Module: vkd3d Branch: master Commit: 6a1b3a3fb594fe7eeedef18541a50d679c60104d URL: https://source.winehq.org/git/vkd3d.git/?a=commit;h=6a1b3a3fb594fe7eeedef185...
Author: Józef Kucia jkucia@codeweavers.com Date: Wed Apr 11 13:21:41 2018 +0200
libs/vkd3d-shader: Validate DXBC data size.
Signed-off-by: Józef Kucia jkucia@codeweavers.com Signed-off-by: Henri Verbeet hverbeet@codeweavers.com Signed-off-by: Alexandre Julliard julliard@winehq.org
---
libs/vkd3d-shader/dxbc.c | 12 +++++++++--- libs/vkd3d-shader/vkd3d_shader_private.h | 1 + 2 files changed, 10 insertions(+), 3 deletions(-)
diff --git a/libs/vkd3d-shader/dxbc.c b/libs/vkd3d-shader/dxbc.c index 49e2c50..0b5c3cf 100644 --- a/libs/vkd3d-shader/dxbc.c +++ b/libs/vkd3d-shader/dxbc.c @@ -1808,7 +1808,7 @@ static const char *shader_get_string(const char *data, size_t data_size, DWORD o return data + offset; }
-static int parse_dxbc(const char *data, SIZE_T data_size, +static int parse_dxbc(const char *data, size_t data_size, int (*chunk_handler)(const char *data, DWORD data_size, DWORD tag, void *ctx), void *ctx) { const char *ptr = data; @@ -1819,6 +1819,12 @@ static int parse_dxbc(const char *data, SIZE_T data_size, DWORD version; DWORD tag;
+ if (data_size < VKD3D_DXBC_HEADER_SIZE) + { + WARN("Invalid data size %zu.\n", data_size); + return VKD3D_ERROR_INVALID_ARGUMENT; + } + read_dword(&ptr, &tag); TRACE("tag: %#x.\n", tag);
@@ -1856,7 +1862,7 @@ static int parse_dxbc(const char *data, SIZE_T data_size,
if (chunk_offset >= data_size || !require_space(chunk_offset, 2, sizeof(DWORD), data_size)) { - WARN("Invalid chunk offset %#x (data size %#lx).\n", chunk_offset, data_size); + WARN("Invalid chunk offset %#x (data size %zu).\n", chunk_offset, data_size); return VKD3D_ERROR_INVALID_ARGUMENT; }
@@ -1867,7 +1873,7 @@ static int parse_dxbc(const char *data, SIZE_T data_size,
if (!require_space(chunk_ptr - data, 1, chunk_size, data_size)) { - WARN("Invalid chunk size %#x (data size %#lx, chunk offset %#x).\n", + WARN("Invalid chunk size %#x (data size %zu, chunk offset %#x).\n", chunk_size, data_size, chunk_offset); return VKD3D_ERROR_INVALID_ARGUMENT; } diff --git a/libs/vkd3d-shader/vkd3d_shader_private.h b/libs/vkd3d-shader/vkd3d_shader_private.h index 9c43a46..04e6b09 100644 --- a/libs/vkd3d-shader/vkd3d_shader_private.h +++ b/libs/vkd3d-shader/vkd3d_shader_private.h @@ -858,5 +858,6 @@ static inline unsigned int vkd3d_swizzle_get_component(DWORD swizzle, }
#define VKD3D_DXBC_MAX_SOURCE_COUNT 6 +#define VKD3D_DXBC_HEADER_SIZE (8 * sizeof(uint32_t))
#endif /* __VKD3D_SHADER_PRIVATE_H */