From 30bc3bab3090dce8e96880fb9f0026473dc18379 Mon Sep 17 00:00:00 2001 From: Paul Gofman Date: Thu, 27 Apr 2017 14:05:46 +0300 Subject: [PATCH] d3dx9: Return an error for out of bounds input register in parse_preshader(). Signed-off-by: Paul Gofman Signed-off-by: Matteo Bruni Signed-off-by: Alexandre Julliard --- dlls/d3dx9_36/preshader.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/dlls/d3dx9_36/preshader.c b/dlls/d3dx9_36/preshader.c index 0f234882d55..a5a8bb7dd14 100644 --- a/dlls/d3dx9_36/preshader.c +++ b/dlls/d3dx9_36/preshader.c @@ -749,6 +749,7 @@ static HRESULT parse_preshader(struct d3dx_preshader *pres, unsigned int *ptr, u pres->regs.table_sizes[PRES_REGTAB_IMMED] = const_count; + update_table_sizes_consts(pres->regs.table_sizes, &pres->inputs); for (i = 0; i < pres->ins_count; ++i) { for (j = 0; j < pres_op_info[pres->ins[i].op].input_count; ++j) @@ -770,13 +771,17 @@ static HRESULT parse_preshader(struct d3dx_preshader *pres, unsigned int *ptr, u table = pres->ins[i].inputs[j].index_reg.table; reg_idx = get_reg_offset(table, pres->ins[i].inputs[j].index_reg.offset); } - update_table_size(pres->regs.table_sizes, table, reg_idx); + if (reg_idx >= pres->regs.table_sizes[table]) + { + FIXME("Out of bounds register index, i %u, j %u, table %u, reg_idx %u.", + i, j, table, reg_idx); + return D3DXERR_INVALIDDATA; + } } update_table_size(pres->regs.table_sizes, pres->ins[i].output.reg.table, get_reg_offset(pres->ins[i].output.reg.table, pres->ins[i].output.reg.offset + pres->ins[i].component_count - 1)); } - update_table_sizes_consts(pres->regs.table_sizes, &pres->inputs); if (FAILED(regstore_alloc_table(&pres->regs, PRES_REGTAB_IMMED))) return E_OUTOFMEMORY; regstore_set_values(&pres->regs, PRES_REGTAB_IMMED, dconst, 0, const_count);