From eb69fa7e73f00238bd909985a2507c5ba46b6b78 Mon Sep 17 00:00:00 2001
From: Sven Baars <sven.wine@gmail.com>
Date: Sun, 2 Jun 2019 16:21:38 +0200
Subject: [PATCH] msvfw32: Fix copying of a BITMAPINFO structure (Valgrind).

Signed-off-by: Sven Baars <sven.wine@gmail.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
---
 dlls/msvfw32/msvideo_main.c | 26 +++++++++++++++++++++++---
 1 file changed, 23 insertions(+), 3 deletions(-)

diff --git a/dlls/msvfw32/msvideo_main.c b/dlls/msvfw32/msvideo_main.c
index fe140b279ae..346dbade43a 100644
--- a/dlls/msvfw32/msvideo_main.c
+++ b/dlls/msvfw32/msvideo_main.c
@@ -1506,6 +1506,28 @@ void VFWAPI ICSeqCompressFrameEnd(PCOMPVARS pc)
     clear_compvars(pc);
 }
 
+static BITMAPINFO *copy_bitmapinfo(const BITMAPINFO *src)
+{
+    int num_colors;
+    unsigned int size;
+    BITMAPINFO *dst;
+
+    if (src->bmiHeader.biClrUsed)
+        num_colors = min(src->bmiHeader.biClrUsed, 256);
+    else
+        num_colors = src->bmiHeader.biBitCount > 8 ? 0 : 1 << src->bmiHeader.biBitCount;
+
+    size = FIELD_OFFSET(BITMAPINFO, bmiColors[num_colors]);
+    if (src->bmiHeader.biCompression == BI_BITFIELDS)
+        size += 3 * sizeof(DWORD);
+
+    if (!(dst = heap_alloc(size)))
+        return NULL;
+
+    memcpy(dst, src, size);
+    return dst;
+}
+
 /***********************************************************************
  *      ICSeqCompressFrameStart [MSVFW32.@]
  */
@@ -1517,11 +1539,9 @@ BOOL VFWAPI ICSeqCompressFrameStart(PCOMPVARS pc, LPBITMAPINFO lpbiIn)
     DWORD ret;
     ICCOMPRESS* icComp;
 
-    if (!(pc->lpbiIn = heap_alloc(sizeof(BITMAPINFO))))
+    if (!(pc->lpbiIn = copy_bitmapinfo(lpbiIn)))
         return FALSE;
 
-    *pc->lpbiIn = *lpbiIn;
-
     if (!(pc->lpState = heap_alloc(sizeof(ICCOMPRESS) + sizeof(*icComp->lpckid) + sizeof(*icComp->lpdwFlags))))
         goto error;