[PATCH v3 1/4] msacm32: Add more invalid parameter checks for acmFormatEnum().

Andrew Eikum aeikum at codeweavers.com
Thu Jun 8 07:43:01 CDT 2017 

Signed-off-by: Andrew Eikum <aeikum at codeweavers.com>

On Wed, Jun 07, 2017 at 04:07:50PM -0500, Zebediah Figura wrote:
> v2: restore zero struct, check for error from acmMetrics()
> Signed-off-by: Zebediah Figura <z.figura12 at gmail.com>
> ---
>  dlls/msacm32/format.c      | 21 +++++++++++++++++++++
>  dlls/msacm32/tests/msacm.c | 36 ++++++++++++++++++++++++++++++++----
>  2 files changed, 53 insertions(+), 4 deletions(-)
> 
> diff --git a/dlls/msacm32/format.c b/dlls/msacm32/format.c
> index 3f3ee5492d..902807cb72 100644
> --- a/dlls/msacm32/format.c
> +++ b/dlls/msacm32/format.c
> @@ -492,6 +492,9 @@ MMRESULT WINAPI acmFormatEnumA(HACMDRIVER had, PACMFORMATDETAILSA pafda,
>      if (!pafda)
>          return MMSYSERR_INVALPARAM;
>  
> +    if (!fnCallback)
> +        return MMSYSERR_INVALPARAM;
> +
>      if (pafda->cbStruct < sizeof(*pafda))
>          return MMSYSERR_INVALPARAM;
>  
> @@ -499,6 +502,7 @@ MMRESULT WINAPI acmFormatEnumA(HACMDRIVER had, PACMFORMATDETAILSA pafda,
>      afdw.cbStruct = sizeof(afdw);
>      afdw.dwFormatIndex = pafda->dwFormatIndex;
>      afdw.dwFormatTag = pafda->dwFormatTag;
> +    afdw.fdwSupport = pafda->fdwSupport;
>      afdw.pwfx = pafda->pwfx;
>      afdw.cbwfx = pafda->cbwfx;
>  
> @@ -613,6 +617,8 @@ MMRESULT WINAPI acmFormatEnumW(HACMDRIVER had, PACMFORMATDETAILSW pafd,
>      PWINE_ACMDRIVERID		padid;
>      WAVEFORMATEX		wfxRef;
>      BOOL			ret;
> +    DWORD			cbwfxMax;
> +    MMRESULT			mmr;
>  
>      TRACE("(%p, %p, %p, %ld, %d)\n",
>  	  had, pafd, fnCallback, dwInstance, fdwEnum);
> @@ -620,9 +626,18 @@ MMRESULT WINAPI acmFormatEnumW(HACMDRIVER had, PACMFORMATDETAILSW pafd,
>      if (!pafd)
>          return MMSYSERR_INVALPARAM;
>  
> +    if (!fnCallback)
> +        return MMSYSERR_INVALPARAM;
> +
>      if (pafd->cbStruct < sizeof(*pafd))
>          return MMSYSERR_INVALPARAM;
>  
> +    if (pafd->fdwSupport)
> +        return MMSYSERR_INVALPARAM;
> +
> +    if (!pafd->pwfx)
> +        return MMSYSERR_INVALPARAM;
> +
>      if (fdwEnum & (ACM_FORMATENUMF_WFORMATTAG|ACM_FORMATENUMF_NCHANNELS|
>  		   ACM_FORMATENUMF_NSAMPLESPERSEC|ACM_FORMATENUMF_WBITSPERSAMPLE|
>  		   ACM_FORMATENUMF_CONVERT|ACM_FORMATENUMF_SUGGEST))
> @@ -639,6 +654,12 @@ MMRESULT WINAPI acmFormatEnumW(HACMDRIVER had, PACMFORMATDETAILSW pafd,
>      if (fdwEnum & (ACM_FORMATENUMF_CONVERT|ACM_FORMATENUMF_INPUT|ACM_FORMATENUMF_OUTPUT))
>  	FIXME("Unsupported fdwEnum values %08x\n", fdwEnum);
>  
> +    mmr = acmMetrics((HACMOBJ)had, ACM_METRIC_MAX_SIZE_FORMAT, &cbwfxMax);
