[PATCH v4 0/1] MR4666: gdiplus: Prevent uninitializd memory access (Coverity)
-- v4: gdiplus: Prevent uninitializd memory access (Coverity) https://gitlab.winehq.org/wine/wine/-/merge_requests/4666
From: Fabian Maurer <dark.shadow4(a)web.de> This fixes a regression by 69d815407d99 Originally this used GdipAlloc (calloc) --- dlls/gdiplus/metafile.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/dlls/gdiplus/metafile.c b/dlls/gdiplus/metafile.c index eb8b4197f3f..5c50d0d1d37 100644 --- a/dlls/gdiplus/metafile.c +++ b/dlls/gdiplus/metafile.c @@ -3404,6 +3404,8 @@ GpStatus WINGDIPAPI GdipPlayMetafileRecord(GDIPCONST GpMetafile *metafile, { if (flags & 0x800) /* P */ { + points[0].X = 0; + points[0].Y = 0; for (i = 1; i < fill->Count; i++) { points[i].X = points[i - 1].X + fill->PointData.pointsR[i].X; -- GitLab https://gitlab.winehq.org/wine/wine/-/merge_requests/4666
On Mon Dec 11 00:29:17 2023 +0000, Nikolay Sivov wrote:
This one is broken after recent 69d815407d99667e2565e268629d909fe50b2b30. We'll need to examine this change more carefully, it didn't switch to equivalent zero-ing calls. Right, somehow overlooked that, thanks. I changed to to only zero the first point, since fully zeroing all elements is unnecessary.
-- https://gitlab.winehq.org/wine/wine/-/merge_requests/4666#note_55658
Playback for EmfPlusRecordTypeFillClosedCurve has the same issue, and EmfPlusRecordTypeDrawImagePoints was already broken because it starts from first delta point instead of a zero origin. -- https://gitlab.winehq.org/wine/wine/-/merge_requests/4666#note_55676
This merge request was approved by Esme Povirk. -- https://gitlab.winehq.org/wine/wine/-/merge_requests/4666
participants (4)
-
Esme Povirk (@madewokherd) -
Fabian Maurer
-
Fabian Maurer (@DarkShadow44)
-
Nikolay Sivov (@nsivov)