24 Oct
2012
24 Oct
'12
10:46 a.m.
On 10/24/2012 11:04 AM, Ken Thomases wrote:
On Oct 24, 2012, at 3:24 AM, Michael Stefaniuc wrote:
@@ -1330,9 +1330,6 @@ static HICON CURSORICON_LoadFromFile( LPCWSTR filename, }
dir = (const CURSORICONFILEDIR*) bits;
- if ( filesize < sizeof(*dir) )
goto end;- if ( filesize < (sizeof(*dir) + sizeof(dir->idEntries[0])*(dir->idCount-1)) ) goto end;
That doesn't seem redundant to me. It's not safe to access dir->idCount if the file isn't known to be big enough.
Actually it is safe. The file is mapped in page size chunks. So accessing dir->idCount is safe aka no exception will be generated. And filesize will be smaller for any random WORD that ends up being in dir->idCount.
bye michael