Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2024-07-30 16:18:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

[WIN32K]

Browse source 
In NtGdiGetDIBitsInternal limit the size of what is being copied back to to usermode to the cjMaxInfo parameter. Fixes crash of Firefox when downloading files.
CORE-8895 #resolve

svn path=/trunk/; revision=66273
This commit is contained in:
Timo Kreuzer 2015-02-15 00:05:50 +00:00
parent 5b0af50bdc
commit e07232f673
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
reactos/win32ss/gdi/ntgdi/dibobj.c
View file

@ -674,7 +674,7 @@ GreGetDIBitsInternal(
RGBQUAD* rgbQuads;
VOID* colorPtr;
DPRINT("Entered NtGdiGetDIBitsInternal()\n");
DPRINT("Entered GreGetDIBitsInternal()\n");
if ((Usage && Usage != DIB_PAL_COLORS) || !Info || !hBitmap)
return 0;
@ -1090,7 +1090,7 @@ NtGdiGetDIBitsInternal(
_SEH2_TRY
{
/* Copy the data back */
cjMaxInfo = DIB_BitmapInfoSize(pbmi, (WORD)iUsage);
cjMaxInfo = min(cjMaxInfo, DIB_BitmapInfoSize(pbmi, (WORD)iUsage));
ProbeForWrite(pbmiUser, cjMaxInfo, 1);
RtlCopyMemory(pbmiUser, pbmi, cjMaxInfo);
}