New subject: [Bug 11237] heap corruption in freetype font loader

17 Jan 2008


      http://bugs.winehq.org/show_bug.cgi?id=11237
Summary: heap corruption in freetype font loader
           Product: Wine
           Version: 0.9.53.
          Platform: Other
               URL: http://www.bahn.de/p/view/static/spiele/virtuelle_bahnfa
                    hrt.exe
        OS/Version: other
            Status: NEW
          Severity: major
          Priority: P2
         Component: fonts
        AssignedTo: wine-bugs@winehq.org
        ReportedBy: marcus@jet.franken.de
The "Virtuelle Bahnfahrt" Screensaver of the German Rail company
has a heap corruption in its About Dialog.
To reproduce:
- download URL
- install by running "wine virtuelle_bahnfahrt.exe"
- run by:
  cd .wine/drive_c/windows
  wine Virtuelle\ Bahnfahrt.scr
this will result in heap corruption.
I tracked this down to dlls/gdi32/freetype.c, and it loads a bitmap font
which is larger than the requested size.
I will attach a patch that fixes the problem.
-- 
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.

[Bug 11237] New: heap corruption in freetype font loader