Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
W
wine-winehq
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Registry
Registry
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
wine
wine-winehq
Commits
30140d01
Commit
30140d01
authored
Mar 24, 2009
by
Christian Costa
Committed by
Alexandre Julliard
Mar 25, 2009
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
d3dxof: Remove limitation on data buffer size.
parent
60507cc6
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
30 additions
and
32 deletions
+30
-32
d3dxof.c
dlls/d3dxof/d3dxof.c
+7
-15
d3dxof_private.h
dlls/d3dxof/d3dxof_private.h
+1
-3
parsing.c
dlls/d3dxof/parsing.c
+22
-14
No files found.
dlls/d3dxof/d3dxof.c
View file @
30140d01
...
...
@@ -628,10 +628,11 @@ static ULONG WINAPI IDirectXFileDataImpl_Release(IDirectXFileData* iface)
if
(
!
ref
)
{
if
(
!
This
->
level
)
if
(
!
This
->
level
&&
!
This
->
from_ref
)
{
HeapFree
(
GetProcessHeap
(),
0
,
This
->
pdata
);
HeapFree
(
GetProcessHeap
(),
0
,
This
->
pstrings
);
HeapFree
(
GetProcessHeap
(),
0
,
This
->
pobj
->
pdata
);
HeapFree
(
GetProcessHeap
(),
0
,
This
->
pobj
);
}
HeapFree
(
GetProcessHeap
(),
0
,
This
);
}
...
...
@@ -1000,10 +1001,7 @@ static ULONG WINAPI IDirectXFileEnumObjectImpl_Release(IDirectXFileEnumObject* i
{
int
i
;
for
(
i
=
0
;
i
<
This
->
nb_xobjects
;
i
++
)
{
IDirectXFileData_Release
(
This
->
pRefObjects
[
i
]);
HeapFree
(
GetProcessHeap
(),
0
,
This
->
xobjects
[
i
]);
}
if
(
This
->
source
==
DXFILELOAD_FROMFILE
)
{
UnmapViewOfFile
(
This
->
buffer
);
...
...
@@ -1024,7 +1022,6 @@ static HRESULT WINAPI IDirectXFileEnumObjectImpl_GetNextDataObject(IDirectXFileE
IDirectXFileEnumObjectImpl
*
This
=
(
IDirectXFileEnumObjectImpl
*
)
iface
;
IDirectXFileDataImpl
*
object
;
HRESULT
hr
;
LPBYTE
pdata
=
NULL
;
LPBYTE
pstrings
=
NULL
;
TRACE
(
"(%p/%p)->(%p)
\n
"
,
This
,
iface
,
ppDataObj
);
...
...
@@ -1056,14 +1053,8 @@ static HRESULT WINAPI IDirectXFileEnumObjectImpl_GetNextDataObject(IDirectXFileE
}
This
->
buf
.
pxo
=
This
->
xobjects
[
This
->
nb_xobjects
]
=
This
->
buf
.
pxo_tab
;
pdata
=
HeapAlloc
(
GetProcessHeap
(),
0
,
MAX_DATA_SIZE
);
if
(
!
pdata
)
{
ERR
(
"Out of memory
\n
"
);
hr
=
DXFILEERR_BADALLOC
;
goto
error
;
}
This
->
buf
.
pxo
->
pdata
=
This
->
buf
.
pdata
=
object
->
pdata
=
pdata
;
This
->
buf
.
pxo
->
pdata
=
This
->
buf
.
pdata
=
NULL
;
This
->
buf
.
capacity
=
0
;
This
->
buf
.
cur_pos_data
=
0
;
pstrings
=
HeapAlloc
(
GetProcessHeap
(),
0
,
MAX_STRINGS_BUFFER
);
...
...
@@ -1109,8 +1100,9 @@ static HRESULT WINAPI IDirectXFileEnumObjectImpl_GetNextDataObject(IDirectXFileE
error:
HeapFree
(
GetProcessHeap
(),
0
,
This
->
buf
.
pxo_tab
);
HeapFree
(
GetProcessHeap
(),
0
,
pdata
);
HeapFree
(
GetProcessHeap
(),
0
,
pstrings
);
if
(
This
->
buf
.
pxo
->
pdata
)
HeapFree
(
GetProcessHeap
(),
0
,
This
->
buf
.
pxo
->
pdata
);
return
hr
;
}
...
...
dlls/d3dxof/d3dxof_private.h
View file @
30140d01
...
...
