From cc4ef59c164bad0dcf2091320634ae6c02d96183 Mon Sep 17 00:00:00 2001 From: =?utf8?q?J=C3=A9r=C3=B4me=20Gardou?= Date: Thu, 10 Jun 2010 12:58:52 +0000 Subject: [PATCH] [GDI32] - Protect CreateDIBitmap - Pass correct data size to NtGdiCreateDIBitmap svn path=/branches/reactos-yarotows/; revision=47734 --- dll/win32/gdi32/objects/bitmap.c | 27 ++++++++++++++++++++++----- 1 file changed, 22 insertions(+), 5 deletions(-) diff --git a/dll/win32/gdi32/objects/bitmap.c b/dll/win32/gdi32/objects/bitmap.c index 1b0d7bc118d..97cae2ceb1f 100644 --- a/dll/win32/gdi32/objects/bitmap.c +++ b/dll/win32/gdi32/objects/bitmap.c @@ -461,9 +461,10 @@ CreateDIBitmap( HDC hDC, LONG width, height, compr, dibsize; WORD planes, bpp; // PDC_ATTR pDc_Attr; - UINT ConvertedInfoSize; + UINT InfoSize; UINT cjBmpScanSize; HBITMAP hBmp; + NTSTATUS Status = STATUS_SUCCESS; if (!Header) return 0; @@ -476,9 +477,25 @@ CreateDIBitmap( HDC hDC, // For Icm support. // GdiGetHandleUserData(hdc, GDI_OBJECT_TYPE_DC, (PVOID)&pDc_Attr)) - /* Mmmh, this is not really safe */ - cjBmpScanSize = DIB_BitmapBitsSize(Data); - DPRINT("pBMI %x, Size bpp %d, dibsize %d, Conv %d, BSS %d\n", Data,bpp,dibsize,ConvertedInfoSize,cjBmpScanSize); + _SEH2_TRY + { + cjBmpScanSize = DIB_BitmapBitsSize(Data); + CalculateColorTableSize(&Data->bmiHeader, &ColorUse, &InfoSize); + InfoSize += Data->bmiHeader.biSize; + } + _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) + { + Status = _SEH2_GetExceptionCode(); + } + _SEH2_END + + if(!NT_SUCCESS(Status)) + { + GdiSetLastError(ERROR_INVALID_PARAMETER); + return NULL; + } + + DPRINT("pBMI %x, Size bpp %d, dibsize %d, Conv %d, BSS %d\n", Data,bpp,dibsize,InfoSize,cjBmpScanSize); if ( !width || !height ) hBmp = GetStockObject(DEFAULT_BITMAP); @@ -491,7 +508,7 @@ CreateDIBitmap( HDC hDC, (LPBYTE)Bits, (LPBITMAPINFO)Data, ColorUse, - ConvertedInfoSize, + InfoSize, cjBmpScanSize, 0, 0); -- 2.17.1