[PATCH 3/5] user32: Don't go past the end of the animated cursor data.
Matteo Bruni
mbruni at codeweavers.com
Mon Sep 30 16:11:14 CDT 2019
Signed-off-by: Matteo Bruni <mbruni at codeweavers.com>
---
Found while testing bug 43246.
dlls/user32/cursoricon.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/dlls/user32/cursoricon.c b/dlls/user32/cursoricon.c
index 3214746664c..9c61d7ff300 100644
--- a/dlls/user32/cursoricon.c
+++ b/dlls/user32/cursoricon.c
@@ -1451,6 +1451,8 @@ static void riff_find_chunk( DWORD chunk_id, DWORD chunk_type, const riff_chunk_
}
ptr += sizeof(DWORD);
+ if (ptr >= end)
+ break;
ptr += (*(const DWORD *)ptr + 1) & ~1;
ptr += sizeof(DWORD);
}
--
2.21.0
More information about the wine-devel
mailing list