Henri Verbeet : d3d10: Validate the base offset in parse_fx10_body() (AFL) .
Alexandre Julliard
julliard at winehq.org
Fri May 27 09:42:32 CDT 2016
Module: wine
Branch: master
Commit: 200bfa97a8f86cea9197b1c6a6f5a26225ecaca2
URL: http://source.winehq.org/git/wine.git/?a=commit;h=200bfa97a8f86cea9197b1c6a6f5a26225ecaca2
Author: Henri Verbeet <hverbeet at codeweavers.com>
Date: Thu May 26 19:36:56 2016 +0200
d3d10: Validate the base offset in parse_fx10_body() (AFL).
Signed-off-by: Henri Verbeet <hverbeet at codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard at winehq.org>
---
dlls/d3d10/effect.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/dlls/d3d10/effect.c b/dlls/d3d10/effect.c
index 2eb0680..2adbc08 100644
--- a/dlls/d3d10/effect.c
+++ b/dlls/d3d10/effect.c
@@ -2104,10 +2104,17 @@ static void d3d10_effect_type_destroy(struct wine_rb_entry *entry, void *context
static HRESULT parse_fx10_body(struct d3d10_effect *e, const char *data, DWORD data_size)
{
- const char *ptr = data + e->index_offset;
+ const char *ptr;
unsigned int i;
HRESULT hr;
+ if (e->index_offset >= data_size)
+ {
+ WARN("Invalid index offset %#x (data size %#x).\n", e->index_offset, data_size);
+ return E_FAIL;
+ }
+ ptr = data + e->index_offset;
+
if (!(e->local_buffers = d3d10_calloc(e->local_buffer_count, sizeof(*e->local_buffers))))
{
ERR("Failed to allocate local buffer memory.\n");
More information about the wine-cvs
mailing list