[PATCH 3/4] gdiplus: Fix LinearGradientBrush deserialization off-by-one errors.

[Shawn M. Chapla]

Signed-off-by: Shawn M. Chapla <schapla at codeweavers.com>
---
 dlls/gdiplus/metafile.c       |  4 ++--
 dlls/gdiplus/tests/metafile.c | 14 +++++++-------
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/dlls/gdiplus/metafile.c b/dlls/gdiplus/metafile.c
index ff21b8ed242..7f019749eaf 100644
--- a/dlls/gdiplus/metafile.c
+++ b/dlls/gdiplus/metafile.c
@@ -2206,7 +2206,7 @@ static GpStatus metafile_deserialize_brush(const BYTE *record_data, UINT data_si
         UINT position_count = 0;
 
         offset = header_size + FIELD_OFFSET(EmfPlusLinearGradientBrushData, OptionalData);
-        if (data_size <= offset)
+        if (data_size < offset)
             return InvalidParameter;
 
         brushflags = data->BrushData.lineargradient.BrushDataFlags;
@@ -2215,7 +2215,7 @@ static GpStatus metafile_deserialize_brush(const BYTE *record_data, UINT data_si
 
         if (brushflags & BrushDataTransform)
         {
-            if (data_size <= offset + sizeof(EmfPlusTransformMatrix))
+            if (data_size < offset + sizeof(EmfPlusTransformMatrix))
                 return InvalidParameter;
             transform = (EmfPlusTransformMatrix *)(record_data + offset);
             offset += sizeof(EmfPlusTransformMatrix);
diff --git a/dlls/gdiplus/tests/metafile.c b/dlls/gdiplus/tests/metafile.c
index 29113fc3a05..cdc53b39a1f 100644
--- a/dlls/gdiplus/tests/metafile.c
+++ b/dlls/gdiplus/tests/metafile.c
@@ -3273,10 +3273,10 @@ static void test_fillregion(void)
 static const emfplus_record lineargradient_records[] = {
     { EMR_HEADER },
     { EmfPlusRecordTypeHeader },
-    { EmfPlusRecordTypeObject, ObjectTypeBrush << 8, 0, 1 },
-    { EmfPlusRecordTypeFillRects, 0x4000, 0, 1 },
-    { EmfPlusRecordTypeObject, (ObjectTypeBrush << 8) | 1, 0, 1 },
-    { EmfPlusRecordTypeFillRects, 0x4000, 0, 1 },
+    { EmfPlusRecordTypeObject, ObjectTypeBrush << 8 },
+    { EmfPlusRecordTypeFillRects, 0x4000 },
+    { EmfPlusRecordTypeObject, (ObjectTypeBrush << 8) | 1 },
+    { EmfPlusRecordTypeFillRects, 0x4000 },
     { EmfPlusRecordTypeObject, (ObjectTypeBrush << 8) | 2 },
     { EmfPlusRecordTypeFillRects, 0x4000 },
     { EmfPlusRecordTypeObject, (ObjectTypeBrush << 8) | 3 },
@@ -3373,7 +3373,7 @@ static void test_lineargradient(void)
     /* Verify horizontal gradient fill. */
     stat = GdipBitmapGetPixel(bitmap, 10, 10, &color);
     expect(Ok, stat);
-    todo_wine expect(0xffff0000, color);
+    expect(0xffff0000, color);
 
     stat = GdipBitmapGetPixel(bitmap, 18, 10, &color);
     expect(Ok, stat);
@@ -3382,11 +3382,11 @@ static void test_lineargradient(void)
     /* Verify vertical gradient fill. */
     stat = GdipBitmapGetPixel(bitmap, 50, 10, &color);
     expect(Ok, stat);
-    todo_wine expect(0xffff0000, color);
+    expect(0xffff0000, color);
 
     stat = GdipBitmapGetPixel(bitmap, 50, 18, &color);
     expect(Ok, stat);
-    todo_wine expect(0xff990066, color);
+    expect(0xff990066, color);
 
     /* Verify custom blend gradient fill. */
     stat = GdipBitmapGetPixel(bitmap, 10, 50, &color);
-- 
2.28.0.rc1