[PATCH] wineps.drv: check for GDI_ERROR in LoadTable()
Alexandre Julliard
julliard at winehq.org
Mon Nov 12 06:49:26 CST 2018
Henri Verbeet <hverbeet at gmail.com> writes:
> On Mon, 12 Nov 2018 at 14:28, Huw Davies <huw at codeweavers.com> wrote:
>> > If table->len (which itself is a DWORD) gets bigger than 0xfffffffflu - 3 it
>> > will overflow in (table->len + 3) and HeapAlloc does not allocate as much
>> > memory as expected.
>>
>> I don't think that's worth covering. I've sent in a cleaner version.
>>
> I'm inclined to side somewhat with Wolfgang here. I.e., fonts are
> essentially untrusted data, and it seems plausible enough that someone
> may set unreasonable values on purpose.
It seems to me that this should be caught by the lower layers, ideally
in FreeType or else in gdi32.
--
Alexandre Julliard
julliard at winehq.org
More information about the wine-devel
mailing list