[PATCH] wineps.drv: check for GDI_ERROR in LoadTable()
Huw Davies
huw at codeweavers.com
Mon Nov 12 06:41:09 CST 2018
On Mon, Nov 12, 2018 at 04:04:32PM +0330, Henri Verbeet wrote:
> On Mon, 12 Nov 2018 at 14:28, Huw Davies <huw at codeweavers.com> wrote:
> > > If table->len (which itself is a DWORD) gets bigger than 0xfffffffflu - 3 it
> > > will overflow in (table->len + 3) and HeapAlloc does not allocate as much
> > > memory as expected.
> >
> > I don't think that's worth covering. I've sent in a cleaner version.
> >
> I'm inclined to side somewhat with Wolfgang here. I.e., fonts are
> essentially untrusted data, and it seems plausible enough that someone
> may set unreasonable values on purpose.
Sure, it's easy enough to send in a follow-up patch after the missing table
patch is in.
Huw.
More information about the wine-devel
mailing list