Gerald Pfeifer gerald@pfeifer.com writes:
@@ -388,6 +388,8 @@ static int DIB_GetBitmapInfo( const BITMAPINFOHEADER *header, LONG *width, *compr = header->biCompression; return 1; }
- *width = *height = 0; ERR("(%d): unknown/wrong size for header\n", header->biSize ); return -1;
}
0 is not valid for a bitmap, these should never be used in the error case.
On Tue, 20 Jul 2010, Alexandre Julliard wrote:
@@ -388,6 +388,8 @@ static int DIB_GetBitmapInfo( const BITMAPINFOHEADER *header, LONG *width, *compr = header->biCompression; return 1; }
- *width = *height = 0; ERR("(%d): unknown/wrong size for header\n", header->biSize ); return -1;
}
0 is not valid for a bitmap, these should never be used in the error case.
Well, I'm not sure this works right now: DIB_GetBitmapInfo is called at the beginning of BITMAP_Load and returns -1 in the case of failure, which it detects if header->biSize is inappropriate. Somehow this is never checked, however, it seems?B
So, how about the following patch? Already earlier in BITMAP_Load we return 0 in the case of problems, so callers should be prepared for it.
Note my the patch also updated the documentation a bit, and that piece I just resubmitted separately.
Gerald
ChangeLog: user32: Fix error handling in BITMAP_Load.
--- dlls/user32/cursoricon.c | 6 ++++++ 1 files changed, 6 insertions(+), 0 deletions(-)
diff --git a/dlls/user32/cursoricon.c b/dlls/user32/cursoricon.c index 9dc6d2b..acae302 100644 --- a/dlls/user32/cursoricon.c +++ b/dlls/user32/cursoricon.c @@ -2257,6 +2257,12 @@ static HBITMAP BITMAP_Load( HINSTANCE instance, LPCWSTR name, memcpy(scaled_info, fix_info, size); bm_type = DIB_GetBitmapInfo( &fix_info->bmiHeader, &width, &height, &bpp_dummy, &compr_dummy); + if (bm_type == -1) + { + WARN("Invalid bitmap format!\n"); + goto end_close; + } + if(desiredx != 0) new_width = desiredx; else
-
Alexandre Julliard -
Gerald Pfeifer