Posted by jpluimers on 2014/08/19
Since this did not make it to DelphiFeeds yet: I’ve seen the function PaletteFromDIBColorTable in Graphics.pas go back as far at least until Delphi 2006, and references on the web as far back as Delphi 4.
So: this bug is old, but as it is a security one, make sure you patch soon.
For Delphi XE6, download 29913 BMP Buffer Overflow hotfix – Delphi, C++Builder, RAD Studio XE6.
For older Delphi versions, read this piece that was adapted from the EDN article Delphi and C++ Builder VCL Library Buffer Overflow:
For users of prior versions of Delphi and C++Builder: these steps should be followed to modify the VCL source code and add it to your application.
For each application:
- Add the modified Edit Vcl.Graphics.pas or Graphics.pas or Borland.Vcl.Graphics.pas to your project
- For C++Builder: Under Project | Options | Packages | Runtime Packages, set “Link with runtime packages” to false
- Rebuild your application
Once for the native VCL and .NET VCL:
- Note: Variable names and scoping might be slightly different depending on your product version.
- Edit Vcl.Graphics.pas or Graphics.pas or Borland.Vcl.Graphics.pas
- Locate the function PaletteFromDIBColorTable.
- Add the following code just before the line assigning a value to Pal.palNumEntries when the DIBHandle = 0
if ColorCount > 256 then
InvalidGraphic{$IFNDEF CLR}@{$ENDIF}SInvalidBitmap;;
–jeroen
via Delphi and C++ Builder VCL Library Buffer Overflow.
Posted in Delphi, Delphi 2005, Delphi 2006, Delphi 2007, Delphi 2009, Delphi 2010, Delphi 4, Delphi 5, Delphi 6, Delphi 7, Delphi 8, Delphi x64, Delphi XE, Delphi XE2, Delphi XE3, Delphi XE4, Delphi XE5, Delphi XE6, Development, Software Development | Tagged: Buffer Overflow, Delphi, Delphi versions, vcl | 5 Comments »
Posted by jpluimers on 2013/05/01
This is more elaborate English version of a short Dutch message I recently sent to explain the differences between VCL and FMX:
Do not regard FMX as a replacement for VCL: they are different kinds of frameworks.
VCL is a wrapper around Windows Controls. In itself, it has not much functionality: it exposes the underlying Windows functionality. The exception are data aware controls that provide basic functionality for writing data aware applications. There is a huge 3rd party market for extending VCL support, for instance providing extra Windows functionality, enriching data aware behaviour (look at all those fancy data aware grids), and many more.
FMX is the FireMonkey X-platform framework. Major functionalities are vector based 2D, 3D drawing and controls, and support for styles and composition.
When introducing FMX in Delphi XE2, Embarcadero also introduced a new way of data binding that is shared with FMX and VCL. FMX extends this a bit to some basic data aware controls.
Gone are most of the platform specific features like drag & drop, full blown Windows Shell ListViews, etc. There are some controls that manifests themselves differently on each supported platform (like Pickers), but most of that is currently left to the 3rd party FMX component market.
So if you want FMX to replace VCL, then be prepared for quite some shopping in the 3rd party market.
CLX tried to be a full blown cross platform VCL replacement, but that didn’t work very well.
–jeroen
Posted in Delphi, Delphi XE2, Delphi XE3, Delphi XE4, Development, FireMonkey, OS X FMX, Software Development | Tagged: component market, data binding, fmx, software, technology, vcl, windows controls | 1 Comment »
The Wiert Corner - irregular stream of stuff 