Re: [PATCH v3 0/5] MR2870: gdiplus: Support playing back pen custom end line cap.

22 May 2023


      Esme Povirk (@madewokherd) commented about dlls/gdiplus/metafile.c:
...
+{

EmfPlusCustomStartCapData *custom_cap_data = (EmfPlusCustomStartCapData *)record_data;
EmfPlusCustomLineCap *line_cap;
GpStatus status;
UINT offset;

*cap = NULL;

if (data_size < FIELD_OFFSET(EmfPlusCustomStartCapData, data) + custom_cap_data->CustomStartCapSize)
   return InvalidParameter;


offset = FIELD_OFFSET(EmfPlusCustomStartCapData, data);
line_cap = (EmfPlusCustomLineCap *)(record_data + offset);

offset += FIELD_OFFSET(EmfPlusCustomLineCap, CustomLineCapData);
if (line_cap->Type == CustomLineCapTypeAdjustableArrow)

This access doesn't check data_size.
-- 
https://gitlab.winehq.org/wine/wine/-/merge_requests/2870#note_33428

2025

2024

2023

2022

Re: [PATCH v3 0/5] MR2870: gdiplus: Support playing back pen custom end line cap.