ShuriZma
/
Cxbx-Reloaded
mirror of https://github.com/Cxbx-Reloaded/Cxbx-Reloaded.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Ensure token traversal does not overrun declaration size 

- Updated parameters to include DeclarationSize in order to ensure accesses do not go beyond allocated memory
This commit is contained in:
revel8n 2018-08-09 04:53:14 -05:00
parent 99fb143a04
commit 26f1176cec
No known key found for this signature in database
GPG Key ID: 7FC46D430508269D
3 changed files with 8 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/CxbxKrnl/EmuD3D8.cpp
View File

@ -3545,7 +3545,8 @@ HRESULT WINAPI XTL::EMUPATCH(D3DDevice_CreateVertexShader)
&VertexShaderSize, &VertexShaderSize,
g_VertexShaderConstantMode == X_D3DSCM_NORESERVEDCONSTANTS, g_VertexShaderConstantMode == X_D3DSCM_NORESERVEDCONSTANTS,
&bUseDeclarationOnly, &bUseDeclarationOnly,
pRecompiledDeclaration); pRecompiledDeclaration,
DeclarationSize);
if (SUCCEEDED(hRet)) if (SUCCEEDED(hRet))
{ {
if (!bUseDeclarationOnly) if (!bUseDeclarationOnly)

6
src/CxbxKrnl/EmuD3D8/VertexShader.cpp
View File

@ -2440,7 +2440,8 @@ extern HRESULT XTL::EmuRecompileVshFunction
DWORD *pOriginalSize, DWORD *pOriginalSize,
boolean bNoReservedConstants, boolean bNoReservedConstants,
boolean *pbUseDeclarationOnly, boolean *pbUseDeclarationOnly,
DWORD *pRecompiledDeclaration DWORD *pRecompiledDeclaration,
DWORD DeclarationSize
) )
{ {
VSH_SHADER_HEADER *pShaderHeader = (VSH_SHADER_HEADER*)pFunction; VSH_SHADER_HEADER *pShaderHeader = (VSH_SHADER_HEADER*)pFunction;
@ -2455,6 +2456,7 @@ extern HRESULT XTL::EmuRecompileVshFunction
// as they cause CreateVertexShader to fail // as they cause CreateVertexShader to fail
bool declaredRegisters[13] = { false }; bool declaredRegisters[13] = { false };
DWORD* pDeclToken = pRecompiledDeclaration; DWORD* pDeclToken = pRecompiledDeclaration;
DWORD* pDeclEnd = (DWORD*)((BYTE*)pDeclToken + DeclarationSize);
do { do {
DWORD regNum = *pDeclToken & X_D3DVSD_VERTEXREGMASK; DWORD regNum = *pDeclToken & X_D3DVSD_VERTEXREGMASK;
if (regNum > 12) { if (regNum > 12) {
@ -2466,7 +2468,7 @@ extern HRESULT XTL::EmuRecompileVshFunction
declaredRegisters[regNum] = true; declaredRegisters[regNum] = true;
pDeclToken++; pDeclToken++;
} while (*pDeclToken != X_D3DVSD_END()); } while (pDeclToken < pDeclEnd && *pDeclToken != X_D3DVSD_END());
// TODO: support this situation.. // TODO: support this situation..
if(pFunction == NULL) if(pFunction == NULL)

3
src/CxbxKrnl/EmuD3D8/VertexShader.h
View File

@ -67,7 +67,8 @@ extern HRESULT EmuRecompileVshFunction
DWORD *pOriginalSize, DWORD *pOriginalSize,
boolean bNoReservedConstants, boolean bNoReservedConstants,
boolean *pbUseDeclarationOnly, boolean *pbUseDeclarationOnly,
DWORD *pRecompiledDeclaration DWORD *pRecompiledDeclaration,
DWORD DeclarationSize
); );
extern void FreeVertexDynamicPatch(CxbxVertexShader *pVertexShader); extern void FreeVertexDynamicPatch(CxbxVertexShader *pVertexShader);