From: marc.bessieres@mykolab.com Subject: gdi32: uninitialized biCompression in GetDIBits(valgrind) (try 2) Message-Id: <1418559767-810-1-git-send-email-marc.bessieres@mykolab.com> Date: Sun, 14 Dec 2014 13:22:47 +0100 From: Marc Bessières fix https://bugs.winehq.org/show_bug.cgi?id=30827 Conditional jump or move depends on uninitialised value(s) at bitmapinfoheader_from_user_bitmapinfo (dib.c:177) by GetDIBits (dib.c:1210) by create_icon_pixmaps.isra.8 (window.c:883) Do not set dst_info->bmiHeader.biSizeImage when !bits && info->bmiHeader.biBitCount == 0 as in such condition we are querying the input bitmap to fill in info. create_icon_pixmaps first calls GetDIBits with bits == NULL and info->bmiHeader.biBitCount == 0 in order to fill in info with data from the icon. And then calls again GetDIBits but this time with bits of the right size and the info that was fully initialized by the previous call. --- dlls/gdi32/dib.c | 21 ++++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) diff --git a/dlls/gdi32/dib.c b/dlls/gdi32/dib.c index 708a9a8..2931df1 100644 --- a/dlls/gdi32/dib.c +++ b/dlls/gdi32/dib.c @@ -148,10 +148,9 @@ static BOOL is_valid_dib_format( const BITMAPINFOHEADER *info, BOOL allow_compre } } -/******************************************************************************************* - * Fill out a true BITMAPINFOHEADER from a variable sized BITMAPINFOHEADER / BITMAPCOREHEADER. - */ -static BOOL bitmapinfoheader_from_user_bitmapinfo( BITMAPINFOHEADER *dst, const BITMAPINFOHEADER *info ) + + +static BOOL bitmapinfoheader_from_user_bitmapinfo_withoutbiSizeImage( BITMAPINFOHEADER *dst, const BITMAPINFOHEADER *info ) { if (!info) return FALSE; @@ -179,6 +178,15 @@ static BOOL bitmapinfoheader_from_user_bitmapinfo( BITMAPINFOHEADER *dst, const } dst->biSize = sizeof(*dst); + return TRUE; +} +/******************************************************************************************* + * Fill out a true BITMAPINFOHEADER from a variable sized BITMAPINFOHEADER / BITMAPCOREHEADER. + */ +static BOOL bitmapinfoheader_from_user_bitmapinfo( BITMAPINFOHEADER *dst, const BITMAPINFOHEADER *info ) +{ + if (!bitmapinfoheader_from_user_bitmapinfo_withoutbiSizeImage( dst, info )) + return FALSE; if (dst->biCompression == BI_RGB || dst->biCompression == BI_BITFIELDS) dst->biSizeImage = get_dib_image_size( (BITMAPINFO *)dst ); return TRUE; @@ -1214,7 +1222,8 @@ INT WINAPI GetDIBits( /* Since info may be a BITMAPCOREINFO or any of the larger BITMAPINFO structures, we'll use our own copy and transfer the colour info back at the end */ - if (!bitmapinfoheader_from_user_bitmapinfo( &dst_info->bmiHeader, &info->bmiHeader )) return 0; + if (!bitmapinfoheader_from_user_bitmapinfo_withoutbiSizeImage( &dst_info->bmiHeader, &info->bmiHeader )) return 0; + if (coloruse > DIB_PAL_COLORS) return 0; if (bits && (dst_info->bmiHeader.biCompression == BI_JPEG || dst_info->bmiHeader.biCompression == BI_PNG)) @@ -1252,6 +1261,8 @@ INT WINAPI GetDIBits( ret = fill_query_info( info, bmp ); goto done; } + if (dst_info->bmiHeader.biCompression == BI_RGB || dst_info->bmiHeader.biCompression == BI_BITFIELDS) + dst_info->bmiHeader.biSizeImage = get_dib_image_size( (BITMAPINFO *)&dst_info->bmiHeader ); /* validate parameters */ -- 2.1.2