[PATCH 0/2] MR8596: dsound: Check if 'cbPropData' for DSPROPERTY_Description1 is large enough
Avoid writing out of bounds.
Signed-off-by: YeshunYe yeyeshun@uniontech.com
From: YeshunYe yeyeshun@uniontech.com
Avoid writing out of bounds.
Signed-off-by: YeshunYe yeyeshun@uniontech.com --- dlls/dsound/propset.c | 2 ++ 1 file changed, 2 insertions(+)
diff --git a/dlls/dsound/propset.c b/dlls/dsound/propset.c index be284a6dda5..28df7887f65 100644 --- a/dlls/dsound/propset.c +++ b/dlls/dsound/propset.c @@ -475,6 +475,8 @@ static HRESULT DSPROPERTY_Description1( *pcbReturned = sizeof(*ppd); if (!pPropData) return S_OK; + if (cbPropData < sizeof(*ppd)) + return E_INVALIDARG;
data.DeviceId = ppd->DeviceId; data.DataFlow = ppd->DataFlow;
From: YeshunYe yeyeshun@uniontech.com
Signed-off-by: YeshunYe yeyeshun@uniontech.com --- dlls/dsound/tests/propset.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+)
diff --git a/dlls/dsound/tests/propset.c b/dlls/dsound/tests/propset.c index 71040a70c77..659a9694851 100644 --- a/dlls/dsound/tests/propset.c +++ b/dlls/dsound/tests/propset.c @@ -300,6 +300,20 @@ static void propset_private_tests(void) "Shouldn't be able to set DSPROPERTY_DIRECTSOUNDDEVICE_DESCRIPTION_1: " "support = 0x%lx\n",support);
+ if (support & KSPROPERTY_SUPPORT_GET) { + struct + { + GUID DeviceId; + int reserved; + } data; + ULONG bytes; + data.DeviceId = DSDEVID_DefaultPlayback; + + rc = IKsPropertySet_Get(pps, &DSPROPSETID_DirectSoundDevice, + DSPROPERTY_DIRECTSOUNDDEVICE_DESCRIPTION_1, + NULL, 0, &data, sizeof(data), &bytes); + ok(rc==E_INVALIDARG, "Query buffer size failed: 0x%lx\n",rc); + } /* test DSPROPERTY_DIRECTSOUNDDEVICE_DESCRIPTION_A */ rc = IKsPropertySet_QuerySupport(pps, &DSPROPSETID_DirectSoundDevice, DSPROPERTY_DIRECTSOUNDDEVICE_DESCRIPTION_A,
Is there an application that needs this?
-
Huw Davies (@huw) -
Yeshun Ye (@yeyeshun)
-
YeshunYe