Re: D3D8_GetCreationParameters fix

Thu, 08 Jul 2004 15:41:41 -0700 

Having given thought to the issue, you're right.
That was a bad solution, sorry.

It should have failed with D3DERR_INVALIDCALL if it's a bad write
pointer.
Is this new patch ok?

On Thu, 2004-07-08 at 19:45, Christian Costa wrote:
> Andrei Barbu wrote:
> 
> >It doesn't have to return that memory, DX functions work by taking
> >parameters they modify. In essence, that's the point, modifying
> >pParameters and returning D3D_OK
> >
> Marcus is right.
> Morover, according to the doc, a pointer to a valid area must be passed 
> as parameter (the prototype confirms that).
> BTW, what is the problem you intend to fix?
> 
> >
> >Andrei
> >
> >On Thu, 2004-07-08 at 15:50, Marcus Meissner wrote:
> >  
> >
> >>On Fri, Jul 09, 2004 at 04:39:31AM +0900, Mike McCormack wrote:
> >>    
> >>
> >>>You probably want to use a Windows method to allocate memory here, such 
> >>>as HeapAlloc() or CoTaskMemAlloc, as the caller is not going to use 
> >>>free() to free the memory...
> >>>      
> >>>
> >>>Mike
> >>>
> >>>Andrei Barbu wrote:
> >>>      
> >>>
> >>>>Changelog:
> >>>>
> >>>>Fixes a memory access fault inside of D3D8_GetCreationParameters.
> >>>>        
> >>>>
> >>>...
> >>>      
> >>>
> >>>>HRESULT  WINAPI  
> >>>>IDirect3DDevice8Impl_GetCreationParameters(LPDIRECT3DDEVICE8 iface, 
> >>>>D3DDEVICE_CREATION_PARAMETERS *pParameters) {
> >>>>    ICOM_THIS(IDirect3DDevice8Impl,iface);
> >>>>    TRACE("(%p) copying to %p\n", This, pParameters);    
> >>>>+
> >>>>+    pParameters = (D3DDEVICE_CREATION_PARAMETERS*) malloc( sizeof( 
> >>>>D3DDEVICE_CREATION_PARAMETERS ));
> >>>>    memcpy(pParameters, &This->CreateParms, 
> >>>>    sizeof(D3DDEVICE_CREATION_PARAMETERS));
> >>>>    return D3D_OK;
> >>>>}
> >>>>        
> >>>>
> >> 
> >>Its also wrong, because the patch just overwrites the pParameters argument
> >>and does not return the allocated memory.
> >>
> >>Ciao, Marcus
> >>
> >>    
> >>
> >
> >  
> >
> 
> 
> 
> 

Index: device.c
===================================================================
RCS file: /home/wine/wine/dlls/d3d8/device.c,v
retrieving revision 1.112
diff -u -r1.112 device.c
--- device.c	14 Jun 2004 16:57:41 -0000	1.112
+++ device.c	8 Jul 2004 22:33:54 -0000
@@ -380,6 +381,12 @@
 HRESULT  WINAPI  IDirect3DDevice8Impl_GetCreationParameters(LPDIRECT3DDEVICE8 iface, D3DDEVICE_CREATION_PARAMETERS *pParameters) {
     ICOM_THIS(IDirect3DDevice8Impl,iface);
     TRACE("(%p) copying to %p\n", This, pParameters);    
+
+    if( IsBadWritePtr( pParameters , sizeof( D3DDEVICE_CREATION_PARAMETERS ) ) )
+    {
+	WARN("(%p) : bad pointer in device caps (%p)\n", This, pParameters);
+	return D3DERR_INVALIDCALL;
+    }
     memcpy(pParameters, &This->CreateParms, sizeof(D3DDEVICE_CREATION_PARAMETERS));
     return D3D_OK;
 }

Attachment: signature.asc
Description: This is a digitally signed message part

Reply via email to