[PATCH] wineps.drv: check for GDI_ERROR in LoadTable()

Henri Verbeet hverbeet at gmail.com
Mon Nov 12 06:34:32 CST 2018


On Mon, 12 Nov 2018 at 14:28, Huw Davies <huw at codeweavers.com> wrote:
> > If table->len (which itself is a DWORD) gets bigger than 0xfffffffflu - 3 it
> > will overflow in (table->len + 3) and HeapAlloc does not allocate as much
> > memory as expected.
>
> I don't think that's worth covering.  I've sent in a cleaner version.
>
I'm inclined to side somewhat with Wolfgang here. I.e., fonts are
essentially untrusted data, and it seems plausible enough that someone
may set unreasonable values on purpose.



More information about the wine-devel mailing list