[PATCH 6/6] d3dx9: Secure against unsafe iface to COM object transitions
Michael Stefaniuc
mstefani at winehq.org
Fri Mar 22 02:47:30 CDT 2019
Signed-off-by: Michael Stefaniuc <mstefani at winehq.org>
---
dlls/d3dx9_36/effect.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/dlls/d3dx9_36/effect.c b/dlls/d3dx9_36/effect.c
index 8152362170..2443c20a63 100644
--- a/dlls/d3dx9_36/effect.c
+++ b/dlls/d3dx9_36/effect.c
@@ -1763,6 +1763,8 @@ static inline struct d3dx_effect_pool *impl_from_ID3DXEffectPool(ID3DXEffectPool
return CONTAINING_RECORD(iface, struct d3dx_effect_pool, ID3DXEffectPool_iface);
}
+static inline struct d3dx_effect_pool *unsafe_impl_from_ID3DXEffectPool(ID3DXEffectPool *iface);
+
static inline struct d3dx_effect *impl_from_ID3DXEffect(ID3DXEffect *iface)
{
return CONTAINING_RECORD(iface, struct d3dx_effect, ID3DXEffect_iface);
@@ -6162,7 +6164,7 @@ static HRESULT d3dx9_effect_init(struct d3dx_effect *effect, struct IDirect3DDev
if (pool)
{
pool->lpVtbl->AddRef(pool);
- effect->pool = impl_from_ID3DXEffectPool(pool);
+ effect->pool = unsafe_impl_from_ID3DXEffectPool(pool);
}
IDirect3DDevice9_AddRef(device);
@@ -6474,6 +6476,14 @@ static const struct ID3DXEffectPoolVtbl ID3DXEffectPool_Vtbl =
d3dx_effect_pool_Release
};
+static inline struct d3dx_effect_pool *unsafe_impl_from_ID3DXEffectPool(ID3DXEffectPool *iface)
+{
+ if (!iface || iface->lpVtbl != &ID3DXEffectPool_Vtbl)
+ return NULL;
+
+ return impl_from_ID3DXEffectPool(iface);
+}
+
HRESULT WINAPI D3DXCreateEffectPool(ID3DXEffectPool **pool)
{
struct d3dx_effect_pool *object;
--
2.20.1
More information about the wine-devel
mailing list