winemenubuilder: fix crash caused by invalid icon entries and avoid future crashes by ignoring unhandled png entries
Indrek Altpere
efbiaiinzinz at hotmail.com
Tue Aug 26 01:45:44 CDT 2014
For the InnoSetup 5 crash (and likely other similar crashes), the issue
seems to be GRPICONDIRENTRY with invalid information.
The dwBytesInRes has a value that exceeds the Size value in
IMAGE_RESOURCE_DATA_ENTRY, causing out-of-bounds memcpy and thus crash.
Added check+clipping against the out-of-bounds read which fixes the
particular crash.
As per MSDN blog, icon resources can contain raw PNG information instead of
regular BITMAPINFO, but due to weird decisions, only way to differentiate
between them is to check if the resource starts with PNG header bytes.
http://blogs.msdn.com/b/oldnewthing/archive/2010/10/22/10079192.aspx
Made the winemenubuilder ignore such entries, since current winemenubuilder
logic only works with correct BITMAPINFO data (which raw PNG data is not).
Regards,
Indrek
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: winemenubuilder-fix.txt
URL: <http://www.winehq.org/pipermail/wine-patches/attachments/20140826/57768328/attachment-0001.txt>
More information about the wine-patches
mailing list