Rémi Bernon (@rbernon) commented about programs/explorer/systray.c:
+ icon_data, icon_data + cbMaskBits); + icon_data += cbMaskBits + cbColourBits; }
+ if ((nid.uFlags & NIF_INFO) && (nid.dwInfoFlags & NIIF_USER) && cds->cbData > ((char*)icon_data - (char*)data)) + { + /* Balloon icon */ + LONG cbMaskBits; + LONG cbColourBits; + + cbMaskBits = (data->balloon_icon_info.width * data->balloon_icon_info.height + 15) / 16 * 2; + cbColourBits = (data->balloon_icon_info.planes * data->balloon_icon_info.width * data->balloon_icon_info.height * data->balloon_icon_info.bpp + 15) / 16 * 2; + + if (cds->cbData < ((char*)icon_data - (char*)data) + cbMaskBits + cbColourBits) + { + WINE_ERR("buffer underflow\n");
ERR( "buffer underflow\n" );
The code is already ugly but let's not make it more ugly, and lets copy it exactly. -- https://gitlab.winehq.org/wine/wine/-/merge_requests/2875#note_82447