[PATCH] d3dx9: Return correct comment length from get_instr_length().

Paul Gofman gofmanp at gmail.com
Wed Jan 9 12:11:38 CST 2019


For bug https://bugs.winehq.org/show_bug.cgi?id=46435.

Signed-off-by: Paul Gofman <gofmanp at gmail.com>
---
    It is not a regression as this code did not change since December 2017. Still
suggesting it now as the bug involves potential out of bounds (read) access and
the fix looks pretty obvious.

 dlls/d3dx9_36/shader.c       | 8 +++++---
 dlls/d3dx9_36/tests/shader.c | 1 +
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/dlls/d3dx9_36/shader.c b/dlls/d3dx9_36/shader.c
index acbbf0718a..e8ce3dd796 100644
--- a/dlls/d3dx9_36/shader.c
+++ b/dlls/d3dx9_36/shader.c
@@ -2415,18 +2415,20 @@ HRESULT WINAPI D3DXCreateTextureShader(const DWORD *function, ID3DXTextureShader
 
 static unsigned int get_instr_length(const DWORD *byte_code, unsigned int major, unsigned int minor)
 {
+    DWORD opcode = *byte_code & 0xffff;
     unsigned int len = 0;
 
+    if (opcode == D3DSIO_COMMENT)
+        return (*byte_code & D3DSI_COMMENTSIZE_MASK) >> D3DSI_COMMENTSIZE_SHIFT;
+
     if (major > 1)
         return (*byte_code & D3DSI_INSTLENGTH_MASK) >> D3DSI_INSTLENGTH_SHIFT;
 
-    switch (*byte_code & 0xffff)
+    switch (opcode)
     {
         case D3DSIO_END:
             ERR("Unexpected END token.\n");
             return 0;
-        case D3DSIO_COMMENT:
-            return (*byte_code & D3DSI_COMMENTSIZE_MASK) >> D3DSI_COMMENTSIZE_SHIFT;
         case D3DSIO_DEF:
         case D3DSIO_DEFI:
             return 5;
diff --git a/dlls/d3dx9_36/tests/shader.c b/dlls/d3dx9_36/tests/shader.c
index 1086e5e9d6..b67ffb209c 100644
--- a/dlls/d3dx9_36/tests/shader.c
+++ b/dlls/d3dx9_36/tests/shader.c
@@ -6457,6 +6457,7 @@ static void test_shader_semantics(void)
     vs_3_0[] =
     {
         0xfffe0300,                         /* vs_3_0 */
+        0x0002fffe, 0x0200000f, 0x00000000, /* comment */
         0x0200001f, 0x80000000, 0x900f0000, /* dcl_position v0 */
         0x0200001f, 0x80000003, 0x900f0001, /* dcl_normal v1 */
         0x0200001f, 0x8001000a, 0x900f0002, /* dcl_color1 v2 */
-- 
2.20.1




More information about the wine-devel mailing list