[PATCH v2 6/6] d3dx9: Secure against unsafe iface to COM object transitions.
Matteo Bruni
mbruni at codeweavers.com
Fri Mar 22 13:09:57 CDT 2019
From: Michael Stefaniuc <mstefani at winehq.org>
Signed-off-by: Michael Stefaniuc <mstefani at winehq.org>
Signed-off-by: Matteo Bruni <mbruni at codeweavers.com>
---
dlls/d3dx9_36/effect.c | 13 ++++++++++++-
1 file changed, 12 insertions(+), 1 deletion(-)
diff --git a/dlls/d3dx9_36/effect.c b/dlls/d3dx9_36/effect.c
index 433ec3bb8f3..269f75e6d04 100644
--- a/dlls/d3dx9_36/effect.c
+++ b/dlls/d3dx9_36/effect.c
@@ -1768,6 +1768,8 @@ static inline struct d3dx_effect_pool *impl_from_ID3DXEffectPool(ID3DXEffectPool
return CONTAINING_RECORD(iface, struct d3dx_effect_pool, ID3DXEffectPool_iface);
}
+static inline struct d3dx_effect_pool *unsafe_impl_from_ID3DXEffectPool(ID3DXEffectPool *iface);
+
static inline struct d3dx_effect *impl_from_ID3DXEffect(ID3DXEffect *iface)
{
return CONTAINING_RECORD(iface, struct d3dx_effect, ID3DXEffect_iface);
@@ -6164,8 +6166,8 @@ static HRESULT d3dx9_effect_init(struct d3dx_effect *effect, struct IDirect3DDev
if (pool)
{
+ effect->pool = unsafe_impl_from_ID3DXEffectPool(pool);
pool->lpVtbl->AddRef(pool);
- effect->pool = impl_from_ID3DXEffectPool(pool);
}
IDirect3DDevice9_AddRef(device);
@@ -6477,6 +6479,15 @@ static const struct ID3DXEffectPoolVtbl ID3DXEffectPool_Vtbl =
d3dx_effect_pool_Release
};
+static inline struct d3dx_effect_pool *unsafe_impl_from_ID3DXEffectPool(ID3DXEffectPool *iface)
+{
+ if (!iface)
+ return NULL;
+
+ assert(iface->lpVtbl == &ID3DXEffectPool_Vtbl);
+ return impl_from_ID3DXEffectPool(iface);
+}
+
HRESULT WINAPI D3DXCreateEffectPool(ID3DXEffectPool **pool)
{
struct d3dx_effect_pool *object;
--
2.19.2
More information about the wine-devel
mailing list