From 673cb4f8479a3e6939b195385780a7ad0de3cad7 Mon Sep 17 00:00:00 2001 From: Sebastian Lackner Date: Wed, 7 Jan 2015 10:51:59 +0100 Subject: [PATCH] Added patch to fix NULL dereference in ICSeqCompressFrameStart. --- README.md | 3 ++- debian/changelog | 1 + ...mage-size-from-input-image-to-avoid-.patch | 26 +++++++++++++++++++ patches/msvfw32-Image_Size/definition | 1 + patches/patchinstall.sh | 19 ++++++++++++++ 5 files changed, 49 insertions(+), 1 deletion(-) create mode 100644 patches/msvfw32-Image_Size/0001-msvfw32-Derive-image-size-from-input-image-to-avoid-.patch create mode 100644 patches/msvfw32-Image_Size/definition diff --git a/README.md b/README.md index 05f2a176..aaed5115 100644 --- a/README.md +++ b/README.md @@ -37,7 +37,7 @@ Wine. All those differences are also documented on the Included bug fixes and improvements =================================== -**Bugfixes and features included in the next upcoming release [23]:** +**Bugfixes and features included in the next upcoming release [24]:** * Add nvapi stubs required for GPU PhysX support * Add stub for D3DXComputeNormalMap @@ -47,6 +47,7 @@ Included bug fixes and improvements * CreateProcess does not prioritize the working directory over the system search path ([Wine Bug #23934](https://bugs.winehq.org/show_bug.cgi?id=23934)) * Ensure X11 input events are handled even without explicit message loop ([Wine Bug #8854](https://bugs.winehq.org/show_bug.cgi?id=8854)) * Expose PKEY_AudioEndpoint_PhysicalSpeakers device property in PulseAudio driver +* Fix NULL dereference in ICSeqCompressFrameStart ([Wine Bug #27595](https://bugs.winehq.org/show_bug.cgi?id=27595)) * Fix access violation when calling GetStringTypeW with NULL src. ([Wine Bug #37759](https://bugs.winehq.org/show_bug.cgi?id=37759)) * Fix handling of subdirectory in FtpFindFirstFile ([Wine Bug #16526](https://bugs.winehq.org/show_bug.cgi?id=16526)) * Fix parameters for ConvertToIndexedBlendedMesh stub ([Wine Bug #36449](https://bugs.winehq.org/show_bug.cgi?id=36449)) diff --git a/debian/changelog b/debian/changelog index 71063871..a3d8295d 100644 --- a/debian/changelog +++ b/debian/changelog @@ -31,6 +31,7 @@ wine-staging (1.7.34) UNRELEASED; urgency=low * Added patch for basic CUDA support. * Added patches for D3DXComputeNormals and D3DXComputeNormalMap. * Added patch for nvapi stubs (required for GPU PhysX support). + * Added patch to fix NULL dereference in ICSeqCompressFrameStart. * Removed patch to emulate write to CR4 register (accepted upstream). * Removed patch with stub for KeSetSystemAffinityThread (accepted upstream). * Removed patch to implement combase HSTRING objects (accepted upstream). diff --git a/patches/msvfw32-Image_Size/0001-msvfw32-Derive-image-size-from-input-image-to-avoid-.patch b/patches/msvfw32-Image_Size/0001-msvfw32-Derive-image-size-from-input-image-to-avoid-.patch new file mode 100644 index 00000000..5f9fdf5c --- /dev/null +++ b/patches/msvfw32-Image_Size/0001-msvfw32-Derive-image-size-from-input-image-to-avoid-.patch @@ -0,0 +1,26 @@ +From 0e2ab70965e4b50319e7e0a50ce9ee88c1425ecc Mon Sep 17 00:00:00 2001 +From: Bruno Jesus <00cpxxx@gmail.com> +Date: Wed, 7 Jan 2015 10:50:03 +0100 +Subject: msvfw32: Derive image size from input image to avoid NULL + dereference. + +--- + dlls/msvfw32/msvideo_main.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/dlls/msvfw32/msvideo_main.c b/dlls/msvfw32/msvideo_main.c +index b6b7507..82b732b 100644 +--- a/dlls/msvfw32/msvideo_main.c ++++ b/dlls/msvfw32/msvideo_main.c +@@ -1447,7 +1447,7 @@ BOOL VFWAPI ICSeqCompressFrameStart(PCOMPVARS pc, LPBITMAPINFO lpbiIn) + } + pc->cbState = sizeof(ICCOMPRESS); + +- pc->lpBitsOut = HeapAlloc(GetProcessHeap(), 0, pc->lpbiOut->bmiHeader.biSizeImage); ++ pc->lpBitsOut = HeapAlloc(GetProcessHeap(), 0, pc->lpbiIn->bmiHeader.biSizeImage); + if (!pc->lpBitsOut) + { + HeapFree(GetProcessHeap(), 0, pc->lpbiIn); +-- +2.2.1 + diff --git a/patches/msvfw32-Image_Size/definition b/patches/msvfw32-Image_Size/definition new file mode 100644 index 00000000..8a055f3d --- /dev/null +++ b/patches/msvfw32-Image_Size/definition @@ -0,0 +1 @@ +Fixes: [27595] Fix NULL dereference in ICSeqCompressFrameStart diff --git a/patches/patchinstall.sh b/patches/patchinstall.sh index c33b003b..c97709c4 100755 --- a/patches/patchinstall.sh +++ b/patches/patchinstall.sh @@ -102,6 +102,7 @@ patch_enable_all () enable_makedep_PARENTSPEC="$1" enable_msvcp90_basic_string_wchar_dtor="$1" enable_msvcrt_atof_strtod="$1" + enable_msvfw32_Image_Size="$1" enable_ntdll_DOS_Attributes="$1" enable_ntdll_DVD_Read_Size="$1" enable_ntdll_DllRedirects="$1" @@ -336,6 +337,9 @@ patch_enable () msvcrt-atof_strtod) enable_msvcrt_atof_strtod="$2" ;; + msvfw32-Image_Size) + enable_msvfw32_Image_Size="$2" + ;; ntdll-DOS_Attributes) enable_ntdll_DOS_Attributes="$2" ;; @@ -1622,6 +1626,21 @@ if [ "$enable_msvcrt_atof_strtod" -eq 1 ]; then ) >> "$patchlist" fi +# Patchset msvfw32-Image_Size +# | +# | This patchset fixes the following Wine bugs: +# | * [#27595] Fix NULL dereference in ICSeqCompressFrameStart +# | +# | Modified files: +# | * dlls/msvfw32/msvideo_main.c +# | +if [ "$enable_msvfw32_Image_Size" -eq 1 ]; then + patch_apply msvfw32-Image_Size/0001-msvfw32-Derive-image-size-from-input-image-to-avoid-.patch + ( + echo '+ { "Bruno Jesus", "msvfw32: Derive image size from input image to avoid NULL dereference.", 1 },'; + ) >> "$patchlist" +fi + # Patchset ntdll-DOS_Attributes # | # | This patchset fixes the following Wine bugs: