From 60851914a84bf3f38a024de933579fa897c7e7c9 Mon Sep 17 00:00:00 2001
From: Doug Lyons <douglyons@douglyons.com>
Date: Sun, 26 Feb 2023 13:03:53 -0600
Subject: [PATCH] Fix ICO_ExtractIconExW causing explorer to crash when trying 
 to display icon for bad EXE PE header.

See CORE-15879

 Co-authored-by: Thomas Faber <thomas.faber@reactos.org>
---
 win32ss/user/user32/misc/exticon.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/win32ss/user/user32/misc/exticon.c b/win32ss/user/user32/misc/exticon.c
index 09074c5c6a4..33f8f19b15f 100644
--- a/win32ss/user/user32/misc/exticon.c
+++ b/win32ss/user/user32/misc/exticon.c
@@ -616,6 +616,15 @@ static UINT ICO_ExtractIconExW(
             goto end;
         }
 
+#ifdef __REACTOS__
+        /* Check for boundary limit (and overflow) */
+        if (((ULONG_PTR)(rootresdir + 1) < (ULONG_PTR)rootresdir) ||
+            ((ULONG_PTR)(rootresdir + 1) > (ULONG_PTR)peimage + fsizel))
+        {
+            goto end;
+        }
+#endif
+
 	  /* search for the group icon directory */
 	  if (!(icongroupresdir = find_entry_by_id(rootresdir, LOWORD(RT_GROUP_ICON), rootresdir)))
 	  {