Dylan Smith : d3dxof: Add missing checks for remaining bytes during parsing .

Alexandre Julliard julliard at winehq.org
Thu Apr 21 11:17:48 CDT 2011 

Module: wine
Branch: master
Commit: 555fe78766028c8c6cbdcf47135af94c45be38f7
URL:    http://source.winehq.org/git/wine.git/?a=commit;h=555fe78766028c8c6cbdcf47135af94c45be38f7

Author: Dylan Smith <dylan.ah.smith at gmail.com>
Date:   Wed Apr 20 16:20:01 2011 -0400

d3dxof: Add missing checks for remaining bytes during parsing.

---

 dlls/d3dxof/parsing.c |   10 +++++-----
 1 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/dlls/d3dxof/parsing.c b/dlls/d3dxof/parsing.c
index 0acb7d6..038486a 100644
--- a/dlls/d3dxof/parsing.c
+++ b/dlls/d3dxof/parsing.c
@@ -337,7 +337,7 @@ static BOOL is_guid(parse_buffer* buf)
   DWORD tab[10];
   int ret;
 
-  if (*buf->buffer != '<')
+  if (buf->rem_bytes < 38 || *buf->buffer != '<')
     return FALSE;
   tmp[0] = '<';
   while (*(buf->buffer+pos) != '>')
@@ -385,7 +385,7 @@ static BOOL is_name(parse_buffer* buf)
   DWORD pos = 0;
   char c;
   BOOL error = 0;
-  while (!is_separator(c = *(buf->buffer+pos)))
+  while (pos < buf->rem_bytes && !is_separator(c = *(buf->buffer+pos)))
   {
     if (!(((c >= 'a') && (c <= 'z')) || ((c >= 'A') && (c <= 'Z')) || ((c >= '0') && (c <= '9')) || (c == '_') || (c == '-')))
       error = 1;
@@ -416,7 +416,7 @@ static BOOL is_float(parse_buffer* buf)
   float decimal;
   BOOL dot = 0;
 
-  while (!is_separator(c = *(buf->buffer+pos)))
+  while (pos < buf->rem_bytes && !is_separator(c = *(buf->buffer+pos)))
   {
     if (!((!pos && (c == '-')) || ((c >= '0') && (c <= '9')) || (!dot && (c == '.'))))
       return FALSE;
@@ -445,7 +445,7 @@ static BOOL is_integer(parse_buffer* buf)
   char c;
   DWORD integer;
 
-  while (!is_separator(c = *(buf->buffer+pos)))
+  while (pos < buf->rem_bytes && !is_separator(c = *(buf->buffer+pos)))
   {
     if (!((c >= '0') && (c <= '9')))
       return FALSE;
@@ -475,7 +475,7 @@ static BOOL is_string(parse_buffer* buf)
   if (*buf->buffer != '"')
     return FALSE;
 
-  while (!is_operator(c = *(buf->buffer+pos+1)) && (pos < 99))
+  while (pos < buf->rem_bytes && !is_operator(c = *(buf->buffer+pos+1)) && (pos < 99))
   {
     if (c == '"')
     {

More information about the wine-cvs mailing list