23 Mar
2004
23 Mar
'04
9:24 p.m.
"C. Daniel Mojoli B." cdmojoli@idea.com.py writes:
- We hit L513 and cause an exception when executing the following
expression: bits->idEntries[i]. The problem is that we are looping with our index bound to the garbage number of icon entries! That garbage is almost assured to be too large and we loop past the assigned memory.
The proper fix is to make sure the code doesn't crash no matter what garbage it gets as input. Checking the magic number doesn't guarantee that the rest of the file is correct.
--
Alexandre Julliard
julliard@winehq.org