From: Huw Davies Subject: gdi32: Check that ExtFloodFill()'s initial co-ordinates lie within the dib. Message-Id: <1475139467-37808-1-git-send-email-huw@codeweavers.com> Date: Thu, 29 Sep 2016 09:57:47 +0100 It might seem more natural to move this check inside is_interior(), but this would slow down the unclipped case. Signed-off-by: Huw Davies --- dlls/gdi32/dibdrv/graphics.c | 3 +++ dlls/gdi32/tests/dib.c | 3 +++ 2 files changed, 6 insertions(+) diff --git a/dlls/gdi32/dibdrv/graphics.c b/dlls/gdi32/dibdrv/graphics.c index e6d65e1..cbfeccb 100644 --- a/dlls/gdi32/dibdrv/graphics.c +++ b/dlls/gdi32/dibdrv/graphics.c @@ -1055,6 +1055,9 @@ BOOL dibdrv_ExtFloodFill( PHYSDEV dev, INT x, INT y, COLORREF color, UINT type ) TRACE( "(%p, %d, %d, %08x, %d)\n", pdev, x, y, color, type ); + if (x < 0 || x >= pdev->dib.rect.right - pdev->dib.rect.left || + y < 0 || y >= pdev->dib.rect.bottom - pdev->dib.rect.top) return FALSE; + if (!is_interior( &pdev->dib, pdev->clip, x, y, pixel, type )) return FALSE; if (!(rgn = CreateRectRgn( 0, 0, 0, 0 ))) return FALSE; diff --git a/dlls/gdi32/tests/dib.c b/dlls/gdi32/tests/dib.c index ffbd773..9db74fe 100644 --- a/dlls/gdi32/tests/dib.c +++ b/dlls/gdi32/tests/dib.c @@ -2792,6 +2792,9 @@ static void draw_graphics(HDC hdc, const BITMAPINFO *bmi, BYTE *bits) ExtSelectClipRgn( hdc, NULL, RGN_COPY ); + ret = ExtFloodFill( hdc, -1, -1, RGB( 0, 0xff, 0 ), FLOODFILLSURFACE ); + ok (!ret, "got ret %d\n", ret); + SelectObject(hdc, orig_brush); SelectObject(hdc, orig_pen); DeleteObject(solid_brush); -- 2.8.2