gdi32: uninitialized biCompression in GetDIBits(valgrind) (try 2)

marc.bessieres at mykolab.com marc.bessieres at mykolab.com
Sun Dec 14 06:22:47 CST 2014 

From: Marc Bessières <marc.bessieres at mykolab.com>

fix https://bugs.winehq.org/show_bug.cgi?id=30827

 Conditional jump or move depends on uninitialised value(s)
  at bitmapinfoheader_from_user_bitmapinfo (dib.c:177)
  by GetDIBits (dib.c:1210)
  by create_icon_pixmaps.isra.8 (window.c:883)

Do not set dst_info->bmiHeader.biSizeImage when
!bits && info->bmiHeader.biBitCount == 0

as in such condition we are querying the input bitmap to fill in info.

create_icon_pixmaps first calls GetDIBits with bits == NULL and
info->bmiHeader.biBitCount == 0
in order to fill in info with data from the icon. And then calls again
GetDIBits but this time
with bits of the right size and the info that was fully initialized by
the previous call.
---
 dlls/gdi32/dib.c | 21 ++++++++++++++++-----
 1 file changed, 16 insertions(+), 5 deletions(-)

diff --git a/dlls/gdi32/dib.c b/dlls/gdi32/dib.c
index 708a9a8..2931df1 100644
--- a/dlls/gdi32/dib.c
+++ b/dlls/gdi32/dib.c
@@ -148,10 +148,9 @@ static BOOL is_valid_dib_format( const BITMAPINFOHEADER *info, BOOL allow_compre
     }
 }
 
-/*******************************************************************************************
- *  Fill out a true BITMAPINFOHEADER from a variable sized BITMAPINFOHEADER / BITMAPCOREHEADER.
- */
-static BOOL bitmapinfoheader_from_user_bitmapinfo( BITMAPINFOHEADER *dst, const BITMAPINFOHEADER *info )
+
+
+static BOOL bitmapinfoheader_from_user_bitmapinfo_withoutbiSizeImage( BITMAPINFOHEADER *dst, const BITMAPINFOHEADER *info )
 {
     if (!info) return FALSE;
 
@@ -179,6 +178,15 @@ static BOOL bitmapinfoheader_from_user_bitmapinfo( BITMAPINFOHEADER *dst, const
     }
 
     dst->biSize = sizeof(*dst);
+    return TRUE;
+}
+/*******************************************************************************************
+ *  Fill out a true BITMAPINFOHEADER from a variable sized BITMAPINFOHEADER / BITMAPCOREHEADER.
+ */
+static BOOL bitmapinfoheader_from_user_bitmapinfo( BITMAPINFOHEADER *dst, const BITMAPINFOHEADER *info )
+{
+    if (!bitmapinfoheader_from_user_bitmapinfo_withoutbiSizeImage( dst, info ))
+        return FALSE;
     if (dst->biCompression == BI_RGB || dst->biCompression == BI_BITFIELDS)
         dst->biSizeImage = get_dib_image_size( (BITMAPINFO *)dst );
     return TRUE;
@@ -1214,7 +1222,8 @@ INT WINAPI GetDIBits(
 
     /* Since info may be a BITMAPCOREINFO or any of the larger BITMAPINFO structures, we'll use our
        own copy and transfer the colour info back at the end */
-    if (!bitmapinfoheader_from_user_bitmapinfo( &dst_info->bmiHeader, &info->bmiHeader )) return 0;
+    if (!bitmapinfoheader_from_user_bitmapinfo_withoutbiSizeImage( &dst_info->bmiHeader, &info->bmiHeader )) return 0;
+
     if (coloruse > DIB_PAL_COLORS) return 0;
     if (bits &&
         (dst_info->bmiHeader.biCompression == BI_JPEG || dst_info->bmiHeader.biCompression == BI_PNG))
@@ -1252,6 +1261,8 @@ INT WINAPI GetDIBits(
         ret = fill_query_info( info, bmp );
         goto done;
     }
+    if (dst_info->bmiHeader.biCompression == BI_RGB || dst_info->bmiHeader.biCompression == BI_BITFIELDS)
+        dst_info->bmiHeader.biSizeImage = get_dib_image_size( (BITMAPINFO *)&dst_info->bmiHeader );
 
     /* validate parameters */
 
-- 
2.1.2

More information about the wine-patches mailing list