[3/7] msvfw32: lpckid and lpdwFlags must be valid memory addresses
Bruno Jesus
00cpxxx at gmail.com
Tue Oct 20 01:56:22 CDT 2015
Signed-off-by: Bruno Jesus <00cpxxx at gmail.com>
Otherwise codecs will crash while trying to write to it. Even when
MSDN states that NULL is allowed for lpckid that is not true.
-------------- next part --------------
---
dlls/msvfw32/msvideo_main.c | 29 +++++++++++++++++------------
1 file changed, 17 insertions(+), 12 deletions(-)
diff --git a/dlls/msvfw32/msvideo_main.c b/dlls/msvfw32/msvideo_main.c
index 1c38b75..d1a2283 100644
--- a/dlls/msvfw32/msvideo_main.c
+++ b/dlls/msvfw32/msvideo_main.c
@@ -1431,13 +1431,15 @@ BOOL VFWAPI ICSeqCompressFrameStart(PCOMPVARS pc, LPBITMAPINFO lpbiIn)
* it doesn't appear to be used though
*/
DWORD ret;
+ ICCOMPRESS* icComp;
pc->lpbiIn = HeapAlloc(GetProcessHeap(), 0, sizeof(BITMAPINFO));
if (!pc->lpbiIn)
return FALSE;
*pc->lpbiIn = *lpbiIn;
- pc->lpState = HeapAlloc(GetProcessHeap(), 0, sizeof(ICCOMPRESS));
+ pc->lpState = HeapAlloc(GetProcessHeap(), 0, sizeof(ICCOMPRESS)
+ + sizeof(*icComp->lpckid) + sizeof(*icComp->lpdwFlags));
if (!pc->lpState)
goto error;
@@ -1469,17 +1471,20 @@ BOOL VFWAPI ICSeqCompressFrameStart(PCOMPVARS pc, LPBITMAPINFO lpbiIn)
TRACE(" -- %x\n", ret);
if (ret == ICERR_OK)
{
- ICCOMPRESS* icComp = pc->lpState;
- /* Initialise some variables */
- pc->lFrame = 0; pc->lKeyCount = 0;
-
- icComp->lpbiOutput = &pc->lpbiOut->bmiHeader;
- icComp->lpbiInput = &pc->lpbiIn->bmiHeader;
- icComp->lpckid = NULL;
- icComp->dwFrameSize = 0;
- icComp->dwQuality = pc->lQ;
- icComp->lpbiPrev = &pc->lpbiIn->bmiHeader;
- return TRUE;
+ icComp = pc->lpState;
+ /* Initialise some variables */
+ pc->lFrame = 0; pc->lKeyCount = 0;
+
+ icComp->lpbiOutput = &pc->lpbiOut->bmiHeader;
+ icComp->lpbiInput = &pc->lpbiIn->bmiHeader;
+ icComp->lpckid = (DWORD *)(icComp + 1);
+ *icComp->lpckid = 0;
+ icComp->lpdwFlags = (DWORD *)((char *)(icComp + 1) + sizeof(*icComp->lpckid));
+ *icComp->lpdwFlags = 0;
+ icComp->dwFrameSize = 0;
+ icComp->dwQuality = pc->lQ;
+ icComp->lpbiPrev = &pc->lpbiIn->bmiHeader;
+ return TRUE;
}
error:
clear_compvars(pc);
--
2.1.4
More information about the wine-patches
mailing list