Matteo Bruni : d3d10/effect: Validate preshader blob size for index expressions.

Alexandre Julliard julliard at winehq.org
Fri Dec 10 15:07:53 CST 2021


Module: wine
Branch: master
Commit: 921bade0da03ad28f8b843979ef9b85a3e2d604b
URL:    https://source.winehq.org/git/wine.git/?a=commit;h=921bade0da03ad28f8b843979ef9b85a3e2d604b

Author: Matteo Bruni <mbruni at codeweavers.com>
Date:   Fri Dec 10 20:03:37 2021 +0100

d3d10/effect: Validate preshader blob size for index expressions.

Signed-off-by: Matteo Bruni <mbruni at codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard at winehq.org>

---

 dlls/d3d10/effect.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/dlls/d3d10/effect.c b/dlls/d3d10/effect.c
index 190ad19a5f1..61b48cdeacb 100644
--- a/dlls/d3d10/effect.c
+++ b/dlls/d3d10/effect.c
@@ -2633,6 +2633,12 @@ static HRESULT parse_fx10_property_assignment(const char *data, size_t data_size
             data_ptr = data + code_offset;
             read_dword(&data_ptr, &blob_size);
 
+            if (!require_space(code_offset, 1, sizeof(uint32_t) + blob_size, data_size))
+            {
+                WARN("Invalid offset %#x (data size %#lx).\n", code_offset, (long)data_size);
+                return E_FAIL;
+            }
+
             dep.id = id;
             dep.idx = idx;
             dep.operation = operation;




More information about the wine-cvs mailing list