Andrew Eikum : dsound: Validate buffer pointers in Unlock methods. - wine-commits

26 Sep 2011

Module: wine
Branch: master
Commit: 7fae5f4f9feb456739654a3c0a1df5f4e0a28ebe
URL:    http://source.winehq.org/git/wine.git/?a=commit;h=7fae5f4f9feb456739654a3c0a...
Author: Andrew Eikum aeikum@codeweavers.com
Date:   Sat Sep 24 09:03:06 2011 -0500
dsound: Validate buffer pointers in Unlock methods.
---
dlls/dsound/buffer.c  |    6 ++++++
 dlls/dsound/primary.c |    6 ++++++
 2 files changed, 12 insertions(+), 0 deletions(-)

diff --git a/dlls/dsound/buffer.c b/dlls/dsound/buffer.c
index aa870f4..50fe7c9 100644
--- a/dlls/dsound/buffer.c
+++ b/dlls/dsound/buffer.c
@@ -651,6 +651,12 @@ static HRESULT WINAPI IDirectSoundBufferImpl_Unlock(IDirectSoundBuffer8 *iface,
    if (!p2)
    	x2 = 0;
+    if((p1 && ((BYTE*)p1 < This->buffer->memory ||
+                    (BYTE*)p1 >= This->buffer->memory + This->buflen)) ||
+            (p2 && ((BYTE*)p2 < This->buffer->memory ||
+                    (BYTE*)p2 >= This->buffer->memory + This->buflen)))
+        return DSERR_INVALIDPARAM;
+
    if (x1 || x2)
    {
    	RtlAcquireResourceShared(&This->device->buffer_list_lock, TRUE);
diff --git a/dlls/dsound/primary.c b/dlls/dsound/primary.c
index 9eb74b7..df35abd 100644
--- a/dlls/dsound/primary.c
+++ b/dlls/dsound/primary.c
@@ -850,6 +850,12 @@ static HRESULT WINAPI PrimaryBufferImpl_Unlock(
    	return DSERR_PRIOLEVELNEEDED;
    }
+    if((p1 && ((BYTE*)p1 < device->buffer ||
+                    (BYTE*)p1 >= device->buffer + device->buflen)) ||
+            (p2 && ((BYTE*)p2 < device->buffer ||
+                    (BYTE*)p2 >= device->buffer + device->buflen)))
+        return DSERR_INVALIDPARAM;
+
    return DS_OK;
 }

    