[PATCH] d3dxof: Increase MAX_SUBOBJECTS and do the corresponding checks at the right place

Christian Costa titan.costa at wanadoo.fr
Mon Mar 22 03:27:55 CDT 2010


--
Fix bug 17359
---

 dlls/d3dxof/d3dxof.c         |    7 -------
 dlls/d3dxof/d3dxof_private.h |    2 +-
 dlls/d3dxof/parsing.c        |   14 ++++++++++++++
 3 files changed, 15 insertions(+), 8 deletions(-)
-------------- next part --------------
diff --git a/dlls/d3dxof/d3dxof.c b/dlls/d3dxof/d3dxof.c
index b8c85e0..507664f 100644
--- a/dlls/d3dxof/d3dxof.c
+++ b/dlls/d3dxof/d3dxof.c
@@ -1104,13 +1104,6 @@ static HRESULT WINAPI IDirectXFileEnumObjectImpl_GetNextDataObject(IDirectXFileE
     goto error;
   }
 
-  if (This->buf.pxo->nb_subobjects > MAX_SUBOBJECTS)
-  {
-    FIXME("Too many subobjects %d\n", This->buf.pxo->nb_subobjects);
-    hr = DXFILEERR_BADALLOC;
-    goto error;
-  }
-
   object->pstrings = pstrings;
   object->pobj = This->buf.pxo;
   object->cur_enum_object = 0;
diff --git a/dlls/d3dxof/d3dxof_private.h b/dlls/d3dxof/d3dxof_private.h
index 8f3b53e..a8534ac 100644
--- a/dlls/d3dxof/d3dxof_private.h
+++ b/dlls/d3dxof/d3dxof_private.h
@@ -39,7 +39,7 @@
 #define MAX_CHILDS 100
 #define MAX_TEMPLATES 200
 #define MAX_OBJECTS 500
-#define MAX_SUBOBJECTS 500
+#define MAX_SUBOBJECTS 2000
 #define MAX_STRINGS_BUFFER 10000
 
 typedef struct {
diff --git a/dlls/d3dxof/parsing.c b/dlls/d3dxof/parsing.c
index c2ffdff..c45fcd0 100644
--- a/dlls/d3dxof/parsing.c
+++ b/dlls/d3dxof/parsing.c
@@ -1212,6 +1212,13 @@ _exit:
           ERR("Reference to unknown object %s\n", (char*)buf->value);
           return FALSE;
         }
+
+        if (buf->pxo->root->nb_subobjects >= MAX_SUBOBJECTS)
+        {
+            FIXME("Too many sub-objects\n");
+            return FALSE;
+        }
+
         buf->pxo->childs[buf->pxo->nb_childs] = &buf->pxo_tab[buf->pxo->root->nb_subobjects++];
         buf->pxo->childs[buf->pxo->nb_childs]->ptarget = &(buf->pxo_globals[i])[j];
         buf->pxo->nb_childs++;
@@ -1219,6 +1226,13 @@ _exit:
       else if (check_TOKEN(buf) == TOKEN_NAME)
       {
         xobject* pxo = buf->pxo;
+
+        if (buf->pxo->root->nb_subobjects >= MAX_SUBOBJECTS)
+        {
+            FIXME("Too many sub-objects\n");
+            return FALSE;
+        }
+
         buf->pxo = buf->pxo->childs[buf->pxo->nb_childs] = &buf->pxo_tab[buf->pxo->root->nb_subobjects++];
 
         TRACE("Enter optional %s\n", (char*)buf->value);


More information about the wine-patches mailing list