Commit b6da3547 authored by Vincent Povirk's avatar Vincent Povirk Committed by Alexandre Julliard

gdi32: Check that emf records are within the file.

parent 8d2676fd
...@@ -2470,6 +2470,14 @@ BOOL WINAPI EnumEnhMetaFile( ...@@ -2470,6 +2470,14 @@ BOOL WINAPI EnumEnhMetaFile(
{ {
emr = (ENHMETARECORD *)((char *)emh + offset); emr = (ENHMETARECORD *)((char *)emh + offset);
if (offset + 8 > emh->nBytes ||
offset > offset + emr->nSize ||
offset + emr->nSize > emh->nBytes)
{
WARN("record truncated\n");
break;
}
/* In Win9x mode we update the xform if the record will produce output */ /* In Win9x mode we update the xform if the record will produce output */
if (hdc && IS_WIN9X() && emr_produces_output(emr->iType)) if (hdc && IS_WIN9X() && emr_produces_output(emr->iType))
EMF_Update_MF_Xform(hdc, info); EMF_Update_MF_Xform(hdc, info);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment