Since this did not make it to DelphiFeeds yet: I’ve seen the function PaletteFromDIBColorTable in Graphics.pas go back as far at least until Delphi 2006, and references on the web as far back as Delphi 4.
So: this bug is old, but as it is a security one, make sure you patch soon.
For Delphi XE6, download 29913 BMP Buffer Overflow hotfix – Delphi, C++Builder, RAD Studio XE6.
For older Delphi versions, read this piece that was adapted from the EDN article Delphi and C++ Builder VCL Library Buffer Overflow:
For users of prior versions of Delphi and C++Builder: these steps should be followed to modify the VCL source code and add it to your application.
For each application:
- Add the modified Edit Vcl.Graphics.pas or Graphics.pas or Borland.Vcl.Graphics.pas to your project
- For C++Builder: Under Project | Options | Packages | Runtime Packages, set “Link with runtime packages” to false
- Rebuild your application
Once for the native VCL and .NET VCL:
- Note: Variable names and scoping might be slightly different depending on your product version.
- Edit Vcl.Graphics.pas or Graphics.pas or Borland.Vcl.Graphics.pas
- Locate the function PaletteFromDIBColorTable.
- Add the following code just before the line assigning a value to Pal.palNumEntries when the DIBHandle = 0
if ColorCount > 256 then InvalidGraphic{$IFNDEF CLR}@{$ENDIF}SInvalidBitmap;;
–jeroen
via Delphi and C++ Builder VCL Library Buffer Overflow.
The Wiert Corner - irregular stream of stuff 