From cf4069023cb8393e02a67ed6aa9cc6046778668c Mon Sep 17 00:00:00 2001 From: paul Date: Sun, 11 Nov 2007 12:51:38 +0000 Subject: [PATCH] graphics: - prevent accessing data outside bounds (when copying data from source to destination with bigger alignment. e.g word -> dword) - fix win2000 bug with wrongly reported bmWidthBytes (they are calculated by win2000 sometimes as for word alignment while in fact they have dword alignment since all bitmap sections are dword aligned). fixes issue with shifted component images in win2000 ide git-svn-id: trunk@12825 - --- lcl/graphtype.pp | 2 +- lcl/interfaces/win32/win32proc.pp | 6 ++++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/lcl/graphtype.pp b/lcl/graphtype.pp index e50f45f430..221ff3d334 100644 --- a/lcl/graphtype.pp +++ b/lcl/graphtype.pp @@ -396,7 +396,7 @@ begin FillByte(DstPtr[0], ASize, 0); end else begin - LineBytes := RS; + LineBytes := Min(RS, ARowStride); if H <> LineCount then FillByte(DstPtr[0], ASize, 0); end; diff --git a/lcl/interfaces/win32/win32proc.pp b/lcl/interfaces/win32/win32proc.pp index 1cc24ca7b3..42167701be 100644 --- a/lcl/interfaces/win32/win32proc.pp +++ b/lcl/interfaces/win32/win32proc.pp @@ -1468,18 +1468,20 @@ var StartScan: Integer; begin SrcLineOrder := GetBitmapOrder(AWinBmp, ABitmap); + SrcLineBytes := (AWinBmp.bmWidthBytes + 3) and not 3; if AWinBmp.bmBits <> nil then begin // this is bitmapsection data :) we can just copy the bits + // We cannot trust windows with bmWidthBytes. Use SrcLineBytes which takes + // DWORD alignment into consideration with AWinBmp do - Result := CopyImageData(bmWidth, bmHeight, bmWidthBytes, bmBitsPixel, bmBits, ARect, SrcLineOrder, ALineOrder, ALineEnd, AData, ADataSize); + Result := CopyImageData(bmWidth, bmHeight, SrcLineBytes, bmBitsPixel, bmBits, ARect, SrcLineOrder, ALineOrder, ALineEnd, AData, ADataSize); Exit; end; // retrieve the data though GetDIBits - SrcLineBytes := (AWinBmp.bmWidthBytes + 3) and not 3; // initialize bitmapinfo structure Info.Header.biSize := sizeof(Info.Header);