Shawn M. Chapla : gdiplus: Fix LinearGradientBrush deserialization off-by-one errors. - wine-commits

24 Jul 2020

Module: wine
Branch: master
Commit: 6c787852c4b484d9b7e230c87f0662fb9af2c541
URL:    https://source.winehq.org/git/wine.git/?a=commit;h=6c787852c4b484d9b7e230c87...
Author: Shawn M. Chapla schapla@codeweavers.com
Date:   Wed Jul 22 23:08:11 2020 -0400
gdiplus: Fix LinearGradientBrush deserialization off-by-one errors.
Signed-off-by: Shawn M. Chapla schapla@codeweavers.com
Signed-off-by: Esme Povirk esme@codeweavers.com
Signed-off-by: Alexandre Julliard julliard@winehq.org
---
dlls/gdiplus/metafile.c       |  4 ++--
 dlls/gdiplus/tests/metafile.c | 14 +++++++-------
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/dlls/gdiplus/metafile.c b/dlls/gdiplus/metafile.c
index ff21b8ed24..7f019749ea 100644
--- a/dlls/gdiplus/metafile.c
+++ b/dlls/gdiplus/metafile.c
@@ -2206,7 +2206,7 @@ static GpStatus metafile_deserialize_brush(const BYTE *record_data, UINT data_si
         UINT position_count = 0;
offset = header_size + FIELD_OFFSET(EmfPlusLinearGradientBrushData, OptionalData);
-        if (data_size <= offset)
+        if (data_size < offset)
             return InvalidParameter;
brushflags = data->BrushData.lineargradient.BrushDataFlags;
@@ -2215,7 +2215,7 @@ static GpStatus metafile_deserialize_brush(const BYTE *record_data, UINT data_si
if (brushflags & BrushDataTransform)
         {
-            if (data_size <= offset + sizeof(EmfPlusTransformMatrix))
+            if (data_size < offset + sizeof(EmfPlusTransformMatrix))
                 return InvalidParameter;
             transform = (EmfPlusTransformMatrix *)(record_data + offset);
             offset += sizeof(EmfPlusTransformMatrix);
diff --git a/dlls/gdiplus/tests/metafile.c b/dlls/gdiplus/tests/metafile.c
index 29113fc3a0..cdc53b39a1 100644
--- a/dlls/gdiplus/tests/metafile.c
+++ b/dlls/gdiplus/tests/metafile.c
@@ -3273,10 +3273,10 @@ static void test_fillregion(void)
 static const emfplus_record lineargradient_records[] = {
     { EMR_HEADER },
     { EmfPlusRecordTypeHeader },
-    { EmfPlusRecordTypeObject, ObjectTypeBrush << 8, 0, 1 },
-    { EmfPlusRecordTypeFillRects, 0x4000, 0, 1 },
-    { EmfPlusRecordTypeObject, (ObjectTypeBrush << 8) | 1, 0, 1 },
-    { EmfPlusRecordTypeFillRects, 0x4000, 0, 1 },
+    { EmfPlusRecordTypeObject, ObjectTypeBrush << 8 },
+    { EmfPlusRecordTypeFillRects, 0x4000 },
+    { EmfPlusRecordTypeObject, (ObjectTypeBrush << 8) | 1 },
+    { EmfPlusRecordTypeFillRects, 0x4000 },
     { EmfPlusRecordTypeObject, (ObjectTypeBrush << 8) | 2 },
     { EmfPlusRecordTypeFillRects, 0x4000 },
     { EmfPlusRecordTypeObject, (ObjectTypeBrush << 8) | 3 },
@@ -3373,7 +3373,7 @@ static void test_lineargradient(void)
     /* Verify horizontal gradient fill. */
     stat = GdipBitmapGetPixel(bitmap, 10, 10, &color);
     expect(Ok, stat);
-    todo_wine expect(0xffff0000, color);
+    expect(0xffff0000, color);
stat = GdipBitmapGetPixel(bitmap, 18, 10, &color);
     expect(Ok, stat);
@@ -3382,11 +3382,11 @@ static void test_lineargradient(void)
     /* Verify vertical gradient fill. */
     stat = GdipBitmapGetPixel(bitmap, 50, 10, &color);
     expect(Ok, stat);
-    todo_wine expect(0xffff0000, color);
+    expect(0xffff0000, color);
stat = GdipBitmapGetPixel(bitmap, 50, 18, &color);
     expect(Ok, stat);
-    todo_wine expect(0xff990066, color);
+    expect(0xff990066, color);
/* Verify custom blend gradient fill. */
     stat = GdipBitmapGetPixel(bitmap, 10, 50, &color);

    