[reactos] 01/01: [WIN32SS][NTGDI] Fix NtGdiSetBitmapBits in buffer size (#1313) - Ros-diffs

27 Jan 2019

https://git.reactos.org/?p=reactos.git;a=commitdiff;h=1cac3fbe6318e271f6a5b4...
commit 1cac3fbe6318e271f6a5b4367480c3e5a1a2f188
Author:     Katayama Hirofumi MZ katayama.hirofumi.mz@gmail.com
AuthorDate: Sun Jan 27 17:44:34 2019 +0900
Commit:     GitHub noreply@github.com
CommitDate: Sun Jan 27 17:44:34 2019 +0900
[WIN32SS][NTGDI] Fix NtGdiSetBitmapBits in buffer size (#1313)
Let NtGdiSetBitmapBits function fail if buffer size was greater than 564. CORE-15657
---
 win32ss/gdi/ntgdi/bitmaps.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/win32ss/gdi/ntgdi/bitmaps.c b/win32ss/gdi/ntgdi/bitmaps.c
index c98259967e..b12603d754 100644
--- a/win32ss/gdi/ntgdi/bitmaps.c
+++ b/win32ss/gdi/ntgdi/bitmaps.c
@@ -617,6 +617,12 @@ NtGdiSetBitmapBits(
         return 0;
     }
+    /* 565 is confirmed value in Win2k3 */
+    if (Bytes >= 565)
+    {
+        return 0;
+    }
+
     if (GDI_HANDLE_IS_STOCKOBJ(hBitmap))
     {
         return 0;

    