From aaecc404642877074550ff1c156c32bc9888da74 Mon Sep 17 00:00:00 2001
From: Matteo Bruni <mbruni@codeweavers.com>
Date: Mon, 30 Sep 2019 23:11:14 +0200
Subject: [PATCH] user32: Don't go past the end of the animated cursor data.

Signed-off-by: Matteo Bruni <mbruni@codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
---
 dlls/user32/cursoricon.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/dlls/user32/cursoricon.c b/dlls/user32/cursoricon.c
index 3214746664c..9c61d7ff300 100644
--- a/dlls/user32/cursoricon.c
+++ b/dlls/user32/cursoricon.c
@@ -1451,6 +1451,8 @@ static void riff_find_chunk( DWORD chunk_id, DWORD chunk_type, const riff_chunk_
         }
 
         ptr += sizeof(DWORD);
+        if (ptr >= end)
+            break;
         ptr += (*(const DWORD *)ptr + 1) & ~1;
         ptr += sizeof(DWORD);
     }