d3dxof: Fix data buffer limit check. Increase size of input and data buffers.

b67bbc92 · Christian Costa · Alexandre Julliard · 630e2fff · b67bbc92 · b67bbc92
Commit b67bbc92 authored Nov 16, 2008 by Christian Costa Committed by Alexandre Julliard Nov 17, 2008
Hide whitespace changes
Inline Side-by-side

Showing with 11 additions and 10 deletions

d3dxof.c dlls/d3dxof/d3dxof.c +10 -10

d3dxof_private.h dlls/d3dxof/d3dxof_private.h +1 -0

No files found.
--- a/dlls/d3dxof/d3dxof.c
+++ b/dlls/d3dxof/d3dxof.c
@@ -80,8 +80,8 @@ WINE_DEFAULT_DEBUG_CHANNEL(d3dxof);
 #define CLSIDFMT "<%08X-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X>"
-#define MAX_INPUT_SIZE 1000000
+#define MAX_INPUT_SIZE 2000000
-#define MAX_DATA_SIZE 100000
+#define MAX_DATA_SIZE 200000
 static const struct IDirectXFileVtbl IDirectXFile_Vtbl;
 static const struct IDirectXFileBinaryVtbl IDirectXFileBinary_Vtbl;
@@ -1858,9 +1858,9 @@ static BOOL parse_object_members_list(parse_buffer * buf)
          last_dword = *(DWORD*)buf->value;
          TRACE("%s = %d\n", pt->members[i].name, *(DWORD*)buf->value);
          /* Assume larger size */
-          if ((buf->cur_pdata - buf->pxo->pdata + 4) > MAX_DATA_SIZE)
+          if ((buf->cur_pdata - buf->pdata + 4) > MAX_DATA_SIZE)
          {
-            WARN("Buffer too small\n");
+            FIXME("Buffer too small\n");
            return FALSE;
          }
          if (pt->members[i].type == TOKEN_WORD)
@@ -1884,9 +1884,9 @@ static BOOL parse_object_members_list(parse_buffer * buf)
          get_TOKEN(buf);
          TRACE("%s = %f\n", pt->members[i].name, *(float*)buf->value);
          /* Assume larger size */
-          if ((buf->cur_pdata - buf->pxo->pdata + 4) > MAX_DATA_SIZE)
+          if ((buf->cur_pdata - buf->pdata + 4) > MAX_DATA_SIZE)
          {
-            WARN("Buffer too small\n");
+            FIXME("Buffer too small\n");
            return FALSE;
          }
          if (pt->members[i].type == TOKEN_FLOAT)
@@ -1905,9 +1905,9 @@ static BOOL parse_object_members_list(parse_buffer * buf)
          get_TOKEN(buf);
          TRACE("%s = %s\n", pt->members[i].name, (char*)buf->value);
          /* Assume larger size */
-          if ((buf->cur_pdata - buf->pxo->pdata + 4) > MAX_DATA_SIZE)
+          if ((buf->cur_pdata - buf->pdata + 4) > MAX_DATA_SIZE)
          {
-            WARN("Buffer too small\n");
+            FIXME("Buffer too small\n");
            return FALSE;
          }
          if (pt->members[i].type == TOKEN_LPSTR)
@@ -1915,7 +1915,7 @@ static BOOL parse_object_members_list(parse_buffer * buf)
            int len = strlen((char*)buf->value) + 1;
            if ((buf->cur_pstrings - buf->pstrings + len) > MAX_STRINGS_BUFFER)
            {
-              WARN("Buffer too small %p %p %d\n", buf->cur_pstrings, buf->pstrings, len);
+              FIXME("Buffer too small %p %p %d\n", buf->cur_pstrings, buf->pstrings, len);
              return FALSE;
            }
            strcpy((char*)buf->cur_pstrings, (char*)buf->value);
@@ -2124,7 +2124,7 @@ static HRESULT WINAPI IDirectXFileEnumObjectImpl_GetNextDataObject(IDirectXFileE
    WARN("Out of memory\n");
    return DXFILEERR_BADALLOC;
  }
-  This->buf.cur_pdata = pdata;
+  This->buf.cur_pdata = This->buf.pdata = pdata;
  pstrings = HeapAlloc(GetProcessHeap(), 0, MAX_STRINGS_BUFFER);
  if (!pstrings)

--- a/dlls/d3dxof/d3dxof_private.h
+++ b/dlls/d3dxof/d3dxof_private.h
@@ -135,6 +135,7 @@ typedef struct {
  xobject* pxo;
  xtemplate* pxt[MAX_SUBOBJECTS];
  ULONG level;
+  LPBYTE pdata;
  LPBYTE pstrings;
 } parse_buffer;