Bug 1403185 - Fix button value index lookup oob for Windows Gamepads; r=ted
We can get button indexes in HID usage reports that do not actually
correspond to a button we store, meaning we can overstep bounds of the
button array. Check validity before accessing array.
MozReview-Commit-ID: AAQJLEgy2Ua
--- a/dom/gamepad/windows/WindowsGamepad.cpp
+++ b/dom/gamepad/windows/WindowsGamepad.cpp
@@ -855,16 +855,21 @@ WindowsGamepadService::HandleRawInput(HR
}
nsTArray<bool> buttons(gamepad->numButtons);
buttons.SetLength(gamepad->numButtons);
// If we don't zero out the buttons array first, sometimes it can reuse values.
memset(buttons.Elements(), 0, gamepad->numButtons * sizeof(bool));
for (unsigned i = 0; i < usageLength; i++) {
+ // The button index in usages may be larger than what we detected when
+ // enumerating gamepads. If so, warn and continue.
+ if (NS_WARN_IF((usages[i] - 1) >= buttons.Length())) {
+ continue;
+ }
buttons[usages[i] - 1] = true;
}
if (gamepad->hasDpad) {
// Get d-pad position as 4 buttons.
ULONG value;
if (mHID.mHidP_GetUsageValue(HidP_Input, gamepad->dpadCaps.UsagePage, 0, gamepad->dpadCaps.Range.UsageMin, &value, parsed, (PCHAR)raw->data.hid.bRawData, raw->data.hid.dwSizeHid) == HIDP_STATUS_SUCCESS) {
UnpackDpad(static_cast<LONG>(value), gamepad, buttons);