win-capture/graphics-hook: Fix memory offset calculation

Fixes an issue where align_pos could be smaller than sizeof(struct shmem_data), potentially overwriting memory of the header. References jp9000/obs-studio#1202

win-capture/graphics-hook: Fix memory offset calculation
Fixes an issue where align_pos could be smaller than sizeof(struct shmem_data), potentially overwriting memory of the header. References jp9000/obs-studio#1202
8a16fa83 · jp9000 · d603ffc4 · 8a16fa83
隐藏空白更改
内联并排

Showing with 4 addition and 1 deletion

plugins/win-capture/graphics-hook/graphics-hook.c plugins/win-capture/graphics-hook/graphics-hook.c +4 -1

未找到文件。
--- a/plugins/win-capture/graphics-hook/graphics-hook.c
+++ b/plugins/win-capture/graphics-hook/graphics-hook.c
@@ -690,7 +690,7 @@ bool capture_init_shmem(struct shmem_data **data, HWND window,
 	uint32_t  tex_size       = cy * pitch;
 	uint32_t  aligned_header = ALIGN(sizeof(struct shmem_data), 32);
 	uint32_t  aligned_tex    = ALIGN(tex_size, 32);
-	uint32_t  total_size     = aligned_header + aligned_tex * 2;
+	uint32_t  total_size     = aligned_header + aligned_tex * 2 + 32;
 	uintptr_t align_pos;

 	if (!init_shared_info(total_size)) {
@@ -706,6 +706,9 @@ bool capture_init_shmem(struct shmem_data **data, HWND window,
 	align_pos &= ~(32 - 1);
 	align_pos -= (uintptr_t)shmem_info;

+	if (align_pos < sizeof(struct shmem_data))
+		align_pos += 32;
+
 	(*data)->last_tex = -1;
 	(*data)->tex1_offset = (uint32_t)align_pos;
 	(*data)->tex2_offset = (*data)->tex1_offset + aligned_tex;