Module: wine Branch: master Commit: 4cb36b9aaf087d07b2ff45ef89a51caf1984ce5f URL: http://source.winehq.org/git/wine.git/?a=commit;h=4cb36b9aaf087d07b2ff45ef89...
Author: Bruno Jesus 00cpxxx@gmail.com Date: Tue Oct 20 14:56:22 2015 +0800
msvfw32: Lpckid and lpdwFlags must be valid memory addresses.
Otherwise codecs will crash while trying to write to it. Even though MSDN states that NULL is allowed for lpckid that is not true.
Signed-off-by: Bruno Jesus 00cpxxx@gmail.com Signed-off-by: Alexandre Julliard julliard@winehq.org
---
dlls/msvfw32/msvideo_main.c | 29 +++++++++++++++++------------ 1 file changed, 17 insertions(+), 12 deletions(-)
diff --git a/dlls/msvfw32/msvideo_main.c b/dlls/msvfw32/msvideo_main.c index 1c38b75..d1a2283 100644 --- a/dlls/msvfw32/msvideo_main.c +++ b/dlls/msvfw32/msvideo_main.c @@ -1431,13 +1431,15 @@ BOOL VFWAPI ICSeqCompressFrameStart(PCOMPVARS pc, LPBITMAPINFO lpbiIn) * it doesn't appear to be used though */ DWORD ret; + ICCOMPRESS* icComp; pc->lpbiIn = HeapAlloc(GetProcessHeap(), 0, sizeof(BITMAPINFO)); if (!pc->lpbiIn) return FALSE;
*pc->lpbiIn = *lpbiIn;
- pc->lpState = HeapAlloc(GetProcessHeap(), 0, sizeof(ICCOMPRESS)); + pc->lpState = HeapAlloc(GetProcessHeap(), 0, sizeof(ICCOMPRESS) + + sizeof(*icComp->lpckid) + sizeof(*icComp->lpdwFlags)); if (!pc->lpState) goto error;
@@ -1469,17 +1471,20 @@ BOOL VFWAPI ICSeqCompressFrameStart(PCOMPVARS pc, LPBITMAPINFO lpbiIn) TRACE(" -- %x\n", ret); if (ret == ICERR_OK) { - ICCOMPRESS* icComp = pc->lpState; - /* Initialise some variables */ - pc->lFrame = 0; pc->lKeyCount = 0; - - icComp->lpbiOutput = &pc->lpbiOut->bmiHeader; - icComp->lpbiInput = &pc->lpbiIn->bmiHeader; - icComp->lpckid = NULL; - icComp->dwFrameSize = 0; - icComp->dwQuality = pc->lQ; - icComp->lpbiPrev = &pc->lpbiIn->bmiHeader; - return TRUE; + icComp = pc->lpState; + /* Initialise some variables */ + pc->lFrame = 0; pc->lKeyCount = 0; + + icComp->lpbiOutput = &pc->lpbiOut->bmiHeader; + icComp->lpbiInput = &pc->lpbiIn->bmiHeader; + icComp->lpckid = (DWORD *)(icComp + 1); + *icComp->lpckid = 0; + icComp->lpdwFlags = (DWORD *)((char *)(icComp + 1) + sizeof(*icComp->lpckid)); + *icComp->lpdwFlags = 0; + icComp->dwFrameSize = 0; + icComp->dwQuality = pc->lQ; + icComp->lpbiPrev = &pc->lpbiIn->bmiHeader; + return TRUE; } error: clear_compvars(pc);