From 4cb36b9aaf087d07b2ff45ef89a51caf1984ce5f Mon Sep 17 00:00:00 2001 From: Bruno Jesus <00cpxxx@gmail.com> Date: Tue, 20 Oct 2015 14:56:22 +0800 Subject: [PATCH] msvfw32: Lpckid and lpdwFlags must be valid memory addresses. Otherwise codecs will crash while trying to write to it. Even though MSDN states that NULL is allowed for lpckid that is not true. Signed-off-by: Bruno Jesus <00cpxxx@gmail.com> Signed-off-by: Alexandre Julliard --- dlls/msvfw32/msvideo_main.c | 27 ++++++++++++++++----------- 1 file changed, 16 insertions(+), 11 deletions(-) diff --git a/dlls/msvfw32/msvideo_main.c b/dlls/msvfw32/msvideo_main.c index 1c38b752c41..d1a22830933 100644 --- a/dlls/msvfw32/msvideo_main.c +++ b/dlls/msvfw32/msvideo_main.c @@ -1431,13 +1431,15 @@ BOOL VFWAPI ICSeqCompressFrameStart(PCOMPVARS pc, LPBITMAPINFO lpbiIn) * it doesn't appear to be used though */ DWORD ret; + ICCOMPRESS* icComp; pc->lpbiIn = HeapAlloc(GetProcessHeap(), 0, sizeof(BITMAPINFO)); if (!pc->lpbiIn) return FALSE; *pc->lpbiIn = *lpbiIn; - pc->lpState = HeapAlloc(GetProcessHeap(), 0, sizeof(ICCOMPRESS)); + pc->lpState = HeapAlloc(GetProcessHeap(), 0, sizeof(ICCOMPRESS) + + sizeof(*icComp->lpckid) + sizeof(*icComp->lpdwFlags)); if (!pc->lpState) goto error; @@ -1469,17 +1471,20 @@ BOOL VFWAPI ICSeqCompressFrameStart(PCOMPVARS pc, LPBITMAPINFO lpbiIn) TRACE(" -- %x\n", ret); if (ret == ICERR_OK) { - ICCOMPRESS* icComp = pc->lpState; - /* Initialise some variables */ - pc->lFrame = 0; pc->lKeyCount = 0; + icComp = pc->lpState; + /* Initialise some variables */ + pc->lFrame = 0; pc->lKeyCount = 0; - icComp->lpbiOutput = &pc->lpbiOut->bmiHeader; - icComp->lpbiInput = &pc->lpbiIn->bmiHeader; - icComp->lpckid = NULL; - icComp->dwFrameSize = 0; - icComp->dwQuality = pc->lQ; - icComp->lpbiPrev = &pc->lpbiIn->bmiHeader; - return TRUE; + icComp->lpbiOutput = &pc->lpbiOut->bmiHeader; + icComp->lpbiInput = &pc->lpbiIn->bmiHeader; + icComp->lpckid = (DWORD *)(icComp + 1); + *icComp->lpckid = 0; + icComp->lpdwFlags = (DWORD *)((char *)(icComp + 1) + sizeof(*icComp->lpckid)); + *icComp->lpdwFlags = 0; + icComp->dwFrameSize = 0; + icComp->dwQuality = pc->lQ; + icComp->lpbiPrev = &pc->lpbiIn->bmiHeader; + return TRUE; } error: clear_compvars(pc);