From a7cdf6e110e8d5caaafd59e4f8eba117fbc3cd12 Mon Sep 17 00:00:00 2001 From: Alexandre Julliard Date: Thu, 24 Jan 2008 10:21:17 +0100 Subject: [PATCH] winex11: Catch DIB memory accesses that touch the last page beyond the DIB bits end. --- dlls/winex11.drv/dib.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/dlls/winex11.drv/dib.c b/dlls/winex11.drv/dib.c index fc71c244621..a95783e5128 100644 --- a/dlls/winex11.drv/dib.c +++ b/dlls/winex11.drv/dib.c @@ -19,6 +19,7 @@ */ #include "config.h" +#include "wine/port.h" #include #ifdef HAVE_LIBXXSHM @@ -4302,6 +4303,7 @@ static LONG CALLBACK X11DRV_DIB_FaultHandler( PEXCEPTION_POINTERS ep ) BOOL found = FALSE; BYTE *addr; struct list *ptr; + const size_t pagemask = getpagesize() - 1; if (ep->ExceptionRecord->ExceptionCode != EXCEPTION_ACCESS_VIOLATION) return EXCEPTION_CONTINUE_SEARCH; @@ -4312,7 +4314,8 @@ static LONG CALLBACK X11DRV_DIB_FaultHandler( PEXCEPTION_POINTERS ep ) LIST_FOR_EACH( ptr, &dibs_list ) { physBitmap = LIST_ENTRY( ptr, X_PHYSBITMAP, entry ); - if ((physBitmap->base <= addr) && (addr < physBitmap->base + physBitmap->size)) + if ((physBitmap->base <= addr) && + (addr < physBitmap->base + ((physBitmap->size + pagemask) & ~pagemask))) { found = TRUE; break; @@ -4322,6 +4325,9 @@ static LONG CALLBACK X11DRV_DIB_FaultHandler( PEXCEPTION_POINTERS ep ) if (!found) return EXCEPTION_CONTINUE_SEARCH; + if (addr >= physBitmap->base + physBitmap->size) + WARN( "%p: access to %p beyond the end of the DIB\n", physBitmap->hbitmap, addr ); + X11DRV_DIB_Lock( physBitmap, DIB_Status_None ); if (ep->ExceptionRecord->ExceptionInformation[0] == EXCEPTION_WRITE_FAULT) { /* the app tried to write the DIB bits */