d3dxof: Add missing checks for remaining bytes during parsing.

555fe787 · Dylan Smith · Alexandre Julliard · 18b8f951 · 555fe787
Commit 555fe787 authored Apr 20, 2011 by Dylan Smith Committed by Alexandre Julliard Apr 21, 2011
Hide whitespace changes
Inline Side-by-side

Showing with 5 additions and 5 deletions

parsing.c dlls/d3dxof/parsing.c +5 -5

No files found.
--- a/dlls/d3dxof/parsing.c
+++ b/dlls/d3dxof/parsing.c
@@ -337,7 +337,7 @@ static BOOL is_guid(parse_buffer* buf)
  DWORD tab[10];
  int ret;
-  if (*buf->buffer != '<')
+  if (buf->rem_bytes < 38 || *buf->buffer != '<')
    return FALSE;
  tmp[0] = '<';
  while (*(buf->buffer+pos) != '>')
@@ -385,7 +385,7 @@ static BOOL is_name(parse_buffer* buf)
  DWORD pos = 0;
  char c;
  BOOL error = 0;
-  while (!is_separator(c = *(buf->buffer+pos)))
+  while (pos < buf->rem_bytes && !is_separator(c = *(buf->buffer+pos)))
  {
    if (!(((c >= 'a') && (c <= 'z')) || ((c >= 'A') && (c <= 'Z')) || ((c >= '0') && (c <= '9')) || (c == '_') || (c == '-')))
      error = 1;
@@ -416,7 +416,7 @@ static BOOL is_float(parse_buffer* buf)
  float decimal;
  BOOL dot = 0;
-  while (!is_separator(c = *(buf->buffer+pos)))
+  while (pos < buf->rem_bytes && !is_separator(c = *(buf->buffer+pos)))
  {
    if (!((!pos && (c == '-')) || ((c >= '0') && (c <= '9')) || (!dot && (c == '.'))))
      return FALSE;
@@ -445,7 +445,7 @@ static BOOL is_integer(parse_buffer* buf)
  char c;
  DWORD integer;
-  while (!is_separator(c = *(buf->buffer+pos)))
+  while (pos < buf->rem_bytes && !is_separator(c = *(buf->buffer+pos)))
  {
    if (!((c >= '0') && (c <= '9')))
      return FALSE;
@@ -475,7 +475,7 @@ static BOOL is_string(parse_buffer* buf)
  if (*buf->buffer != '"')
    return FALSE;
-  while (!is_operator(c = *(buf->buffer+pos+1)) && (pos < 99))
+  while (pos < buf->rem_bytes && !is_operator(c = *(buf->buffer+pos+1)) && (pos < 99))
  {
    if (c == '"')
    {