Since this did not make it to DelphiFeeds yet: I’ve seen the function PaletteFromDIBColorTable in Graphics.pas go back as far at least until Delphi 2006, and references on the web as far back as Delphi 4.
So: this bug is old, but as it is a security one, make sure you patch soon.
For Delphi XE6, download 29913 BMP Buffer Overflow hotfix – Delphi, C++Builder, RAD Studio XE6.
For older Delphi versions, read this piece that was adapted from the EDN article Delphi and C++ Builder VCL Library Buffer Overflow:
For users of prior versions of Delphi and C++Builder: these steps should be followed to modify the VCL source code and add it to your application.
For each application:
- Add the modified Edit Vcl.Graphics.pas or Graphics.pas or Borland.Vcl.Graphics.pas to your project
- For C++Builder: Under Project | Options | Packages | Runtime Packages, set “Link with runtime packages” to false
- Rebuild your application
Once for the native VCL and .NET VCL:
- Note: Variable names and scoping might be slightly different depending on your product version.
- Edit Vcl.Graphics.pas or Graphics.pas or Borland.Vcl.Graphics.pas
- Locate the function PaletteFromDIBColorTable.
- Add the following code just before the line assigning a value to Pal.palNumEntries when the DIBHandle = 0
if ColorCount > 256 then InvalidGraphic{$IFNDEF CLR}@{$ENDIF}SInvalidBitmap;;
–jeroen
via Delphi and C++ Builder VCL Library Buffer Overflow.
Filed under: Delphi, Delphi 2005, Delphi 2006, Delphi 2007, Delphi 2009, Delphi 2010, Delphi 4, Delphi 5, Delphi 6, Delphi 7, Delphi 8, Delphi x64, Delphi XE, Delphi XE2, Delphi XE3, Delphi XE4, Delphi XE5, Delphi XE6, Development, Software Development Tagged: Buffer Overflow, Delphi, Delphi versions, vcl
