Index: reactos/win32ss/gdi/gdi32/objects/bitmap.c
===================================================================
--- reactos/win32ss/gdi/gdi32/objects/bitmap.c	(revision 75304)
+++ reactos/win32ss/gdi/gdi32/objects/bitmap.c	(working copy)
@@ -726,7 +726,7 @@
 
     if (!GdiGetHandleUserData(hdc, GDI_OBJECT_TYPE_DC, (PVOID) & pDc_Attr))
     {
-        SetLastError(ERROR_INVALID_PARAMETER);
+        SetLastError(ERROR_INVALID_HANDLE);
         return 0;
     }
     /*
Index: reactos/win32ss/gdi/ntgdi/dibobj.c
===================================================================
--- reactos/win32ss/gdi/ntgdi/dibobj.c	(revision 75304)
+++ reactos/win32ss/gdi/ntgdi/dibobj.c	(working copy)
@@ -1342,6 +1342,8 @@
                                &pdc->eboFill.BrushObject,
                                NULL,
                                WIN32_ROP3_TO_ENG_ROP4(dwRop));
+    if (bResult)
+        bResult = cxDst;
 
     /* Cleanup */
     DC_vFinishBlit(pdc, NULL);
@@ -1669,18 +1671,27 @@
     IN ULONG_PTR dwColorSpace,
     OUT PVOID *Bits)
 {
-    HBITMAP hbitmap = 0;
+    HBITMAP hbitmap;
     DC *dc;
     BOOL bDesktopDC = FALSE;
     NTSTATUS Status = STATUS_SUCCESS;
+    DWORD dwHeaderSize;
 
-    if (!bmi) return hbitmap; // Make sure.
+    if (!bmi || !cjHeader || (Usage != DIB_RGB_COLORS && Usage != DIB_PAL_COLORS))
+        return NULL;
 
+    if (!Bits)
+    {
+        EngSetLastError(ERROR_INVALID_PARAMETER);
+        return NULL;
+    }
+
     _SEH2_TRY
     {
         ProbeForRead(&bmi->bmiHeader.biSize, sizeof(DWORD), 1);
         ProbeForRead(bmi, bmi->bmiHeader.biSize, 1);
         ProbeForRead(bmi, DIB_BitmapInfoSize(bmi, (WORD)Usage), 1);
+        dwHeaderSize = bmi->bmiHeader.biSize;
     }
     _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
     {
@@ -1688,38 +1699,53 @@
     }
     _SEH2_END
 
+    if (dwHeaderSize != sizeof(BITMAPINFOHEADER) &&
+        dwHeaderSize != sizeof(BITMAPV4HEADER) &&
+        dwHeaderSize != sizeof(BITMAPV5HEADER) &&
+        dwHeaderSize < sizeof(BITMAPINFOHEADER) + 4)
+    {
+        return NULL;
+    }
+
     if(!NT_SUCCESS(Status))
     {
-        SetLastNtError(Status);
+        EngSetLastError(ERROR_INVALID_PARAMETER);
         return NULL;
     }
 
     // If the reference hdc is null, take the desktop dc
-    if (hDC == 0)
+    if (hDC == NULL)
     {
-        hDC = NtGdiCreateCompatibleDC(0);
+        hDC = NtGdiCreateCompatibleDC(NULL);
         bDesktopDC = TRUE;
     }
 
-    if ((dc = DC_LockDc(hDC)))
+    if (Usage == DIB_PAL_COLORS)
+        dc = DC_LockDc(hDC);
+    else
+        dc = NULL;
+
+    hbitmap = DIB_CreateDIBSection(dc,
+                                   bmi,
+                                   Usage,
+                                   Bits,
+                                   hSection,
+                                   dwOffset,
+                                   0);
+
+    if (dc)
     {
-        hbitmap = DIB_CreateDIBSection(dc,
-                                       bmi,
-                                       Usage,
-                                       Bits,
-                                       hSection,
-                                       dwOffset,
-                                       0);
         DC_UnlockDc(dc);
     }
-    else
-    {
-        EngSetLastError(ERROR_INVALID_HANDLE);
-    }
 
     if (bDesktopDC)
         NtGdiDeleteObjectApp(hDC);
 
+    if (hbitmap == NULL)
+        EngSetLastError(ERROR_INVALID_PARAMETER);
+    else if (dc == NULL)
+        EngSetLastError(ERROR_NOT_ENOUGH_MEMORY);
+
     return hbitmap;
 }