https://git.reactos.org/?p=reactos.git;a=commitdiff;h=60851914a84bf3f38a024…
commit 60851914a84bf3f38a024de933579fa897c7e7c9
Author: Doug Lyons <douglyons(a)douglyons.com>
AuthorDate: Sun Feb 26 13:03:53 2023 -0600
Commit: Timo Kreuzer <timo.kreuzer(a)reactos.org>
CommitDate: Mon Feb 27 22:28:41 2023 +0100
Fix ICO_ExtractIconExW causing explorer to crash when trying
to display icon for bad EXE PE header.
See CORE-15879
Co-authored-by: Thomas Faber <thomas.faber(a)reactos.org>
---
win32ss/user/user32/misc/exticon.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/win32ss/user/user32/misc/exticon.c b/win32ss/user/user32/misc/exticon.c
index 09074c5c6a4..33f8f19b15f 100644
--- a/win32ss/user/user32/misc/exticon.c
+++ b/win32ss/user/user32/misc/exticon.c
@@ -616,6 +616,15 @@ static UINT ICO_ExtractIconExW(
goto end;
}
+#ifdef __REACTOS__
+ /* Check for boundary limit (and overflow) */
+ if (((ULONG_PTR)(rootresdir + 1) < (ULONG_PTR)rootresdir) ||
+ ((ULONG_PTR)(rootresdir + 1) > (ULONG_PTR)peimage + fsizel))
+ {
+ goto end;
+ }
+#endif
+
/* search for the group icon directory */
if (!(icongroupresdir = find_entry_by_id(rootresdir, LOWORD(RT_GROUP_ICON),
rootresdir)))
{