Jonathan Liu : wined3d: Avoid wined3d_ftoa buffer overflow.
Alexandre Julliard
julliard at winehq.org
Tue Jan 14 13:44:59 CST 2014
Module: wine
Branch: master
Commit: 91c5cf33adfa000fe1376ff2ca58d320bbcb95d0
URL: http://source.winehq.org/git/wine.git/?a=commit;h=91c5cf33adfa000fe1376ff2ca58d320bbcb95d0
Author: Jonathan Liu <net147 at gmail.com>
Date: Tue Jan 14 21:45:42 2014 +1100
wined3d: Avoid wined3d_ftoa buffer overflow.
---
dlls/wined3d/arb_program_shader.c | 6 +++---
dlls/wined3d/glsl_shader.c | 4 ++--
dlls/wined3d/utils.c | 3 +++
3 files changed, 8 insertions(+), 5 deletions(-)
diff --git a/dlls/wined3d/arb_program_shader.c b/dlls/wined3d/arb_program_shader.c
index ff4345f..0866820 100644
--- a/dlls/wined3d/arb_program_shader.c
+++ b/dlls/wined3d/arb_program_shader.c
@@ -767,7 +767,7 @@ static void shader_arb_update_float_pixel_constants(struct wined3d_device *devic
static void shader_arb_append_imm_vec4(struct wined3d_shader_buffer *buffer, const float *values)
{
- char str[4][16];
+ char str[4][17];
wined3d_ftoa(values[0], str[0]);
wined3d_ftoa(values[1], str[1]);
@@ -3605,7 +3605,7 @@ static GLuint shader_arb_generate_pshader(const struct wined3d_shader *shader,
BOOL custom_linear_fog = FALSE;
char srgbtmp[4][4];
- char ftoa_tmp[16];
+ char ftoa_tmp[17];
unsigned int i, found = 0;
for (i = 0, map = reg_maps->temporary; map; map >>= 1, ++i)
@@ -4220,7 +4220,7 @@ static GLuint shader_arb_generate_vshader(const struct wined3d_shader *shader,
shader_addline(buffer, "TEMP TMP_FOGCOORD;\n");
if (need_helper_const(shader_data, reg_maps, gl_info))
{
- char ftoa_tmp[16];
+ char ftoa_tmp[17];
wined3d_ftoa(eps, ftoa_tmp);
shader_addline(buffer, "PARAM helper_const = { 0.0, 1.0, 2.0, %s};\n", ftoa_tmp);
}
diff --git a/dlls/wined3d/glsl_shader.c b/dlls/wined3d/glsl_shader.c
index 351742b..32ad9e7 100644
--- a/dlls/wined3d/glsl_shader.c
+++ b/dlls/wined3d/glsl_shader.c
@@ -250,7 +250,7 @@ static const char *shader_glsl_get_prefix(enum wined3d_shader_type type)
static void shader_glsl_append_imm_vec4(struct wined3d_shader_buffer *buffer, const float *values)
{
- char str[4][16];
+ char str[4][17];
wined3d_ftoa(values[0], str[0]);
wined3d_ftoa(values[1], str[1]);
@@ -1415,7 +1415,7 @@ static void shader_glsl_get_register_name(const struct wined3d_shader_register *
const struct wined3d_gl_info *gl_info = ins->ctx->gl_info;
const char *prefix = shader_glsl_get_prefix(version->type);
struct glsl_src_param rel_param0, rel_param1;
- char imm_str[4][16];
+ char imm_str[4][17];
if (reg->idx[0].offset != ~0U && reg->idx[0].rel_addr)
shader_glsl_add_src_param(ins, reg->idx[0].rel_addr, WINED3DSP_WRITEMASK_0, &rel_param0);
diff --git a/dlls/wined3d/utils.c b/dlls/wined3d/utils.c
index 54eb988..fa72a07 100644
--- a/dlls/wined3d/utils.c
+++ b/dlls/wined3d/utils.c
@@ -3814,6 +3814,9 @@ void wined3d_ftoa(float value, char *s)
if (copysignf(1.0f, value) < 0.0f)
++idx;
+ /* Be sure to allocate a buffer of at least 17 characters for the result
+ as sprintf may return a 3 digit exponent when using the MSVC runtime
+ instead of a 2 digit exponent. */
sprintf(s, "%.8e", value);
if (isfinite(value))
s[idx] = '.';
More information about the wine-cvs
mailing list