=?UTF-8?Q?J=C3=B3zef=20Kucia=20?=: libs/vkd3d-shader: Validate DXBC data size.

Alexandre Julliard julliard at winehq.org
Wed Apr 11 11:58:36 CDT 2018 

Module: vkd3d
Branch: master
Commit: 6a1b3a3fb594fe7eeedef18541a50d679c60104d
URL:    https://source.winehq.org/git/vkd3d.git/?a=commit;h=6a1b3a3fb594fe7eeedef18541a50d679c60104d

Author: Józef Kucia <jkucia at codeweavers.com>
Date:   Wed Apr 11 13:21:41 2018 +0200

libs/vkd3d-shader: Validate DXBC data size.

Signed-off-by: Józef Kucia <jkucia at codeweavers.com>
Signed-off-by: Henri Verbeet <hverbeet at codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard at winehq.org>

---

 libs/vkd3d-shader/dxbc.c                 | 12 +++++++++---
 libs/vkd3d-shader/vkd3d_shader_private.h |  1 +
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/libs/vkd3d-shader/dxbc.c b/libs/vkd3d-shader/dxbc.c
index 49e2c50..0b5c3cf 100644
--- a/libs/vkd3d-shader/dxbc.c
+++ b/libs/vkd3d-shader/dxbc.c
@@ -1808,7 +1808,7 @@ static const char *shader_get_string(const char *data, size_t data_size, DWORD o
     return data + offset;
 }
 
-static int parse_dxbc(const char *data, SIZE_T data_size,
+static int parse_dxbc(const char *data, size_t data_size,
         int (*chunk_handler)(const char *data, DWORD data_size, DWORD tag, void *ctx), void *ctx)
 {
     const char *ptr = data;
@@ -1819,6 +1819,12 @@ static int parse_dxbc(const char *data, SIZE_T data_size,
     DWORD version;
     DWORD tag;
 
+    if (data_size < VKD3D_DXBC_HEADER_SIZE)
+    {
+        WARN("Invalid data size %zu.\n", data_size);
+        return VKD3D_ERROR_INVALID_ARGUMENT;
+    }
+
     read_dword(&ptr, &tag);
     TRACE("tag: %#x.\n", tag);
 
@@ -1856,7 +1862,7 @@ static int parse_dxbc(const char *data, SIZE_T data_size,
 
         if (chunk_offset >= data_size || !require_space(chunk_offset, 2, sizeof(DWORD), data_size))
         {
-            WARN("Invalid chunk offset %#x (data size %#lx).\n", chunk_offset, data_size);
+            WARN("Invalid chunk offset %#x (data size %zu).\n", chunk_offset, data_size);
             return VKD3D_ERROR_INVALID_ARGUMENT;
         }
 
@@ -1867,7 +1873,7 @@ static int parse_dxbc(const char *data, SIZE_T data_size,
 
         if (!require_space(chunk_ptr - data, 1, chunk_size, data_size))
         {
-            WARN("Invalid chunk size %#x (data size %#lx, chunk offset %#x).\n",
+            WARN("Invalid chunk size %#x (data size %zu, chunk offset %#x).\n",
                     chunk_size, data_size, chunk_offset);
             return VKD3D_ERROR_INVALID_ARGUMENT;
         }
diff --git a/libs/vkd3d-shader/vkd3d_shader_private.h b/libs/vkd3d-shader/vkd3d_shader_private.h
index 9c43a46..04e6b09 100644
--- a/libs/vkd3d-shader/vkd3d_shader_private.h
+++ b/libs/vkd3d-shader/vkd3d_shader_private.h
@@ -858,5 +858,6 @@ static inline unsigned int vkd3d_swizzle_get_component(DWORD swizzle,
 }
 
 #define VKD3D_DXBC_MAX_SOURCE_COUNT 6
+#define VKD3D_DXBC_HEADER_SIZE (8 * sizeof(uint32_t))
 
 #endif  /* __VKD3D_SHADER_PRIVATE_H */

More information about the wine-cvs mailing list