Skip to content

W
wine-cw
Commit 60fedd23 authored by Nikolay Sivov's avatar Nikolay Sivov Committed by Alexandre Julliard
Browse files
Options

comctl32: Protect TVM_GETITEM from invalid item pointers.

Signed-off-by: 's avatarSebastian Lackner <sebastian@fds-team.de> Signed-off-by: 's avatarAlexandre Julliard <julliard@winehq.org>
parent d33f0a49
Hide whitespace changes
Inline Side-by-side
Showing with 20 additions and 3 deletions
dlls/comctl32/tests/treeview.c
View file @ 60fedd23
......@@ -905,6 +905,13 @@ static void test_get_set_item(void)
expect(TRUE, ret);
ok(tviRoot.state == TVIS_FOCUSED, "got state 0x%0x\n", tviRoot.state);
/* invalid item pointer, nt4 crashes here but later versions just return 0 */
tviRoot.hItem = (HTREEITEM)0xdeadbeef;
tviRoot.mask = TVIF_STATE;
tviRoot.state = 0;
ret = SendMessageA(hTree2, TVM_GETITEMA, 0, (LPARAM)&tviRoot);
expect(FALSE, ret);
DestroyWindow(hTree);
DestroyWindow(hTree2);
}
......
dlls/comctl32/treeview.c
View file @ 60fedd23
......@@ -63,6 +63,7 @@
#include "vssym32.h"
#include "wine/unicode.h"
#include "wine/debug.h"
#include "wine/exception.h"
WINE_DEFAULT_DEBUG_CHANNEL(treeview);
......@@ -2068,11 +2069,20 @@ TREEVIEW_GetItemT(const TREEVIEW_INFO *infoPtr, LPTVITEMEXW tvItem, BOOL isW)
if (!TREEVIEW_ValidItem(infoPtr, item))
{
BOOL valid_item = FALSE;
if (!item) return FALSE;
TRACE("got item from different tree %p, called from %p\n", item->infoPtr, infoPtr);
infoPtr = item->infoPtr;
if (!TREEVIEW_ValidItem(infoPtr, item)) return FALSE;
__TRY
{
infoPtr = item->infoPtr;
TRACE("got item from different tree %p, called from %p\n", item->infoPtr, infoPtr);
valid_item = TREEVIEW_ValidItem(infoPtr, item);
}
__EXCEPT_PAGE_FAULT
{
}
__ENDTRY
if (!valid_item) return FALSE;
}
TREEVIEW_UpdateDispInfo(infoPtr, item, tvItem->mask);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment