From 7ffe77f7c4f1ef461ae71bd0f24b0c1b0b39d115 Mon Sep 17 00:00:00 2001
From: WinterSnowfall <WinterSnowfall@users.noreply.github.com>
Date: Sun, 13 Oct 2024 21:52:08 +0300
Subject: [PATCH] [d3d9] Validate pBox dimensions with LockBox

---
 src/d3d9/d3d9_volume.cpp | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/src/d3d9/d3d9_volume.cpp b/src/d3d9/d3d9_volume.cpp
index 1f41a8dd4..a70c8b24b 100644
--- a/src/d3d9/d3d9_volume.cpp
+++ b/src/d3d9/d3d9_volume.cpp
@@ -104,6 +104,20 @@ namespace dxvk {
       pLockedBox->SlicePitch = 0;
     }
 
+    if (unlikely(pBox != nullptr)) {
+      auto& desc = *(m_texture->Desc());
+
+      // Negative or zero length dimensions
+      if ( static_cast<LONG>(pBox->Right)  - static_cast<LONG>(pBox->Left)  <= 0
+        || static_cast<LONG>(pBox->Bottom) - static_cast<LONG>(pBox->Top)   <= 0
+        || static_cast<LONG>(pBox->Back)   - static_cast<LONG>(pBox->Front) <= 0
+      // Exceeding surface dimensions
+        || pBox->Right  > desc.Width
+        || pBox->Bottom > desc.Height
+        || pBox->Back   > desc.Depth)
+        return D3DERR_INVALIDCALL;
+    }
+
     D3DLOCKED_BOX lockedBox;
 
     HRESULT hr = m_parent->LockImage(