[0.4.9][NTGDI] Fix potential BSOD 0x1E CORE-17626

in CreateDIBPalette() when passing invalid arguments to CreateDIBSection.
This could be triggered by using the broken test-application "GDIProg".

After this patch not only the BSOD is fixed but also the app does
properly start up, like it is the case on 2k3sp2.

The problem was unhidden by the innocent and unrelated 0.4.12-dev-266-g 8ab3652c01
I was not able to trigger the bug in releases older than 0.4.12,
but it is rather obvious that the mentioned revision is not really 'guilty', which
is why I will port the fix back further into releases even older than 0.4.12 as well.

Thanks to the patches author Doug Lyons.

a squashed port of:
0.4.15-dev-2734-g 514147776a (fixes the BSOD)
0.4.15-dev-2775-g c596fd3ef6 (improvement #3758)
0.4.15-dev-2776-g 4130f0b1c5 (compilation fix)
and some white-space tweaking that was committed after those.

win32ss/gdi/ntgdi/dibobj.c

@@ -127,15 +127,25 @@ CreateDIBPalette(
         {
             /* The colors are an array of RGBQUAD values */
             RGBQUAD *prgb = (RGBQUAD*)((PCHAR)pbmi + pbmi->bmiHeader.biSize);
+            RGBQUAD colors[256] = {{0}};
 
             // FIXME: do we need to handle PALETTEINDEX / PALETTERGB macro?
 
-            /* Loop all color indices in the DIB */
-            for (i = 0; i < cColors; i++)
+            /* Use SEH to verify we can READ prgb[] succesfully */
+            _SEH2_TRY
+            {
+                RtlCopyMemory(colors, prgb, cColors * sizeof(colors[0]));
+            }
+            _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
+            {
+              /* Do Nothing */
+            }
+            _SEH2_END;
+
+            for (i = 0; i < cColors; ++i)
             {
                 /* Get the color value and translate it to a COLORREF */
-                RGBQUAD rgb = prgb[i];
-                COLORREF crColor = RGB(rgb.rgbRed, rgb.rgbGreen, rgb.rgbBlue);
+                COLORREF crColor = RGB(colors[i].rgbRed, colors[i].rgbGreen, colors[i].rgbBlue);
 
                 /* Set the RGB value in the palette */
                 PALETTE_vSetRGBColorForIndex(ppal, i, crColor);
@@ -501,7 +511,7 @@ NtGdiSetDIBitsToDeviceInternal(
         ret = 0;
         goto Exit;
     }
-    _SEH2_END
+    _SEH2_END;
 
     ScanLines = min(ScanLines, abs(bmi->bmiHeader.biHeight) - StartScan);
     if (ScanLines == 0)
@@ -779,7 +789,7 @@ GreGetDIBitsInternal(
         Info->bmiHeader.biSizeImage = DIB_GetDIBImageBytes( Info->bmiHeader.biWidth,
                                       Info->bmiHeader.biHeight,
                                       Info->bmiHeader.biBitCount);
-        Info->bmiHeader.biCompression = (Info->bmiHeader.biBitCount == 16 || Info->bmiHeader.biBitCount == 32) ? 
+        Info->bmiHeader.biCompression = (Info->bmiHeader.biBitCount == 16 || Info->bmiHeader.biBitCount == 32) ?
                                         BI_BITFIELDS : BI_RGB;
         Info->bmiHeader.biXPelsPerMeter = 0;
         Info->bmiHeader.biYPelsPerMeter = 0;
@@ -1250,7 +1260,7 @@ NtGdiStretchDIBitsInternal(
             ExFreePoolWithTag(pvBits, 'pmeT');
             _SEH2_YIELD(return 0);
         }
-        _SEH2_END
+        _SEH2_END;
     }
     else
     {
@@ -1501,7 +1511,7 @@ NtGdiCreateDIBitmapInternal(
     {
         Status = _SEH2_GetExceptionCode();
     }
-    _SEH2_END
+    _SEH2_END;
 
     if(!NT_SUCCESS(Status))
     {
@@ -1683,7 +1693,7 @@ NtGdiCreateDIBSection(
     {
         Status = _SEH2_GetExceptionCode();
     }
-    _SEH2_END
+    _SEH2_END;
 
     if(!NT_SUCCESS(Status))
     {