Added patch to fix NULL dereference in ICSeqCompressFrameStart.

README.md

@@ -37,7 +37,7 @@ Wine. All those differences are also documented on the
 Included bug fixes and improvements
 ===================================
 
-**Bugfixes and features included in the next upcoming release [23]:**
+**Bugfixes and features included in the next upcoming release [24]:**
 
 * Add nvapi stubs required for GPU PhysX support
 * Add stub for D3DXComputeNormalMap
@@ -47,6 +47,7 @@ Included bug fixes and improvements
 * CreateProcess does not prioritize the working directory over the system search path ([Wine Bug #23934](https://bugs.winehq.org/show_bug.cgi?id=23934))
 * Ensure X11 input events are handled even without explicit message loop ([Wine Bug #8854](https://bugs.winehq.org/show_bug.cgi?id=8854))
 * Expose PKEY_AudioEndpoint_PhysicalSpeakers device property in PulseAudio driver
+* Fix NULL dereference in ICSeqCompressFrameStart ([Wine Bug #27595](https://bugs.winehq.org/show_bug.cgi?id=27595))
 * Fix access violation when calling GetStringTypeW with NULL src. ([Wine Bug #37759](https://bugs.winehq.org/show_bug.cgi?id=37759))
 * Fix handling of subdirectory in FtpFindFirstFile ([Wine Bug #16526](https://bugs.winehq.org/show_bug.cgi?id=16526))
 * Fix parameters for ConvertToIndexedBlendedMesh stub ([Wine Bug #36449](https://bugs.winehq.org/show_bug.cgi?id=36449))

debian/changelog

@@ -31,6 +31,7 @@ wine-staging (1.7.34) UNRELEASED; urgency=low
   * Added patch for basic CUDA support.
   * Added patches for D3DXComputeNormals and D3DXComputeNormalMap.
   * Added patch for nvapi stubs (required for GPU PhysX support).
+  * Added patch to fix NULL dereference in ICSeqCompressFrameStart.
   * Removed patch to emulate write to CR4 register (accepted upstream).
   * Removed patch with stub for KeSetSystemAffinityThread (accepted upstream).
   * Removed patch to implement combase HSTRING objects (accepted upstream).

patches/msvfw32-Image_Size/0001-msvfw32-Derive-image-size-from-input-image-to-avoid-.patch

@@ -0,0 +1,26 @@
+From 0e2ab70965e4b50319e7e0a50ce9ee88c1425ecc Mon Sep 17 00:00:00 2001
+From: Bruno Jesus <00cpxxx@gmail.com>
+Date: Wed, 7 Jan 2015 10:50:03 +0100
+Subject: msvfw32: Derive image size from input image to avoid NULL
+ dereference.
+
+---
+ dlls/msvfw32/msvideo_main.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/dlls/msvfw32/msvideo_main.c b/dlls/msvfw32/msvideo_main.c
+index b6b7507..82b732b 100644
+--- a/dlls/msvfw32/msvideo_main.c
++++ b/dlls/msvfw32/msvideo_main.c
+@@ -1447,7 +1447,7 @@ BOOL VFWAPI ICSeqCompressFrameStart(PCOMPVARS pc, LPBITMAPINFO lpbiIn)
+     }
+     pc->cbState = sizeof(ICCOMPRESS);
+ 
+-    pc->lpBitsOut = HeapAlloc(GetProcessHeap(), 0, pc->lpbiOut->bmiHeader.biSizeImage);
++    pc->lpBitsOut = HeapAlloc(GetProcessHeap(), 0, pc->lpbiIn->bmiHeader.biSizeImage);
+     if (!pc->lpBitsOut)
+     {
+        HeapFree(GetProcessHeap(), 0, pc->lpbiIn);
+-- 
+2.2.1
+

patches/msvfw32-Image_Size/definition

@@ -0,0 +1 @@
+Fixes: [27595] Fix NULL dereference in ICSeqCompressFrameStart

patches/patchinstall.sh

@@ -102,6 +102,7 @@ patch_enable_all ()
 	enable_makedep_PARENTSPEC="$1"
 	enable_msvcp90_basic_string_wchar_dtor="$1"
 	enable_msvcrt_atof_strtod="$1"
+	enable_msvfw32_Image_Size="$1"
 	enable_ntdll_DOS_Attributes="$1"
 	enable_ntdll_DVD_Read_Size="$1"
 	enable_ntdll_DllRedirects="$1"
@@ -336,6 +337,9 @@ patch_enable ()
 		msvcrt-atof_strtod)
 			enable_msvcrt_atof_strtod="$2"
 			;;
+		msvfw32-Image_Size)
+			enable_msvfw32_Image_Size="$2"
+			;;
 		ntdll-DOS_Attributes)
 			enable_ntdll_DOS_Attributes="$2"
 			;;
@@ -1622,6 +1626,21 @@ if [ "$enable_msvcrt_atof_strtod" -eq 1 ]; then
 	) >> "$patchlist"
 fi
 
+# Patchset msvfw32-Image_Size
+# |
+# | This patchset fixes the following Wine bugs:
+# |   *	[#27595] Fix NULL dereference in ICSeqCompressFrameStart
+# |
+# | Modified files:
+# |   *	dlls/msvfw32/msvideo_main.c
+# |
+if [ "$enable_msvfw32_Image_Size" -eq 1 ]; then
+	patch_apply msvfw32-Image_Size/0001-msvfw32-Derive-image-size-from-input-image-to-avoid-.patch
+	(
+		echo '+    { "Bruno Jesus", "msvfw32: Derive image size from input image to avoid NULL dereference.", 1 },';
+	) >> "$patchlist"
+fi
+
 # Patchset ntdll-DOS_Attributes
 # |
 # | This patchset fixes the following Wine bugs: