[PATCH 2/2] gdiplus: Detect integer overflow in GdipCreateBitmapFromScan0.

Alexandre Julliard julliard at winehq.org
Mon Jul 21 06:37:14 CDT 2008


"Lei Zhang" <thestig at google.com> writes:

> -    datalen = abs(stride * height);
> +    datalen = stride * height;
>      size = sizeof(BITMAPFILEHEADER) + sizeof(BITMAPINFOHEADER) + datalen;
> +    if (datalen <= 0 || size <= 0){
> +        GdipFree(*bitmap);
> +        *bitmap = NULL;
> +        return InvalidParameter;
> +    }

Testing for overflow is a good idea, but checking for a negative result
is not the right way. You can get overflow with a positive result too.

-- 
Alexandre Julliard
julliard at winehq.org



More information about the wine-devel mailing list