"Lei Zhang" <[EMAIL PROTECTED]> writes: > - datalen = abs(stride * height); > + datalen = stride * height; > size = sizeof(BITMAPFILEHEADER) + sizeof(BITMAPINFOHEADER) + datalen; > + if (datalen <= 0 || size <= 0){ > + GdipFree(*bitmap); > + *bitmap = NULL; > + return InvalidParameter; > + }
Testing for overflow is a good idea, but checking for a negative result is not the right way. You can get overflow with a positive result too. -- Alexandre Julliard [EMAIL PROTECTED]