dplayx: Fix broken pointer arithmetic.

[Thomas Faber]

The wrong size of the DPLAYX_MEM_SLICE structure will cause the shared
section to overflow if enough items are allocated.

Also clearing up the pointer math here: sizeof(DWORD) == sizeof(BOOL)
is true, but this code has no reason to make use of that.
-------------- next part --------------
From 3872063c8d2e96d72366519a8533cb8354186185 Mon Sep 17 00:00:00 2001
From: Thomas Faber <thomas.faber at reactos.org>
Date: Tue, 25 Mar 2014 11:11:25 +0100
Subject: dplayx: Fix broken pointer arithmetic.

---
 dlls/dplayx/dplayx_global.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/dlls/dplayx/dplayx_global.c b/dlls/dplayx/dplayx_global.c
index 55a7386..f68cad0 100644
--- a/dlls/dplayx/dplayx_global.c
+++ b/dlls/dplayx/dplayx_global.c
@@ -84,8 +84,9 @@ static LPVOID lpSharedStaticData = NULL;
 typedef struct
 {
   BOOL used;
-  DWORD data[dwBlockSize-sizeof(DWORD)];
+  BYTE data[dwBlockSize - sizeof(BOOL)];
 } DPLAYX_MEM_SLICE;
+C_ASSERT(sizeof(DPLAYX_MEM_SLICE) == dwBlockSize);
 
 static DPLAYX_MEM_SLICE* lpMemArea;
 
@@ -100,7 +101,7 @@ static void DPLAYX_PrivHeapFree( LPVOID addr )
     return;
   }
 
-  lpAddrStart = (char*)addr - sizeof(DWORD); /* Find block header */
+  lpAddrStart = CONTAINING_RECORD(addr, DPLAYX_MEM_SLICE, data); /* Find block header */
   dwBlockUsed =  ((BYTE*)lpAddrStart - (BYTE*)lpMemArea)/dwBlockSize;
 
   lpMemArea[ dwBlockUsed ].used = FALSE;
@@ -111,10 +112,10 @@ static LPVOID DPLAYX_PrivHeapAlloc( DWORD flags, DWORD size )
   LPVOID lpvArea = NULL;
   UINT   uBlockUsed;
 
-  if( size > (dwBlockSize - sizeof(DWORD)) )
+  if( size > (dwBlockSize - sizeof(BOOL)) )
   {
     FIXME( "Size exceeded. Request of 0x%08x\n", size );
-    size = dwBlockSize - sizeof(DWORD);
+    size = dwBlockSize - sizeof(BOOL);
   }
 
   /* Find blank area */
-- 
1.8.3.2