From d6d64196026221b046260d8ba24ecaca420f8d7f Mon Sep 17 00:00:00 2001
From: Marcus Meissner <marcus@jet.franken.de>
Date: Sat, 21 Jan 2006 19:23:17 +0100
Subject: [PATCH] gdi: Metafile records must be at least 3 words long.

---
 dlls/gdi/metafile.c | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/dlls/gdi/metafile.c b/dlls/gdi/metafile.c
index 80de9c7783c..96011ff05d2 100644
--- a/dlls/gdi/metafile.c
+++ b/dlls/gdi/metafile.c
@@ -419,11 +419,10 @@ BOOL MF_PlayMetaFile( HDC hdc, METAHEADER *mh)
         mr = (METARECORD *)((char *)mh + offset);
 	TRACE("offset=%04x,size=%08lx\n",
             offset, mr->rdSize);
-	if (!mr->rdSize) {
-            TRACE(
-		  "Entry got size 0 at offset %d, total mf length is %ld\n",
-		  offset,mh->mtSize*2);
-		break; /* would loop endlessly otherwise */
+	if (mr->rdSize < 3) { /* catch illegal record sizes */
+            TRACE("Entry got size %ld at offset %d, total mf length is %ld\n",
+                  mr->rdSize,offset,mh->mtSize*2);
+            break;
 	}
 	offset += mr->rdSize * 2;
 	PlayMetaFileRecord( hdc, ht, mr, mh->mtNoObjects );
-- 
2.11.4.GIT