From ffa39db8476a71ff4af64667ee02ff3026cb8c0b Mon Sep 17 00:00:00 2001
From: Patrick Dawson <pat@dw.is>
Date: Mon, 14 Nov 2022 00:47:14 +0100
Subject: Fix ICONDIR buffer overflow

---
 platform/windows/display_server_windows.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'platform/windows')

diff --git a/platform/windows/display_server_windows.cpp b/platform/windows/display_server_windows.cpp
index ec6a8d5579..af80a07da9 100644
--- a/platform/windows/display_server_windows.cpp
+++ b/platform/windows/display_server_windows.cpp
@@ -1892,7 +1892,7 @@ void DisplayServerWindows::set_native_icon(const String &p_filename) {
 	pos += sizeof(WORD);
 	f->seek(pos);
 
-	icon_dir = (ICONDIR *)memrealloc(icon_dir, 3 * sizeof(WORD) + icon_dir->idCount * sizeof(ICONDIRENTRY));
+	icon_dir = (ICONDIR *)memrealloc(icon_dir, sizeof(ICONDIR) - sizeof(ICONDIRENTRY) + icon_dir->idCount * sizeof(ICONDIRENTRY));
 	f->get_buffer((uint8_t *)&icon_dir->idEntries[0], icon_dir->idCount * sizeof(ICONDIRENTRY));
 
 	int small_icon_index = -1; // Select 16x16 with largest color count.
-- 
cgit v1.2.3