"Lei Zhang" <[EMAIL PROTECTED]> writes:
> - datalen = abs(stride * height);
> + datalen = stride * height;
> size = sizeof(BITMAPFILEHEADER) + sizeof(BITMAPINFOHEADER) + datalen;
> + if (datalen <= 0 || size <= 0){
> + GdipFree(*bitmap);
> + *bitmap = NULL;
> + return InvalidParameter;
> + }Testing for overflow is a good idea, but checking for a negative result is not the right way. You can get overflow with a positive result too. -- Alexandre Julliard [EMAIL PROTECTED]
