[PATCH 3/5] user32: Don't go past the end of the animated cursor data.

Matteo Bruni mbruni at codeweavers.com
Mon Sep 30 16:11:14 CDT 2019


Signed-off-by: Matteo Bruni <mbruni at codeweavers.com>
---
Found while testing bug 43246.

 dlls/user32/cursoricon.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/dlls/user32/cursoricon.c b/dlls/user32/cursoricon.c
index 3214746664c..9c61d7ff300 100644
--- a/dlls/user32/cursoricon.c
+++ b/dlls/user32/cursoricon.c
@@ -1451,6 +1451,8 @@ static void riff_find_chunk( DWORD chunk_id, DWORD chunk_type, const riff_chunk_
         }
 
         ptr += sizeof(DWORD);
+        if (ptr >= end)
+            break;
         ptr += (*(const DWORD *)ptr + 1) & ~1;
         ptr += sizeof(DWORD);
     }
-- 
2.21.0




More information about the wine-devel mailing list