Vincent Povirk : gdi32: Check that emf records are within the file.
Module: wine Branch: master Commit: b6da3547d8990c3c3affc3a5865aefd2a0946949 URL: https://source.winehq.org/git/wine.git/?a=commit;h=b6da3547d8990c3c3affc3a58... Author: Vincent Povirk <vincent(a)codeweavers.com> Date: Tue May 8 12:46:20 2018 -0500 gdi32: Check that emf records are within the file. Signed-off-by: Vincent Povirk <vincent(a)codeweavers.com> Signed-off-by: Huw Davies <huw(a)codeweavers.com> Signed-off-by: Alexandre Julliard <julliard(a)winehq.org> --- dlls/gdi32/enhmetafile.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/dlls/gdi32/enhmetafile.c b/dlls/gdi32/enhmetafile.c index ffe21f0..2d8a9b0 100644 --- a/dlls/gdi32/enhmetafile.c +++ b/dlls/gdi32/enhmetafile.c @@ -2470,6 +2470,14 @@ BOOL WINAPI EnumEnhMetaFile( { emr = (ENHMETARECORD *)((char *)emh + offset); + if (offset + 8 > emh->nBytes || + offset > offset + emr->nSize || + offset + emr->nSize > emh->nBytes) + { + WARN("record truncated\n"); + break; + } + /* In Win9x mode we update the xform if the record will produce output */ if (hdc && IS_WIN9X() && emr_produces_output(emr->iType)) EMF_Update_MF_Xform(hdc, info);
participants (1)
-
Alexandre Julliard