"Lei Zhang" <thestig(a)google.com> writes:

- datalen = abs(stride * height); + datalen = stride * height; size = sizeof(BITMAPFILEHEADER) + sizeof(BITMAPINFOHEADER) + datalen; + if (datalen <= 0 || size <= 0){ + GdipFree(*bitmap); + *bitmap = NULL; + return InvalidParameter; + }

Testing for overflow is a good idea, but checking for a negative result is not the right way. You can get overflow with a positive result too. -- Alexandre Julliard julliard(a)winehq.org