http://bugs.winehq.org/show_bug.cgi?id=21613
Summary: Stack buffer read overflow in GdipCreateBitmapFromScan0 Product: Wine Version: 1.0.0 Platform: x86 OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: gdiplus AssignedTo: wine-bugs@winehq.org ReportedBy: dank@kegel.com
The gdiplus image tests have long shown the following error in valgrind: Conditional jump or move depends on uninitialised value(s) at X11DRV_DIB_GenColorMap (dib.c:367) by X11DRV_DIB_BuildColorMap (dib.c:436) by X11DRV_CreateDIBSection (dib.c:4742) by CreateDIBSection (dib.c:1353) by GdipCreateBitmapFromScan0 (image.c:1251) by GdipCreateBitmapFromHBITMAP (image.c:2782) by test_GdipCreateBitmapFromHBITMAP (image.c:512) by func_image (image.c:1523) by run_test (test.h:535) by main (test.h:585) Uninitialised value was created by a stack allocation at GdipCreateBitmapFromScan0 (image.c:1204) e.g. http://kegel.com/wine/valgrind/logs/2010-01-04-10.14/vg-gdiplus_image.txt
Turns out, even though biClrUsed is zero, CreateDibSection expects the BITMAPINFO to have a valid color table; see gdi32/dib.c line 1161:
1160 colors = info->bmiHeader.biClrUsed; 1161 if (!colors) colors = 1 << info->bmiHeader.biBitCount;
The attached patch gets rid of the warning, and lets the tests pass, but seems wrong; the color table probably needs to have real values.