https://git.reactos.org/?p=reactos.git;a=commitdiff;h=60851914a84bf3f38a024d...

commit 60851914a84bf3f38a024de933579fa897c7e7c9 Author: Doug Lyons douglyons@douglyons.com AuthorDate: Sun Feb 26 13:03:53 2023 -0600 Commit: Timo Kreuzer timo.kreuzer@reactos.org CommitDate: Mon Feb 27 22:28:41 2023 +0100

Fix ICO_ExtractIconExW causing explorer to crash when trying to display icon for bad EXE PE header.

See CORE-15879

Co-authored-by: Thomas Faber thomas.faber@reactos.org --- win32ss/user/user32/misc/exticon.c | 9 +++++++++ 1 file changed, 9 insertions(+)

diff --git a/win32ss/user/user32/misc/exticon.c b/win32ss/user/user32/misc/exticon.c index 09074c5c6a4..33f8f19b15f 100644 --- a/win32ss/user/user32/misc/exticon.c +++ b/win32ss/user/user32/misc/exticon.c @@ -616,6 +616,15 @@ static UINT ICO_ExtractIconExW( goto end; }

+#ifdef __REACTOS__ + /* Check for boundary limit (and overflow) */ + if (((ULONG_PTR)(rootresdir + 1) < (ULONG_PTR)rootresdir) || + ((ULONG_PTR)(rootresdir + 1) > (ULONG_PTR)peimage + fsizel)) + { + goto end; + } +#endif + /* search for the group icon directory */ if (!(icongroupresdir = find_entry_by_id(rootresdir, LOWORD(RT_GROUP_ICON), rootresdir))) {