gdi32: avoid null pointer dereference in CreateDIBSection (bug 8066)

[Nikolay Sivov]

Changelog:
    - CreateDIBSection should check bmi pointer. Test added. Tested on WinXP SP2.

---
 dlls/gdi32/dib.c          |    5 +++++
 dlls/gdi32/tests/bitmap.c |    7 +++++++
 2 files changed, 12 insertions(+), 0 deletions(-)

diff --git a/dlls/gdi32/dib.c b/dlls/gdi32/dib.c
index 980e0f3..ffd6f31 100644
--- a/dlls/gdi32/dib.c
+++ b/dlls/gdi32/dib.c
@@ -1258,6 +1258,11 @@ HBITMAP WINAPI CreateDIBSection(HDC hdc, CONST BITMAPINFO *bmi, UINT usage,
     DWORD compression, sizeImage;
     void *mapBits = NULL;
 
+    if(!bmi){
+        if(bits) *bits = NULL;
+        return NULL;
+    }
+
     if (((bitmap_type = DIB_GetBitmapInfo( &bmi->bmiHeader, &width, &height,
                                            &planes, &bpp, &compression, &sizeImage )) == -1))
         return 0;
diff --git a/dlls/gdi32/tests/bitmap.c b/dlls/gdi32/tests/bitmap.c
index 2ef2891..5a9495d 100644
--- a/dlls/gdi32/tests/bitmap.c
+++ b/dlls/gdi32/tests/bitmap.c
@@ -416,6 +416,13 @@ static void test_dibsections(void)
     pbmi->bmiHeader.biCompression = BI_RGB;
 
     SetLastError(0xdeadbeef);
+
+    /* invalid pointer for BITMAPINFO 
+       (*bits should be NULL on error) */
+    bits = (BYTE*)0xdeadbeef;  
+    hdib = CreateDIBSection(hdc, NULL, DIB_RGB_COLORS, (void**)&bits, NULL, 0);
+    ok(hdib == NULL && bits == NULL, "CreateDIBSection failed for invalid parameter: bmi == 0x0\n");
+
     hdib = CreateDIBSection(hdc, pbmi, DIB_RGB_COLORS, (void**)&bits, NULL, 0);
     ok(hdib != NULL, "CreateDIBSection error %d\n", GetLastError());
     ok(GetObject(hdib, sizeof(DIBSECTION), &dibsec) != 0, "GetObject failed for DIBSection\n");
-- 
1.4.4.4