http://bugs.winehq.org/show_bug.cgi?id=20553 --- Comment #8 from Nikolay Sivov <bunglehead(a)gmail.com> 2009-11-14 10:08:54 --- (In reply to comment #7)
Thanks for the analysis! I see this is not the first time this has come up; see http://www.mail-archive.com/wine-devel(a)winehq.com/msg15702.html
Here was another problem discussed in this thread (corrupting heap overwriting area marked free), and it doesn't exist any more. Currently I see a possible fix for that using following condition: --- HeapSize(GetProcessHeap(), 0, himl) >= sizeof(void*) --- to determine if required field available to read. This will prevent from reading out of allocated area. Failure will be indicated by -1 return value. This check should be next after checking himl for null. P.S. I'm using sizeof(void*) here instead of sizeof(DWORD) cause of bug 20696 where I think it's possible to use vtable pointer as a magic (HIMAGELIST isn't reusable for another process anyway). -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.