[PATCH 2/2] gdiplus: Detect integer overflow in GdipCreateBitmapFromScan0.
Alexandre Julliard
julliard at winehq.org
Mon Jul 21 06:37:14 CDT 2008
"Lei Zhang" <thestig at google.com> writes:
> - datalen = abs(stride * height);
> + datalen = stride * height;
> size = sizeof(BITMAPFILEHEADER) + sizeof(BITMAPINFOHEADER) + datalen;
> + if (datalen <= 0 || size <= 0){
> + GdipFree(*bitmap);
> + *bitmap = NULL;
> + return InvalidParameter;
> + }
Testing for overflow is a good idea, but checking for a negative result
is not the right way. You can get overflow with a positive result too.
--
Alexandre Julliard
julliard at winehq.org
More information about the wine-devel
mailing list