Feb. 26, 2024
7:11 p.m.
Jeffrey Smith (@whydoubt) commented about dlls/gdiplus/image.c:
> - return NotImplemented;
> + if (GdipGetEffectParameterSize(effect, ¶msize) != Ok)
> + return InvalidParameter;
> +
> + if (effect->type == RedEyeCorrectionEffect)
> + {
> + if ((paramsize-size > 0) || (((size-paramsize)%sizeof(RECT)) != 0))
> + return InvalidParameter;
> + }
> + else
> + {
> + if (paramsize != size)
> + return InvalidParameter;
> + }
> +
> + effect->params = realloc(effect->params, size);
The effects of realloc failing should be accounted for.
1. `realloc` can return NULL, in which case you'll want to `return OutOfMemory`.
2. When `realloc` does return NULL, the pointer passed to realloc has not been freed, and the current code will leave the location unreachable.
Consider https://gitlab.winehq.org/wine/wine/-/blob/master/dlls/gdiplus/stringformat.c#L324 for reference.
--
https://gitlab.winehq.org/wine/wine/-/merge_requests/4661#note_62700