Jérôme Gardou wrote:
- Probing the BITMAPINFO and then passing the usermode buffer to the
internal and unprotected function is not enough. The buffer must be copied.
OK, it's safer this way.
It's not a matter of "safe, safer, safest". It's wrong vs correct. Accessing the usermode buffer without SEH == unsafe!
- The BITMAPV5HEADER is only ~120 bytes and only used once per function
call, so putting the safe buffer on the stack is appropriate. The buffer needs be large enough for V5 anyway, so why not fixup some values and make it a full V5 header?
No, all values added by V4/V5 headers are for ICM. If there is only a BITMAPINFOHEADER there, then we don't have to care about ICM. If we "convert" it to a V5 header, all values will be 0, that's not worth the effort.
There are also the color masks. In V4/V5 there are dedicated fields for these masks, while in the BITMAPINFO they are in the bmiColors array. If *bV5CSType == *LCS_sRGB or LCS_WINDOWS_COLOR_SPACE, then the other fields are ignored, so here is no additional effort.
The only "effort" to make here is to take care of where the color buffer is : bmi + bmi->bmiHeader.biSize and not bmi->bmiColors. Then check in some functions if we have a V4/V5 header to take care of the features they have.
Exactly. And why do you want to multiply this effort? Why do you want to handle this everywhere you use a BITMAPINFO instead of in exactly one place?
Timo