From 9add999c513f92e72545ffcbedaf03ff8dd4170a Mon Sep 17 00:00:00 2001
From: winesync <ros-dev@reactos.org>
Date: Mon, 21 Sep 2020 22:50:18 +0200
Subject: [PATCH] [WINESYNC] d3dx9: Secure against unsafe iface to COM object
 transitions.

Signed-off-by: Michael Stefaniuc <mstefani@winehq.org>
Signed-off-by: Matteo Bruni <mbruni@codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>

wine commit id cd3e5020e4c87f49eb042fff9f607b6d745a5d55 by Michael Stefaniuc <mstefani@winehq.org>
---
 dll/directx/wine/d3dx9_36/effect.c | 13 ++++++++++++-
 sdk/tools/winesync/d3dx9.cfg       |  2 +-
 2 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/dll/directx/wine/d3dx9_36/effect.c b/dll/directx/wine/d3dx9_36/effect.c
index cd022dbf0ec..52908a274f1 100644
--- a/dll/directx/wine/d3dx9_36/effect.c
+++ b/dll/directx/wine/d3dx9_36/effect.c
@@ -1772,6 +1772,8 @@ static inline struct d3dx_effect_pool *impl_from_ID3DXEffectPool(ID3DXEffectPool
     return CONTAINING_RECORD(iface, struct d3dx_effect_pool, ID3DXEffectPool_iface);
 }
 
+static inline struct d3dx_effect_pool *unsafe_impl_from_ID3DXEffectPool(ID3DXEffectPool *iface);
+
 static inline struct d3dx_effect *impl_from_ID3DXEffect(ID3DXEffect *iface)
 {
     return CONTAINING_RECORD(iface, struct d3dx_effect, ID3DXEffect_iface);
@@ -6168,8 +6170,8 @@ static HRESULT d3dx9_effect_init(struct d3dx_effect *effect, struct IDirect3DDev
 
     if (pool)
     {
+        effect->pool = unsafe_impl_from_ID3DXEffectPool(pool);
         pool->lpVtbl->AddRef(pool);
-        effect->pool = impl_from_ID3DXEffectPool(pool);
     }
 
     IDirect3DDevice9_AddRef(device);
@@ -6481,6 +6483,15 @@ static const struct ID3DXEffectPoolVtbl ID3DXEffectPool_Vtbl =
     d3dx_effect_pool_Release
 };
 
+static inline struct d3dx_effect_pool *unsafe_impl_from_ID3DXEffectPool(ID3DXEffectPool *iface)
+{
+    if (!iface)
+        return NULL;
+
+    assert(iface->lpVtbl == &ID3DXEffectPool_Vtbl);
+    return impl_from_ID3DXEffectPool(iface);
+}
+
 HRESULT WINAPI D3DXCreateEffectPool(ID3DXEffectPool **pool)
 {
     struct d3dx_effect_pool *object;
diff --git a/sdk/tools/winesync/d3dx9.cfg b/sdk/tools/winesync/d3dx9.cfg
index 2a08def01b1..616db55328b 100644
--- a/sdk/tools/winesync/d3dx9.cfg
+++ b/sdk/tools/winesync/d3dx9.cfg
@@ -15,4 +15,4 @@ files: {include/d3dx9.h: sdk/include/dxsdk/d3dx9.h, include/d3dx9anim.h: sdk/inc
   include/d3dx9mesh.h: sdk/include/dxsdk/d3dx9mesh.h, include/d3dx9of.h: sdk/include/dxsdk/d3dx9of.h,
   include/d3dx9shader.h: sdk/include/dxsdk/d3dx9shader.h, include/d3dx9shape.h: sdk/include/dxsdk/d3dx9shape.h,
   include/d3dx9tex.h: sdk/include/dxsdk/d3dx9tex.h, include/d3dx9xof.h: sdk/include/dxsdk/d3dx9xof.h}
-tags: {wine: 3b951b77f87ed9102fc7a2ccb0807b5592990147}
+tags: {wine: cd3e5020e4c87f49eb042fff9f607b6d745a5d55}