winex11: Catch DIB memory accesses that touch the last page beyond the DIB bits end.

a7cdf6e1 · Alexandre Julliard · 8913182b · a7cdf6e1
Commit a7cdf6e1 authored Jan 24, 2008 by Alexandre Julliard
Hide whitespace changes
Inline Side-by-side

Showing with 7 additions and 1 deletion

dib.c dlls/winex11.drv/dib.c +7 -1

No files found.
--- a/dlls/winex11.drv/dib.c
+++ b/dlls/winex11.drv/dib.c
@@ -19,6 +19,7 @@
 */
 #include "config.h"
+#include "wine/port.h"
 #include <X11/Xlib.h>
 #ifdef HAVE_LIBXXSHM
@@ -4302,6 +4303,7 @@ static LONG CALLBACK X11DRV_DIB_FaultHandler( PEXCEPTION_POINTERS ep )
    BOOL found = FALSE;
    BYTE *addr;
    struct list *ptr;
+    const size_t pagemask = getpagesize() - 1;
    if (ep->ExceptionRecord->ExceptionCode != EXCEPTION_ACCESS_VIOLATION)
        return EXCEPTION_CONTINUE_SEARCH;
@@ -4312,7 +4314,8 @@ static LONG CALLBACK X11DRV_DIB_FaultHandler( PEXCEPTION_POINTERS ep )
    LIST_FOR_EACH( ptr, &dibs_list )
    {
        physBitmap = LIST_ENTRY( ptr, X_PHYSBITMAP, entry );
-        if ((physBitmap->base <= addr) && (addr < physBitmap->base + physBitmap->size))
+        if ((physBitmap->base <= addr) &&
+            (addr < physBitmap->base + ((physBitmap->size + pagemask) & ~pagemask)))
        {
            found = TRUE;
            break;
@@ -4322,6 +4325,9 @@ static LONG CALLBACK X11DRV_DIB_FaultHandler( PEXCEPTION_POINTERS ep )
    if (!found) return EXCEPTION_CONTINUE_SEARCH;
+    if (addr >= physBitmap->base + physBitmap->size)
+        WARN( "%p: access to %p beyond the end of the DIB\n", physBitmap->hbitmap, addr );
    X11DRV_DIB_Lock( physBitmap, DIB_Status_None );
    if (ep->ExceptionRecord->ExceptionInformation[0] == EXCEPTION_WRITE_FAULT) {
        /* the app tried to write the DIB bits */