[PATCH 01/12] msacm32: Add more invalid parameter checks for acmFormatEnum().
Zebediah Figura
z.figura12 at gmail.com
Tue Jun 6 15:14:50 CDT 2017
Signed-off-by: Zebediah Figura <z.figura12 at gmail.com>
---
dlls/msacm32/format.c | 19 ++++++++++++++++++-
dlls/msacm32/tests/msacm.c | 36 ++++++++++++++++++++++++++++++++----
2 files changed, 50 insertions(+), 5 deletions(-)
diff --git a/dlls/msacm32/format.c b/dlls/msacm32/format.c
index 3f3ee5492d..70fe9f0d1b 100644
--- a/dlls/msacm32/format.c
+++ b/dlls/msacm32/format.c
@@ -492,13 +492,16 @@ MMRESULT WINAPI acmFormatEnumA(HACMDRIVER had, PACMFORMATDETAILSA pafda,
if (!pafda)
return MMSYSERR_INVALPARAM;
+ if (!fnCallback)
+ return MMSYSERR_INVALPARAM;
+
if (pafda->cbStruct < sizeof(*pafda))
return MMSYSERR_INVALPARAM;
- memset(&afdw, 0, sizeof(afdw));
afdw.cbStruct = sizeof(afdw);
afdw.dwFormatIndex = pafda->dwFormatIndex;
afdw.dwFormatTag = pafda->dwFormatTag;
+ afdw.fdwSupport = pafda->fdwSupport;
afdw.pwfx = pafda->pwfx;
afdw.cbwfx = pafda->cbwfx;
@@ -613,6 +616,7 @@ MMRESULT WINAPI acmFormatEnumW(HACMDRIVER had, PACMFORMATDETAILSW pafd,
PWINE_ACMDRIVERID padid;
WAVEFORMATEX wfxRef;
BOOL ret;
+ DWORD cbwfxMax;
TRACE("(%p, %p, %p, %ld, %d)\n",
had, pafd, fnCallback, dwInstance, fdwEnum);
@@ -620,9 +624,18 @@ MMRESULT WINAPI acmFormatEnumW(HACMDRIVER had, PACMFORMATDETAILSW pafd,
if (!pafd)
return MMSYSERR_INVALPARAM;
+ if (!fnCallback)
+ return MMSYSERR_INVALPARAM;
+
if (pafd->cbStruct < sizeof(*pafd))
return MMSYSERR_INVALPARAM;
+ if (pafd->fdwSupport)
+ return MMSYSERR_INVALPARAM;
+
+ if (!pafd->pwfx)
+ return MMSYSERR_INVALPARAM;
+
if (fdwEnum & (ACM_FORMATENUMF_WFORMATTAG|ACM_FORMATENUMF_NCHANNELS|
ACM_FORMATENUMF_NSAMPLESPERSEC|ACM_FORMATENUMF_WBITSPERSAMPLE|
ACM_FORMATENUMF_CONVERT|ACM_FORMATENUMF_SUGGEST))
@@ -639,6 +652,10 @@ MMRESULT WINAPI acmFormatEnumW(HACMDRIVER had, PACMFORMATDETAILSW pafd,
if (fdwEnum & (ACM_FORMATENUMF_CONVERT|ACM_FORMATENUMF_INPUT|ACM_FORMATENUMF_OUTPUT))
FIXME("Unsupported fdwEnum values %08x\n", fdwEnum);
+ acmMetrics((HACMOBJ)had, ACM_METRIC_MAX_SIZE_FORMAT, &cbwfxMax);
+ if (pafd->cbwfx < cbwfxMax)
+ return MMSYSERR_INVALPARAM;
+
if (had) {
HACMDRIVERID hadid;
diff --git a/dlls/msacm32/tests/msacm.c b/dlls/msacm32/tests/msacm.c
index 6e79f4677f..f5ab168290 100644
--- a/dlls/msacm32/tests/msacm.c
+++ b/dlls/msacm32/tests/msacm.c
@@ -330,12 +330,10 @@ static BOOL CALLBACK DriverEnumProc(HACMDRIVERID hadid,
"acmFormatEnumA(): rc = %08x, should be %08x\n",
rc, MMSYSERR_INVALPARAM);
- if (dwSize < sizeof(WAVEFORMATEX))
- dwSize = sizeof(WAVEFORMATEX);
-
pwfx = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, dwSize);
- pwfx->cbSize = LOWORD(dwSize) - sizeof(WAVEFORMATEX);
+ if (dwSize >= sizeof(WAVEFORMATEX))
+ pwfx->cbSize = LOWORD(dwSize) - sizeof(WAVEFORMATEX);
pwfx->wFormatTag = WAVE_FORMAT_UNKNOWN;
fd.cbStruct = sizeof(fd);
@@ -343,6 +341,36 @@ static BOOL CALLBACK DriverEnumProc(HACMDRIVERID hadid,
fd.cbwfx = dwSize;
fd.dwFormatTag = WAVE_FORMAT_UNKNOWN;
+ /* try bad callback */
+ rc = acmFormatEnumA(had, &fd, NULL, 0, 0);
+ ok(rc == MMSYSERR_INVALPARAM,
+ "acmFormatEnumA(): rc = %08x, should be %08x\n",
+ rc, MMSYSERR_INVALPARAM);
+
+ /* try bad pwfx */
+ fd.pwfx = NULL;
+ rc = acmFormatEnumA(had, &fd, FormatEnumProc, 0, 0);
+ ok(rc == MMSYSERR_INVALPARAM,
+ "acmFormatEnumA(): rc = %08x, should be %08x\n",
+ rc, MMSYSERR_INVALPARAM);
+ fd.pwfx = pwfx;
+
+ /* fdwSupport must be zero */
+ fd.fdwSupport = 0xdeadbeef;
+ rc = acmFormatEnumA(had, &fd, FormatEnumProc, 0, 0);
+ ok(rc == MMSYSERR_INVALPARAM,
+ "acmFormatEnumA(): rc = %08x, should be %08x\n",
+ rc, MMSYSERR_INVALPARAM);
+ fd.fdwSupport = 0;
+
+ /* try bad pwfx structure size */
+ fd.cbwfx = dwSize-1;
+ rc = acmFormatEnumA(had, &fd, FormatEnumProc, 0, 0);
+ ok(rc == MMSYSERR_INVALPARAM,
+ "acmFormatEnumA(): rc = %08x, should be %08x\n",
+ rc, MMSYSERR_INVALPARAM);
+ fd.cbwfx = dwSize;
+
/* try valid parameters */
rc = acmFormatEnumA(had, &fd, FormatEnumProc, 0, 0);
ok(rc == MMSYSERR_NOERROR,
--
2.13.0
More information about the wine-patches
mailing list