From 2095f66d441033278981d4838d9892cb44292953 Mon Sep 17 00:00:00 2001
From: Robert Reif <reif@earthlink.net>
Date: Tue, 10 May 2005 13:17:03 +0000
Subject: [PATCH] Fix joystick crash when a button guid is specified in the
 data format. Add some parameter checking.

---
 dlls/dinput/device.c         | 15 ++++++++-------
 dlls/dinput/dinput_main.c    | 10 ++++++++++
 dlls/dinput/joystick_linux.c | 23 ++++++++++++++++++++++-
 3 files changed, 40 insertions(+), 8 deletions(-)

diff --git a/dlls/dinput/device.c b/dlls/dinput/device.c
index 78b9f0a0aa5..bddb6f88b2f 100644
--- a/dlls/dinput/device.c
+++ b/dlls/dinput/device.c
@@ -313,6 +313,7 @@ DataFormat *create_DataFormat(const DIDATAFORMAT *wine_format, LPCDIDATAFORMAT a
 		 * the GUID of the Wine object.
 		 */
 		((asked_format->rgodf[j].pguid == NULL) ||
+		 (wine_format->rgodf[i].pguid == NULL) ||
 		 (IsEqualGUID(wine_format->rgodf[i].pguid, asked_format->rgodf[j].pguid)))
 		&&
 		(/* Then check if it accepts any instance id, and if not, if it matches Wine's
@@ -336,19 +337,19 @@ DataFormat *create_DataFormat(const DIDATAFORMAT *wine_format, LPCDIDATAFORMAT a
 		TRACE("       * dwType: %08lx\n", asked_format->rgodf[j].dwType);
 		TRACE("         "); _dump_EnumObjects_flags(asked_format->rgodf[j].dwType); TRACE("\n");
 		
-		TRACE("   - Wine  (%d) :\n", j);
+		TRACE("   - Wine  (%d) :\n", i);
 		TRACE("       * GUID: %s ('%s')\n",
-		      debugstr_guid(wine_format->rgodf[j].pguid),
-		      _dump_dinput_GUID(wine_format->rgodf[j].pguid));
-		TRACE("       * Offset: %3ld\n", wine_format->rgodf[j].dwOfs);
-		TRACE("       * dwType: %08lx\n", wine_format->rgodf[j].dwType);
-		TRACE("         "); _dump_EnumObjects_flags(wine_format->rgodf[j].dwType); TRACE("\n");
+		      debugstr_guid(wine_format->rgodf[i].pguid),
+		      _dump_dinput_GUID(wine_format->rgodf[i].pguid));
+		TRACE("       * Offset: %3ld\n", wine_format->rgodf[i].dwOfs);
+		TRACE("       * dwType: %08lx\n", wine_format->rgodf[i].dwType);
+		TRACE("         "); _dump_EnumObjects_flags(wine_format->rgodf[i].dwType); TRACE("\n");
 		
 		if (wine_format->rgodf[i].dwType & DIDFT_BUTTON)
 		    dt[index].size = sizeof(BYTE);
 		else
 		    dt[index].size = sizeof(DWORD);
-		dt[index].offset_in  = wine_format ->rgodf[i].dwOfs;
+		dt[index].offset_in = wine_format->rgodf[i].dwOfs;
                 if (asked_format->rgodf[j].dwOfs < next) {
                     WARN("bad format: dwOfs=%ld, changing to %ld\n", asked_format->rgodf[j].dwOfs, next);
 		    dt[index].offset_out = next;
diff --git a/dlls/dinput/dinput_main.c b/dlls/dinput/dinput_main.c
index 464cf64d3fd..36288fdc5c4 100644
--- a/dlls/dinput/dinput_main.c
+++ b/dlls/dinput/dinput_main.c
@@ -331,6 +331,16 @@ static HRESULT WINAPI IDirectInputAImpl_CreateDevice(
 
 	TRACE("(this=%p,%s,%p,%p)\n",This,debugstr_guid(rguid),pdev,punk);
 
+	if (pdev == NULL) {
+		WARN("invalid pointer: pdev == NULL\n");
+		return E_POINTER;
+	}
+
+	if (rguid == NULL) {
+		WARN("invalid pointer: rguid == NULL\n");
+		return E_POINTER;
+	}
+
 	/* Loop on all the devices to see if anyone matches the given GUID */
 	for (i = 0; i < NB_DINPUT_DEVICES; i++) {
 	  HRESULT ret;
diff --git a/dlls/dinput/joystick_linux.c b/dlls/dinput/joystick_linux.c
index 77578c6cbd6..01bce28441f 100644
--- a/dlls/dinput/joystick_linux.c
+++ b/dlls/dinput/joystick_linux.c
@@ -713,6 +713,16 @@ static HRESULT WINAPI JoystickAImpl_SetDataFormat(
 
     TRACE("(%p,%p)\n",This,df);
 
+    if (df == NULL) {
+        WARN("invalid pointer\n");
+        return E_POINTER;
+    }
+
+    if (df->dwSize != sizeof(*df)) {
+        WARN("invalid argument\n");
+        return DIERR_INVALIDPARAM;
+    }
+
     if (This->acquired) {
         WARN("acquired\n");
         return DIERR_ACQUIRED;
@@ -1113,6 +1123,11 @@ static HRESULT WINAPI JoystickAImpl_SetProperty(
 
     TRACE("(%p,%s,%p)\n",This,debugstr_guid(rguid),ph);
 
+    if (ph == NULL) {
+        WARN("invalid pointer\n");
+        return E_POINTER;
+    }
+
     if (TRACE_ON(dinput))
         _dump_DIPROPHEADER(ph);
 
@@ -1214,10 +1229,16 @@ static HRESULT WINAPI JoystickAImpl_GetCapabilities(
 
     if (lpDIDevCaps == NULL) {
         WARN("invalid parameter: lpDIDevCaps = NULL\n");
-        return DIERR_INVALIDPARAM;
+        return E_POINTER;
     }
 
     size = lpDIDevCaps->dwSize;
+
+    if (!(size == sizeof(DIDEVCAPS) || size == sizeof(DIDEVCAPS_DX3))) {
+        WARN("invalid parameter\n");
+        return DIERR_INVALIDPARAM;
+    }
+
     CopyMemory(lpDIDevCaps, &This->devcaps, size);
     lpDIDevCaps->dwSize = size;