https://git.reactos.org/?p=reactos.git;a=commitdiff;h=1cac3fbe6318e271f6a5b… commit 1cac3fbe6318e271f6a5b4367480c3e5a1a2f188 Author: Katayama Hirofumi MZ <katayama.hirofumi.mz(a)gmail.com> AuthorDate: Sun Jan 27 17:44:34 2019 +0900 Commit: GitHub <noreply(a)github.com> CommitDate: Sun Jan 27 17:44:34 2019 +0900 [WIN32SS][NTGDI] Fix NtGdiSetBitmapBits in buffer size (#1313) Let NtGdiSetBitmapBits function fail if buffer size was greater than 564. CORE-15657 --- win32ss/gdi/ntgdi/bitmaps.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/win32ss/gdi/ntgdi/bitmaps.c b/win32ss/gdi/ntgdi/bitmaps.c index c98259967e..b12603d754 100644 --- a/win32ss/gdi/ntgdi/bitmaps.c +++ b/win32ss/gdi/ntgdi/bitmaps.c @@ -617,6 +617,12 @@ NtGdiSetBitmapBits( return 0; } + /* 565 is confirmed value in Win2k3 */ + if (Bytes >= 565) + { + return 0; + } + if (GDI_HANDLE_IS_STOCKOBJ(hBitmap)) { return 0;