Re: [PATCH v3 0/5] MR2870: gdiplus: Support playing back pen custom end line cap.

22 May 2023


      Esme Povirk (@madewokherd) commented about dlls/gdiplus/metafile.c:
...
+{
+    EmfPlusCustomStartCapData *custom_cap_data = (EmfPlusCustomStartCapData *)record_data;
+    EmfPlusCustomLineCap *line_cap;
+    GpStatus status;
+    UINT offset;
+
+    *cap = NULL;
+
+    if (data_size < FIELD_OFFSET(EmfPlusCustomStartCapData, data) + custom_cap_data->CustomStartCapSize)
+        return InvalidParameter;
+
+    offset = FIELD_OFFSET(EmfPlusCustomStartCapData, data);
+    line_cap = (EmfPlusCustomLineCap *)(record_data + offset);
+
+    offset += FIELD_OFFSET(EmfPlusCustomLineCap, CustomLineCapData);
+    if (line_cap->Type == CustomLineCapTypeAdjustableArrow)
This access doesn't check data_size.
-- 
https://gitlab.winehq.org/wine/wine/-/merge_requests/2870#note_33428

Re: [PATCH v3 0/5] MR2870: gdiplus: Support playing back pen custom end line cap.

Esme Povirk (＠madewokherd)