dplayx: Fix broken pointer arithmetic.
Thomas Faber
thomas.faber at reactos.org
Tue Mar 25 05:52:41 CDT 2014
The wrong size of the DPLAYX_MEM_SLICE structure will cause the shared
section to overflow if enough items are allocated.
Also clearing up the pointer math here: sizeof(DWORD) == sizeof(BOOL)
is true, but this code has no reason to make use of that.
-------------- next part --------------
From 3872063c8d2e96d72366519a8533cb8354186185 Mon Sep 17 00:00:00 2001
From: Thomas Faber <thomas.faber at reactos.org>
Date: Tue, 25 Mar 2014 11:11:25 +0100
Subject: dplayx: Fix broken pointer arithmetic.
---
dlls/dplayx/dplayx_global.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/dlls/dplayx/dplayx_global.c b/dlls/dplayx/dplayx_global.c
index 55a7386..f68cad0 100644
--- a/dlls/dplayx/dplayx_global.c
+++ b/dlls/dplayx/dplayx_global.c
@@ -84,8 +84,9 @@ static LPVOID lpSharedStaticData = NULL;
typedef struct
{
BOOL used;
- DWORD data[dwBlockSize-sizeof(DWORD)];
+ BYTE data[dwBlockSize - sizeof(BOOL)];
} DPLAYX_MEM_SLICE;
+C_ASSERT(sizeof(DPLAYX_MEM_SLICE) == dwBlockSize);
static DPLAYX_MEM_SLICE* lpMemArea;
@@ -100,7 +101,7 @@ static void DPLAYX_PrivHeapFree( LPVOID addr )
return;
}
- lpAddrStart = (char*)addr - sizeof(DWORD); /* Find block header */
+ lpAddrStart = CONTAINING_RECORD(addr, DPLAYX_MEM_SLICE, data); /* Find block header */
dwBlockUsed = ((BYTE*)lpAddrStart - (BYTE*)lpMemArea)/dwBlockSize;
lpMemArea[ dwBlockUsed ].used = FALSE;
@@ -111,10 +112,10 @@ static LPVOID DPLAYX_PrivHeapAlloc( DWORD flags, DWORD size )
LPVOID lpvArea = NULL;
UINT uBlockUsed;
- if( size > (dwBlockSize - sizeof(DWORD)) )
+ if( size > (dwBlockSize - sizeof(BOOL)) )
{
FIXME( "Size exceeded. Request of 0x%08x\n", size );
- size = dwBlockSize - sizeof(DWORD);
+ size = dwBlockSize - sizeof(BOOL);
}
/* Find blank area */
--
1.8.3.2
More information about the wine-patches
mailing list