'[PATCH 3/5] user32: Don't go past the end of the animated cursor data.'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       wine-devel
Subject:    [PATCH 3/5] user32: Don't go past the end of the animated cursor data.
From:       Matteo Bruni <mbruni () codeweavers ! com>
Date:       2019-09-30 21:11:14
Message-ID: 20190930211116.10796-3-mbruni () codeweavers ! com
[Download RAW message or body]

Signed-off-by: Matteo Bruni <mbruni@codeweavers.com>
---
Found while testing bug 43246.

 dlls/user32/cursoricon.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/dlls/user32/cursoricon.c b/dlls/user32/cursoricon.c
index 3214746664c..9c61d7ff300 100644
--- a/dlls/user32/cursoricon.c
+++ b/dlls/user32/cursoricon.c
@@ -1451,6 +1451,8 @@ static void riff_find_chunk( DWORD chunk_id, DWORD chunk_type, const riff_chunk_
         }
 
         ptr += sizeof(DWORD);
+        if (ptr >= end)
+            break;
         ptr += (*(const DWORD *)ptr + 1) & ~1;
         ptr += sizeof(DWORD);
     }
-- 
2.21.0


[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic