Commit 4cb36b9a authored by Bruno Jesus's avatar Bruno Jesus Committed by Alexandre Julliard

msvfw32: Lpckid and lpdwFlags must be valid memory addresses.

Otherwise codecs will crash while trying to write to it. Even though MSDN states that NULL is allowed for lpckid that is not true. Signed-off-by: 's avatarBruno Jesus <00cpxxx@gmail.com> Signed-off-by: 's avatarAlexandre Julliard <julliard@winehq.org>
parent d733e0d2
...@@ -1431,13 +1431,15 @@ BOOL VFWAPI ICSeqCompressFrameStart(PCOMPVARS pc, LPBITMAPINFO lpbiIn) ...@@ -1431,13 +1431,15 @@ BOOL VFWAPI ICSeqCompressFrameStart(PCOMPVARS pc, LPBITMAPINFO lpbiIn)
* it doesn't appear to be used though * it doesn't appear to be used though
*/ */
DWORD ret; DWORD ret;
ICCOMPRESS* icComp;
pc->lpbiIn = HeapAlloc(GetProcessHeap(), 0, sizeof(BITMAPINFO)); pc->lpbiIn = HeapAlloc(GetProcessHeap(), 0, sizeof(BITMAPINFO));
if (!pc->lpbiIn) if (!pc->lpbiIn)
return FALSE; return FALSE;
*pc->lpbiIn = *lpbiIn; *pc->lpbiIn = *lpbiIn;
pc->lpState = HeapAlloc(GetProcessHeap(), 0, sizeof(ICCOMPRESS)); pc->lpState = HeapAlloc(GetProcessHeap(), 0, sizeof(ICCOMPRESS)
+ sizeof(*icComp->lpckid) + sizeof(*icComp->lpdwFlags));
if (!pc->lpState) if (!pc->lpState)
goto error; goto error;
...@@ -1469,17 +1471,20 @@ BOOL VFWAPI ICSeqCompressFrameStart(PCOMPVARS pc, LPBITMAPINFO lpbiIn) ...@@ -1469,17 +1471,20 @@ BOOL VFWAPI ICSeqCompressFrameStart(PCOMPVARS pc, LPBITMAPINFO lpbiIn)
TRACE(" -- %x\n", ret); TRACE(" -- %x\n", ret);
if (ret == ICERR_OK) if (ret == ICERR_OK)
{ {
ICCOMPRESS* icComp = pc->lpState; icComp = pc->lpState;
/* Initialise some variables */ /* Initialise some variables */
pc->lFrame = 0; pc->lKeyCount = 0; pc->lFrame = 0; pc->lKeyCount = 0;
icComp->lpbiOutput = &pc->lpbiOut->bmiHeader; icComp->lpbiOutput = &pc->lpbiOut->bmiHeader;
icComp->lpbiInput = &pc->lpbiIn->bmiHeader; icComp->lpbiInput = &pc->lpbiIn->bmiHeader;
icComp->lpckid = NULL; icComp->lpckid = (DWORD *)(icComp + 1);
icComp->dwFrameSize = 0; *icComp->lpckid = 0;
icComp->dwQuality = pc->lQ; icComp->lpdwFlags = (DWORD *)((char *)(icComp + 1) + sizeof(*icComp->lpckid));
icComp->lpbiPrev = &pc->lpbiIn->bmiHeader; *icComp->lpdwFlags = 0;
return TRUE; icComp->dwFrameSize = 0;
icComp->dwQuality = pc->lQ;
icComp->lpbiPrev = &pc->lpbiIn->bmiHeader;
return TRUE;
} }
error: error:
clear_compvars(pc); clear_compvars(pc);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment