https://git.reactos.org/?p=reactos.git;a=commitdiff;h=60851914a84bf3f38a024de933579fa897c7e7c9
commit 60851914a84bf3f38a024de933579fa897c7e7c9 Author: Doug Lyons <[email protected]> AuthorDate: Sun Feb 26 13:03:53 2023 -0600 Commit: Timo Kreuzer <[email protected]> CommitDate: Mon Feb 27 22:28:41 2023 +0100 Fix ICO_ExtractIconExW causing explorer to crash when trying to display icon for bad EXE PE header. See CORE-15879 Co-authored-by: Thomas Faber <[email protected]> --- win32ss/user/user32/misc/exticon.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/win32ss/user/user32/misc/exticon.c b/win32ss/user/user32/misc/exticon.c index 09074c5c6a4..33f8f19b15f 100644 --- a/win32ss/user/user32/misc/exticon.c +++ b/win32ss/user/user32/misc/exticon.c @@ -616,6 +616,15 @@ static UINT ICO_ExtractIconExW( goto end; } +#ifdef __REACTOS__ + /* Check for boundary limit (and overflow) */ + if (((ULONG_PTR)(rootresdir + 1) < (ULONG_PTR)rootresdir) || + ((ULONG_PTR)(rootresdir + 1) > (ULONG_PTR)peimage + fsizel)) + { + goto end; + } +#endif + /* search for the group icon directory */ if (!(icongroupresdir = find_entry_by_id(rootresdir, LOWORD(RT_GROUP_ICON), rootresdir))) {
