From 8a16fa8341821689e04f5a46cc3d06f44a46caef Mon Sep 17 00:00:00 2001
From: jp9000 <obs.jim@gmail.com>
Date: Sat, 24 Feb 2018 21:45:30 -0800
Subject: [PATCH] win-capture/graphics-hook: Fix memory offset calculation

Fixes an issue where align_pos could be smaller than
sizeof(struct shmem_data), potentially overwriting memory of the header.

References jp9000/obs-studio#1202
---
 plugins/win-capture/graphics-hook/graphics-hook.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/plugins/win-capture/graphics-hook/graphics-hook.c b/plugins/win-capture/graphics-hook/graphics-hook.c
index c3f43ebe3..778646277 100644
--- a/plugins/win-capture/graphics-hook/graphics-hook.c
+++ b/plugins/win-capture/graphics-hook/graphics-hook.c
@@ -690,7 +690,7 @@ bool capture_init_shmem(struct shmem_data **data, HWND window,
 	uint32_t  tex_size       = cy * pitch;
 	uint32_t  aligned_header = ALIGN(sizeof(struct shmem_data), 32);
 	uint32_t  aligned_tex    = ALIGN(tex_size, 32);
-	uint32_t  total_size     = aligned_header + aligned_tex * 2;
+	uint32_t  total_size     = aligned_header + aligned_tex * 2 + 32;
 	uintptr_t align_pos;
 
 	if (!init_shared_info(total_size)) {
@@ -706,6 +706,9 @@ bool capture_init_shmem(struct shmem_data **data, HWND window,
 	align_pos &= ~(32 - 1);
 	align_pos -= (uintptr_t)shmem_info;
 
+	if (align_pos < sizeof(struct shmem_data))
+		align_pos += 32;
+
 	(*data)->last_tex = -1;
 	(*data)->tex1_offset = (uint32_t)align_pos;
 	(*data)->tex2_offset = (*data)->tex1_offset + aligned_tex;
-- 
GitLab