From a53af220a7dd90791b998aa6a7b769b86da8a0c9 Mon Sep 17 00:00:00 2001
From: Stanislaw Halik <sthalik@misaki.pl>
Date: Thu, 14 Mar 2019 13:47:30 +0100
Subject: tracker/wii: fix memory errors

Issue: #876
---
 tracker-wii/wii_camera.cpp          | 9 +++++----
 tracker-wii/wiiyourself/wiimote.cpp | 4 +++-
 tracker-wii/wiiyourself/wiimote.h   | 1 +
 3 files changed, 9 insertions(+), 5 deletions(-)

(limited to 'tracker-wii')

diff --git a/tracker-wii/wii_camera.cpp b/tracker-wii/wii_camera.cpp
index af9a2d1f..90ad6385 100644
--- a/tracker-wii/wii_camera.cpp
+++ b/tracker-wii/wii_camera.cpp
@@ -119,7 +119,8 @@ wii_camera_status WIICamera::_pair()
 	wii_camera_status ret = wii_cam_wait_for_sync;
 	HBLUETOOTH_RADIO_FIND hbt;
 	BLUETOOTH_FIND_RADIO_PARAMS bt_param;
-	HANDLE hbtlist[10];
+	constexpr int max_devices = 64;
+	HANDLE hbtlist[max_devices];
 	int ibtidx = 0;
 	bool wiifound = false;
 
@@ -127,9 +128,8 @@ wii_camera_status WIICamera::_pair()
 	hbt = BluetoothFindFirstRadio(&bt_param, hbtlist + ibtidx);
 	if (!hbt) { ret = wii_cam_wait_for_dongle; return ret; }
 	do
-	{
 		ibtidx++;
-	} while (BluetoothFindNextRadio(&bt_param, hbtlist + ibtidx));
+	while (ibtidx < max_devices && BluetoothFindNextRadio(&bt_param, hbtlist + ibtidx));
 	BluetoothFindRadioClose(hbt);
 
 
@@ -143,11 +143,12 @@ wii_camera_status WIICamera::_pair()
 		if (ERROR_SUCCESS != BluetoothGetRadioInfo(hbtlist[i], &btinfo)) {break;}
 
 		HBLUETOOTH_DEVICE_FIND hbtdevfd;
-		BLUETOOTH_DEVICE_SEARCH_PARAMS btdevparam;
+		BLUETOOTH_DEVICE_SEARCH_PARAMS btdevparam {};
 		BLUETOOTH_DEVICE_INFO btdevinfo;
 
 		btdevinfo.dwSize = sizeof(btdevinfo);
 		btdevparam.dwSize = sizeof(btdevparam);
+		btdevparam.fReturnUnknown = TRUE;
 		btdevparam.fReturnAuthenticated = TRUE;
 		btdevparam.fReturnConnected = TRUE;
 		btdevparam.fReturnRemembered = TRUE;
diff --git a/tracker-wii/wiiyourself/wiimote.cpp b/tracker-wii/wiiyourself/wiimote.cpp
index e1e49101..e7a8ca90 100644
--- a/tracker-wii/wiiyourself/wiimote.cpp
+++ b/tracker-wii/wiiyourself/wiimote.cpp
@@ -255,7 +255,9 @@ bool wiimote::Connect (unsigned wiimote_index, bool force_hidwrites)
 		{
 		// get the buffer size for this device detail instance
 		DWORD req_size = 0;
-		SetupDiGetDeviceInterfaceDetail(dev_info, &didata, NULL, 0, &req_size, NULL);
+		(void)SetupDiGetDeviceInterfaceDetail(dev_info, &didata, NULL, 0, &req_size, NULL);
+		if (req_size < sizeof(SP_DEVICE_INTERFACE_DETAIL_DATA))
+			WARN(_T("couldn't get device size for %u"), index);
 
 		// (bizarre way of doing it) create a buffer large enough to hold the
 		//  fixed-size detail struct components, and the variable string size
diff --git a/tracker-wii/wiiyourself/wiimote.h b/tracker-wii/wiiyourself/wiimote.h
index 3588b7c7..27551c76 100644
--- a/tracker-wii/wiiyourself/wiimote.h
+++ b/tracker-wii/wiiyourself/wiimote.h
@@ -10,6 +10,7 @@
 
 #pragma once
 
+#undef WIN32_LEAN_AND_MEAN
 #define WIN32_LEAN_AND_MEAN
 #include <windows.h>
 #include <tchar.h>		// auto Unicode/Ansi support
-- 
cgit v1.2.3