@@ -42,8 +42,6 @@
#define MAX_SUBOBJECTS 500
#define MAX_STRINGS_BUFFER 10000
#define MAX_DATA_SIZE 400000
typedef
struct
{
DWORD
type
;
LONG
idx_template
;
...
...
@@ -108,7 +106,6 @@ typedef struct {
int
cur_enum_object
;
BOOL
from_ref
;
ULONG
level
;
LPBYTE
pdata
;
LPBYTE
pstrings
;
}
IDirectXFileDataImpl
;
...
...
@@ -143,6 +140,7 @@ typedef struct {
xtemplate
*
pxt
[
MAX_SUBOBJECTS
];
ULONG
level
;
LPBYTE
pdata
;
ULONG
capacity
;
LPBYTE
pstrings
;
}
parse_buffer
;
...
...
dlls/d3dxof/parsing.c
View file @
30140d01
...
...
@@ -995,6 +995,25 @@ BOOL parse_template(parse_buffer * buf)
return
TRUE
;
}
static
BOOL
check_buffer
(
parse_buffer
*
buf
,
ULONG
size
)
{
if
((
buf
->
cur_pos_data
+
size
)
>
buf
->
capacity
)
{
LPBYTE
pdata
;
ULONG
new_capacity
=
buf
->
capacity
?
2
*
buf
->
capacity
:
100000
;
pdata
=
HeapAlloc
(
GetProcessHeap
(),
0
,
new_capacity
);
if
(
!
pdata
)
return
FALSE
;
memcpy
(
pdata
,
buf
->
pdata
,
buf
->
cur_pos_data
);
HeapFree
(
GetProcessHeap
(),
0
,
buf
->
pdata
);
buf
->
capacity
=
new_capacity
;
buf
->
pdata
=
pdata
;
buf
->
pxo
->
root
->
pdata
=
pdata
;
}
return
TRUE
;
}
static
BOOL
parse_object_parts
(
parse_buffer
*
buf
,
BOOL
allow_optional
);
static
BOOL
parse_object_members_list
(
parse_buffer
*
buf
)
{
...
...
@@ -1076,11 +1095,8 @@ static BOOL parse_object_members_list(parse_buffer * buf)
last_dword
=
*
(
DWORD
*
)
buf
->
value
;
TRACE
(
"%s = %d
\n
"
,
pt
->
members
[
i
].
name
,
*
(
DWORD
*
)
buf
->
value
);
/* Assume larger size */
if
((
buf
->
cur_pos_data
+
4
)
>
MAX_DATA_SIZE
)
{
FIXME
(
"Buffer too small
\n
"
);
if
(
!
check_buffer
(
buf
,
4
))
return
FALSE
;
}
if
(
pt
->
members
[
i
].
type
==
TOKEN_WORD
)
{
*
(((
WORD
*
)(
buf
->
cur_pos_data
+
buf
->
pdata
)))
=
(
WORD
)(
*
(
DWORD
*
)
buf
->
value
);
...
...
@@ -1101,12 +1117,8 @@ static BOOL parse_object_members_list(parse_buffer * buf)
{
get_TOKEN
(
buf
);
TRACE
(
"%s = %f
\n
"
,
pt
->
members
[
i
].
name
,
*
(
float
*
)
buf
->
value
);
/* Assume larger size */
if
((
buf
->
cur_pos_data
+
4
)
>
MAX_DATA_SIZE
)
{
FIXME
(
"Buffer too small
\n
"
);
if
(
!
check_buffer
(
buf
,
4
))
return
FALSE
;
}
if
(
pt
->
members
[
i
].
type
==
TOKEN_FLOAT
)
{
*
(((
float
*
)(
buf
->
cur_pos_data
+
buf
->
pdata
)))
=
(
float
)(
*
(
float
*
)
buf
->
value
);
...
...
@@ -1122,12 +1134,8 @@ static BOOL parse_object_members_list(parse_buffer * buf)
{
get_TOKEN
(
buf
);
TRACE
(
"%s = %s
\n
"
,
pt
->
members
[
i
].
name
,
(
char
*
)
buf
->
value
);
/* Assume larger size */
if
((
buf
->
cur_pos_data
+
4
)
>
MAX_DATA_SIZE
)
{
FIXME
(
"Buffer too small
\n
"
);
if
(
!
check_buffer
(
buf
,
4
))
return
FALSE
;
}
if
(
pt
->
members
[
i
].
type
==
TOKEN_LPSTR
)
{
int
len
=
strlen
((
char
*
)
buf
->
value
)
+
1
;
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment