Alexandre Julliard wrote:
"C. Daniel Mojoli B." cdmojoli@idea.com.py writes:
- We hit L513 and cause an exception when executing the following
expression: bits->idEntries[i]. The problem is that we are looping with our index bound to the garbage number of icon entries! That garbage is almost assured to be too large and we loop past the assigned memory.
The proper fix is to make sure the code doesn't crash no matter what garbage it gets as input. Checking the magic number doesn't guarantee that the rest of the file is correct.
I agree with the principle, but still advocate the inclusion of the magic number patch because it allows to fail-fast. Even when someone eventually patches for complete validity and bounds checking, the fail-fast magic number test remains useful.
(And yes, Uwe, your test reflected the condition I encountered. Sorry for not answering earlier.)