Vincent Povirk : gdi32: Check that emf records are within the file.
Module: wine Branch: stable Commit: cb42844c7e3f952bdf0a59bad87c50f3820e8a55 URL: https://source.winehq.org/git/wine.git/?a=commit;h=cb42844c7e3f952bdf0a59bad... Author: Vincent Povirk <vincent(a)codeweavers.com> Date: Tue May 8 12:46:20 2018 -0500 gdi32: Check that emf records are within the file. Signed-off-by: Vincent Povirk <vincent(a)codeweavers.com> Signed-off-by: Huw Davies <huw(a)codeweavers.com> Signed-off-by: Alexandre Julliard <julliard(a)winehq.org> (cherry picked from commit b6da3547d8990c3c3affc3a5865aefd2a0946949) Signed-off-by: Michael Stefaniuc <mstefani(a)winehq.org> --- dlls/gdi32/enhmetafile.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/dlls/gdi32/enhmetafile.c b/dlls/gdi32/enhmetafile.c index 045015f..2f6c794 100644 --- a/dlls/gdi32/enhmetafile.c +++ b/dlls/gdi32/enhmetafile.c @@ -2469,6 +2469,14 @@ BOOL WINAPI EnumEnhMetaFile( { emr = (ENHMETARECORD *)((char *)emh + offset); + if (offset + 8 > emh->nBytes || + offset > offset + emr->nSize || + offset + emr->nSize > emh->nBytes) + { + WARN("record truncated\n"); + break; + } + /* In Win9x mode we update the xform if the record will produce output */ if (hdc && IS_WIN9X() && emr_produces_output(emr->iType)) EMF_Update_MF_Xform(hdc, info);
participants (1)
-
Alexandre Julliard