Zebediah Figura : msacm32: Add more invalid parameter checks for acmFormatEnum().

8 Jun 2017

Module: wine
Branch: master
Commit: c984aa5fc94e8f64c6b924fea942b9fef8f8f5af
URL:    http://source.winehq.org/git/wine.git/?a=commit;h=c984aa5fc94e8f64c6b924fea9...
Author: Zebediah Figura z.figura12@gmail.com
Date:   Wed Jun  7 16:07:50 2017 -0500
msacm32: Add more invalid parameter checks for acmFormatEnum().
Signed-off-by: Zebediah Figura z.figura12@gmail.com
Signed-off-by: Andrew Eikum aeikum@codeweavers.com
Signed-off-by: Alexandre Julliard julliard@winehq.org
---
dlls/msacm32/format.c      | 21 +++++++++++++++++++++
 dlls/msacm32/tests/msacm.c | 36 ++++++++++++++++++++++++++++++++----
 2 files changed, 53 insertions(+), 4 deletions(-)

diff --git a/dlls/msacm32/format.c b/dlls/msacm32/format.c
index 3f3ee54..902807c 100644
--- a/dlls/msacm32/format.c
+++ b/dlls/msacm32/format.c
@@ -492,6 +492,9 @@ MMRESULT WINAPI acmFormatEnumA(HACMDRIVER had, PACMFORMATDETAILSA pafda,
     if (!pafda)
         return MMSYSERR_INVALPARAM;
+    if (!fnCallback)
+        return MMSYSERR_INVALPARAM;
+
     if (pafda->cbStruct < sizeof(*pafda))
         return MMSYSERR_INVALPARAM;
@@ -499,6 +502,7 @@ MMRESULT WINAPI acmFormatEnumA(HACMDRIVER had, PACMFORMATDETAILSA pafda,
     afdw.cbStruct = sizeof(afdw);
     afdw.dwFormatIndex = pafda->dwFormatIndex;
     afdw.dwFormatTag = pafda->dwFormatTag;
+    afdw.fdwSupport = pafda->fdwSupport;
     afdw.pwfx = pafda->pwfx;
     afdw.cbwfx = pafda->cbwfx;
@@ -613,6 +617,8 @@ MMRESULT WINAPI acmFormatEnumW(HACMDRIVER had, PACMFORMATDETAILSW pafd,
     PWINE_ACMDRIVERID		padid;
     WAVEFORMATEX		wfxRef;
     BOOL			ret;
+    DWORD			cbwfxMax;
+    MMRESULT			mmr;
TRACE("(%p, %p, %p, %ld, %d)\n",
      had, pafd, fnCallback, dwInstance, fdwEnum);
@@ -620,9 +626,18 @@ MMRESULT WINAPI acmFormatEnumW(HACMDRIVER had, PACMFORMATDETAILSW pafd,
     if (!pafd)
         return MMSYSERR_INVALPARAM;
+    if (!fnCallback)
+        return MMSYSERR_INVALPARAM;
+
     if (pafd->cbStruct < sizeof(*pafd))
         return MMSYSERR_INVALPARAM;
+    if (pafd->fdwSupport)
+        return MMSYSERR_INVALPARAM;
+
+    if (!pafd->pwfx)
+        return MMSYSERR_INVALPARAM;
+
     if (fdwEnum & (ACM_FORMATENUMF_WFORMATTAG|ACM_FORMATENUMF_NCHANNELS|
    	   ACM_FORMATENUMF_NSAMPLESPERSEC|ACM_FORMATENUMF_WBITSPERSAMPLE|
    	   ACM_FORMATENUMF_CONVERT|ACM_FORMATENUMF_SUGGEST))
@@ -639,6 +654,12 @@ MMRESULT WINAPI acmFormatEnumW(HACMDRIVER had, PACMFORMATDETAILSW pafd,
     if (fdwEnum & (ACM_FORMATENUMF_CONVERT|ACM_FORMATENUMF_INPUT|ACM_FORMATENUMF_OUTPUT))
    FIXME("Unsupported fdwEnum values %08x\n", fdwEnum);
+    mmr = acmMetrics((HACMOBJ)had, ACM_METRIC_MAX_SIZE_FORMAT, &cbwfxMax);
+    if (mmr != MMSYSERR_NOERROR)
+        return mmr;
+    if (pafd->cbwfx < cbwfxMax)
+        return MMSYSERR_INVALPARAM;
+
     if (had) {
    HACMDRIVERID	hadid;
diff --git a/dlls/msacm32/tests/msacm.c b/dlls/msacm32/tests/msacm.c
index 6e79f46..f5ab168 100644
--- a/dlls/msacm32/tests/msacm.c
+++ b/dlls/msacm32/tests/msacm.c
@@ -330,12 +330,10 @@ static BOOL CALLBACK DriverEnumProc(HACMDRIVERID hadid,
                "acmFormatEnumA(): rc = %08x, should be %08x\n",
                rc, MMSYSERR_INVALPARAM);
-            if (dwSize < sizeof(WAVEFORMATEX))
-                dwSize = sizeof(WAVEFORMATEX);
-
             pwfx = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, dwSize);
-            pwfx->cbSize = LOWORD(dwSize) - sizeof(WAVEFORMATEX);
+            if (dwSize >= sizeof(WAVEFORMATEX))
+                pwfx->cbSize = LOWORD(dwSize) - sizeof(WAVEFORMATEX);
             pwfx->wFormatTag = WAVE_FORMAT_UNKNOWN;
fd.cbStruct = sizeof(fd);
@@ -343,6 +341,36 @@ static BOOL CALLBACK DriverEnumProc(HACMDRIVERID hadid,
             fd.cbwfx = dwSize;
             fd.dwFormatTag = WAVE_FORMAT_UNKNOWN;
+            /* try bad callback */
+            rc = acmFormatEnumA(had, &fd, NULL, 0, 0);
+            ok(rc == MMSYSERR_INVALPARAM,
+               "acmFormatEnumA(): rc = %08x, should be %08x\n",
+               rc, MMSYSERR_INVALPARAM);
+
+            /* try bad pwfx */
+            fd.pwfx = NULL;
+            rc = acmFormatEnumA(had, &fd, FormatEnumProc, 0, 0);
+            ok(rc == MMSYSERR_INVALPARAM,
+               "acmFormatEnumA(): rc = %08x, should be %08x\n",
+               rc, MMSYSERR_INVALPARAM);
+            fd.pwfx = pwfx;
+
+            /* fdwSupport must be zero */
+            fd.fdwSupport = 0xdeadbeef;
+            rc = acmFormatEnumA(had, &fd, FormatEnumProc, 0, 0);
+            ok(rc == MMSYSERR_INVALPARAM,
+               "acmFormatEnumA(): rc = %08x, should be %08x\n",
+               rc, MMSYSERR_INVALPARAM);
+            fd.fdwSupport = 0;
+
+            /* try bad pwfx structure size */
+            fd.cbwfx = dwSize-1;
+            rc = acmFormatEnumA(had, &fd, FormatEnumProc, 0, 0);
+            ok(rc == MMSYSERR_INVALPARAM,
+               "acmFormatEnumA(): rc = %08x, should be %08x\n",
+               rc, MMSYSERR_INVALPARAM);
+            fd.cbwfx = dwSize;
+
             /* try valid parameters */
             rc = acmFormatEnumA(had, &fd, FormatEnumProc, 0, 0);
             ok(rc == MMSYSERR_NOERROR,

    

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

Zebediah Figura : msacm32: Add more invalid parameter checks for acmFormatEnum().