[PATCH] wined3d: Avoid potential out-of-bounds memory access in surface_cpu_blt_colour_fill().
Józef Kucia
jkucia at codeweavers.com
Wed Jan 16 08:29:34 CST 2019
Draw rects are derived from the current viewport. It is possible to produce a
clear operation with a draw rect which lies completely outside of one of render
targets in D3D9.
It seems that we never use the CPU blitter for D3D9 render target clears, so it
might not be a problem in practice.
Signed-off-by: Józef Kucia <jkucia at codeweavers.com>
---
dlls/wined3d/surface.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/dlls/wined3d/surface.c b/dlls/wined3d/surface.c
index 1b6e7a5a0654..0ee2f8266372 100644
--- a/dlls/wined3d/surface.c
+++ b/dlls/wined3d/surface.c
@@ -2970,8 +2970,8 @@ static void surface_cpu_blt_colour_fill(struct wined3d_rendertarget_view *view,
c = wined3d_format_convert_from_float(view->format, colour);
bpp = view->format->byte_count;
- w = min(box->right, view->width) - box->left;
- h = min(box->bottom, view->height) - box->top;
+ w = min(box->right, view->width) - min(box->left, view->width);
+ h = min(box->bottom, view->height) - min(box->top, view->height);
texture = texture_from_resource(view->resource);
map_binding = texture->resource.map_binding;
--
2.19.2
More information about the wine-devel
mailing list