ShuriZma
/
snes9x
mirror of https://github.com/snes9xgit/snes9x.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

win32: fix buffer overflows

This commit is contained in:
OV2 2019-02-16 15:42:26 +01:00
parent 1d57e214b3
commit c90de1077b
2 changed files with 11 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
win32/CWaveOut.cpp
View File

@ -189,7 +189,7 @@ void CWaveOut::ProcessSound()
UINT32 samplesleftinblock = (singleBufferBytes - partialOffset) >> 1; UINT32 samplesleftinblock = (singleBufferBytes - partialOffset) >> 1;
BYTE *offsetBuffer = (BYTE *)waveHeaders[writeOffset].lpData + partialOffset; BYTE *offsetBuffer = (BYTE *)waveHeaders[writeOffset].lpData + partialOffset;
if (availableSamples <= samplesleftinblock) if (availableSamples < samplesleftinblock)
{ {
S9xMixSamples(offsetBuffer, availableSamples); S9xMixSamples(offsetBuffer, availableSamples);
partialOffset += availableSamples << 1; partialOffset += availableSamples << 1;
@ -217,7 +217,8 @@ void CWaveOut::ProcessSound()
availableSamples -= singleBufferSamples; availableSamples -= singleBufferSamples;
} }
if (availableSamples > 0 && bufferCount < blockCount) { // need to check this is less than a single buffer, otherwise we have a race condition with bufferCount
if (availableSamples > 0 && availableSamples < singleBufferSamples && bufferCount < blockCount) {
S9xMixSamples((BYTE *)waveHeaders[writeOffset].lpData, availableSamples); S9xMixSamples((BYTE *)waveHeaders[writeOffset].lpData, availableSamples);
partialOffset = availableSamples << 1; partialOffset = availableSamples << 1;
} }

10
win32/CXAudio2.cpp
View File

@ -11,6 +11,7 @@
#include <process.h> #include <process.h>
#include "dxerr.h" #include "dxerr.h"
#include "commctrl.h" #include "commctrl.h"
#include <assert.h>
/* CXAudio2 /* CXAudio2
Implements audio output through XAudio2. Implements audio output through XAudio2.
@ -322,13 +323,16 @@ void CXAudio2::ProcessSound()
} }
if (partialOffset != 0) { if (partialOffset != 0) {
assert(partialOffset < singleBufferBytes);
assert(bufferCount < blockCount);
BYTE *offsetBuffer = soundBuffer + writeOffset + partialOffset; BYTE *offsetBuffer = soundBuffer + writeOffset + partialOffset;
UINT32 samplesleftinblock = (singleBufferBytes - partialOffset) >> 1; UINT32 samplesleftinblock = (singleBufferBytes - partialOffset) >> 1;
if (availableSamples <= samplesleftinblock) if (availableSamples < samplesleftinblock)
{ {
S9xMixSamples(offsetBuffer, availableSamples); S9xMixSamples(offsetBuffer, availableSamples);
partialOffset += availableSamples << 1; partialOffset += availableSamples << 1;
assert(partialOffset < singleBufferBytes);
availableSamples = 0; availableSamples = 0;
} }
else else
@ -351,9 +355,11 @@ void CXAudio2::ProcessSound()
availableSamples -= singleBufferSamples; availableSamples -= singleBufferSamples;
} }
if (availableSamples > 0 && bufferCount < blockCount) { // need to check this is less than a single buffer, otherwise we have a race condition with bufferCount
if (availableSamples > 0 && availableSamples < singleBufferSamples && bufferCount < blockCount) {
S9xMixSamples(soundBuffer + writeOffset, availableSamples); S9xMixSamples(soundBuffer + writeOffset, availableSamples);
partialOffset = availableSamples << 1; partialOffset = availableSamples << 1;
assert(partialOffset < singleBufferBytes);
} }
} }