f..2f6c794 100644
--- a/dlls/gdi32/enhmetafile.c
+++ b/dlls/gdi32/enhmetafile.c
@@ -2469,6 +2469,14 @@ BOOL WINAPI EnumEnhMetaFile(
{
emr = (ENHMETARECORD *)((char *)emh + offset);
+ if (offset + 8 > emh->nBytes ||
+ offset > offset + emr->nSize ||
+ offset + emr->nSize > emh->nBytes)
+ {
+ WARN("record truncated\n");
+ break;
+ }
+
/* In Win9x mode we update the xform if the record will produce output */
if (hdc && IS_WIN9X() && emr_produces_output(emr->iType))
EMF_Update_MF_Xform(hdc, info);
More information about the wine-cvs
mailing list