> +    if (mmr != MMSYSERR_NOERROR)
> +        return mmr;
> +    if (pafd->cbwfx < cbwfxMax)
> +        return MMSYSERR_INVALPARAM;
> +
>      if (had) {
>  	HACMDRIVERID	hadid;
>  
> diff --git a/dlls/msacm32/tests/msacm.c b/dlls/msacm32/tests/msacm.c
> index 6e79f4677f..f5ab168290 100644
> --- a/dlls/msacm32/tests/msacm.c
> +++ b/dlls/msacm32/tests/msacm.c
> @@ -330,12 +330,10 @@ static BOOL CALLBACK DriverEnumProc(HACMDRIVERID hadid,
>                 "acmFormatEnumA(): rc = %08x, should be %08x\n",
>                 rc, MMSYSERR_INVALPARAM);
>  
> -            if (dwSize < sizeof(WAVEFORMATEX))
> -                dwSize = sizeof(WAVEFORMATEX);
> -
>              pwfx = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, dwSize);
>  
> -            pwfx->cbSize = LOWORD(dwSize) - sizeof(WAVEFORMATEX);
> +            if (dwSize >= sizeof(WAVEFORMATEX))
> +                pwfx->cbSize = LOWORD(dwSize) - sizeof(WAVEFORMATEX);
>              pwfx->wFormatTag = WAVE_FORMAT_UNKNOWN;
>  
>              fd.cbStruct = sizeof(fd);
> @@ -343,6 +341,36 @@ static BOOL CALLBACK DriverEnumProc(HACMDRIVERID hadid,
>              fd.cbwfx = dwSize;
>              fd.dwFormatTag = WAVE_FORMAT_UNKNOWN;
>  
> +            /* try bad callback */
> +            rc = acmFormatEnumA(had, &fd, NULL, 0, 0);
> +            ok(rc == MMSYSERR_INVALPARAM,
> +               "acmFormatEnumA(): rc = %08x, should be %08x\n",
> +               rc, MMSYSERR_INVALPARAM);
> +
> +            /* try bad pwfx */
> +            fd.pwfx = NULL;
> +            rc = acmFormatEnumA(had, &fd, FormatEnumProc, 0, 0);
> +            ok(rc == MMSYSERR_INVALPARAM,
> +               "acmFormatEnumA(): rc = %08x, should be %08x\n",
> +               rc, MMSYSERR_INVALPARAM);
> +            fd.pwfx = pwfx;
> +
> +            /* fdwSupport must be zero */
> +            fd.fdwSupport = 0xdeadbeef;
> +            rc = acmFormatEnumA(had, &fd, FormatEnumProc, 0, 0);
> +            ok(rc == MMSYSERR_INVALPARAM,
> +               "acmFormatEnumA(): rc = %08x, should be %08x\n",
> +               rc, MMSYSERR_INVALPARAM);
> +            fd.fdwSupport = 0;
> +
> +            /* try bad pwfx structure size */
> +            fd.cbwfx = dwSize-1;
> +            rc = acmFormatEnumA(had, &fd, FormatEnumProc, 0, 0);
> +            ok(rc == MMSYSERR_INVALPARAM,
> +               "acmFormatEnumA(): rc = %08x, should be %08x\n",
> +               rc, MMSYSERR_INVALPARAM);
> +            fd.cbwfx = dwSize;
> +
>              /* try valid parameters */
>              rc = acmFormatEnumA(had, &fd, FormatEnumProc, 0, 0);
>              ok(rc == MMSYSERR_NOERROR,
> -- 
> 2.13.0
> 
> 
>

More information about the wine-patches mailing list