From 3ccc401fc983b40559bbdbbbb9db9a7356030596 Mon Sep 17 00:00:00 2001 From: Kyle Machulis Date: Fri, 16 Mar 2018 18:20:31 -0700 Subject: [PATCH] Bug 1403185 - Fix button value index lookup oob for Windows Gamepads; r=ted We can get button indexes in HID usage reports that do not actually correspond to a button we store, meaning we can overstep bounds of the button array. Check validity before accessing array. MozReview-Commit-ID: AAQJLEgy2Ua --HG-- extra : rebase_source : d665f7713612b76f7b36ca3d2ace1e6659bb5099 --- dom/gamepad/windows/WindowsGamepad.cpp | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/dom/gamepad/windows/WindowsGamepad.cpp b/dom/gamepad/windows/WindowsGamepad.cpp index 99a125ab3e8f..ec3bf626faaf 100644 --- a/dom/gamepad/windows/WindowsGamepad.cpp +++ b/dom/gamepad/windows/WindowsGamepad.cpp @@ -860,6 +860,11 @@ WindowsGamepadService::HandleRawInput(HRAWINPUT handle) memset(buttons.Elements(), 0, gamepad->numButtons * sizeof(bool)); for (unsigned i = 0; i < usageLength; i++) { + // The button index in usages may be larger than what we detected when + // enumerating gamepads. If so, warn and continue. + if (NS_WARN_IF((usages[i] - 1) >= buttons.Length())) { + continue; + } buttons[usages[i] - 1] = true; }