[PATCH 0/1] MR9347: windowscodecs: Fix off-by-one check in IcoDecoder_GetFrame.
The frame index should be strictly less than idCount. Previously, an index equal to idCount was not rejected, leading to an out-of-range access. Signed-off-by: chenzhengyong chenzhengyong(a)uniontech.com Although this bug was not fatal because subsequent IStream_Read and related functions also perform boundary checks, it is better to catch the invalid index early for clarity and consistency. -- https://gitlab.winehq.org/wine/wine/-/merge_requests/9347
From: chenzhengyong <chenzhengyong(a)uniontech.com> The frame index should be strictly less than idCount. Previously, an index equal to idCount was not rejected, leading to an out-of-range access. Signed-off-by: chenzhengyong <chenzhengyong(a)uniontech.com> --- dlls/windowscodecs/icoformat.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dlls/windowscodecs/icoformat.c b/dlls/windowscodecs/icoformat.c index ae2ae115e5e..c6bc79d852e 100644 --- a/dlls/windowscodecs/icoformat.c +++ b/dlls/windowscodecs/icoformat.c @@ -662,7 +662,7 @@ static HRESULT WINAPI IcoDecoder_GetFrame(IWICBitmapDecoder *iface, goto fail; } - if (This->header.idCount < index) + if (This->header.idCount <= index) { hr = E_INVALIDARG; goto fail; -- GitLab https://gitlab.winehq.org/wine/wine/-/merge_requests/9347
I think we'd need an explicit test for this. -- https://gitlab.winehq.org/wine/wine/-/merge_requests/9347#note_120454
On Mon Nov 3 10:57:11 2025 +0000, Nikolay Sivov wrote:
I think we'd need an explicit test for this. ok,I will add it later
-- https://gitlab.winehq.org/wine/wine/-/merge_requests/9347#note_120471
On Mon Nov 3 10:57:11 2025 +0000, zhengyong chen wrote:
ok,I will add it later Nikolay, I don't see why? I don't have a problem with more tests, but to me this seems like a case that should obviously be an error.
-- https://gitlab.winehq.org/wine/wine/-/merge_requests/9347#note_120573
On Mon Nov 3 18:42:06 2025 +0000, Esme Povirk wrote:
Nikolay, I don't see why? I don't have a problem with more tests, but to me this seems like a case that should obviously be an error. This won’t lead to a bug, as subsequent `IStream_Read` and related functions also include boundary checks. However, since boundary validation is necessary, it would be better to handle it correctly from the beginning.
-- https://gitlab.winehq.org/wine/wine/-/merge_requests/9347#note_120652
participants (4)
-
chenzhengyong -
Esme Povirk (@madewokherd)
-
Nikolay Sivov (@nsivov)
-
zhengyong chen (@chenzhengyong)