Commit b8215658 authored by Mikołaj Zalewski's avatar Mikołaj Zalewski Committed by Alexandre Julliard

comctl32: header: Avoid freeing invalid pointers.

parent a1c98ea8
...@@ -99,7 +99,16 @@ typedef struct ...@@ -99,7 +99,16 @@ typedef struct
#define HEADER_GetInfoPtr(hwnd) ((HEADER_INFO *)GetWindowLongPtrW(hwnd,0)) #define HEADER_GetInfoPtr(hwnd) ((HEADER_INFO *)GetWindowLongPtrW(hwnd,0))
static const WCHAR themeClass[] = {'H','e','a','d','e','r',0}; static const WCHAR themeClass[] = {'H','e','a','d','e','r',0};
static WCHAR emptyString[] = {0};
static void HEADER_DisposeItem(HEADER_ITEM *lpItem)
{
if (lpItem->pszText && lpItem->pszText != emptyString &&
lpItem->pszText != LPSTR_TEXTCALLBACKW) /* covers LPSTR_TEXTCALLBACKA too */
{
Free(lpItem->pszText);
}
}
inline static LRESULT inline static LRESULT
HEADER_IndexToOrder (HWND hwnd, INT iItem) HEADER_IndexToOrder (HWND hwnd, INT iItem)
...@@ -796,8 +805,7 @@ HEADER_DeleteItem (HWND hwnd, WPARAM wParam) ...@@ -796,8 +805,7 @@ HEADER_DeleteItem (HWND hwnd, WPARAM wParam)
if (infoPtr->uNumItem == 1) { if (infoPtr->uNumItem == 1) {
TRACE("Simple delete!\n"); TRACE("Simple delete!\n");
if (infoPtr->items[0].pszText) HEADER_DisposeItem(&infoPtr->items[0]);
Free (infoPtr->items[0].pszText);
Free (infoPtr->items); Free (infoPtr->items);
Free(infoPtr->order); Free(infoPtr->order);
infoPtr->items = 0; infoPtr->items = 0;
...@@ -812,8 +820,7 @@ HEADER_DeleteItem (HWND hwnd, WPARAM wParam) ...@@ -812,8 +820,7 @@ HEADER_DeleteItem (HWND hwnd, WPARAM wParam)
for (i = 0; i < infoPtr->uNumItem; i++) for (i = 0; i < infoPtr->uNumItem; i++)
TRACE("%d: order=%d, iOrder=%d, ->iOrder=%d\n", i, infoPtr->order[i], infoPtr->items[i].iOrder, infoPtr->items[infoPtr->order[i]].iOrder); TRACE("%d: order=%d, iOrder=%d, ->iOrder=%d\n", i, infoPtr->order[i], infoPtr->items[i].iOrder, infoPtr->items[infoPtr->order[i]].iOrder);
if (infoPtr->items[iItem].pszText) HEADER_DisposeItem(&infoPtr->items[iItem]);
Free (infoPtr->items[iItem].pszText);
iOrder = infoPtr->items[iItem].iOrder; iOrder = infoPtr->items[iItem].iOrder;
infoPtr->uNumItem--; infoPtr->uNumItem--;
...@@ -1111,7 +1118,7 @@ HEADER_InsertItemT (HWND hwnd, INT nItem, LPHDITEMW phdi, BOOL bUnicode) ...@@ -1111,7 +1118,7 @@ HEADER_InsertItemT (HWND hwnd, INT nItem, LPHDITEMW phdi, BOOL bUnicode)
if (phdi->mask & HDI_TEXT) if (phdi->mask & HDI_TEXT)
{ {
if (!phdi->pszText) phdi->pszText = '\0'; /* null pointer check */ if (!phdi->pszText) phdi->pszText = emptyString; /* null pointer check */
if (phdi->pszText != LPSTR_TEXTCALLBACKW) /* covers != TEXTCALLBACKA too */ if (phdi->pszText != LPSTR_TEXTCALLBACKW) /* covers != TEXTCALLBACKA too */
{ {
if (bUnicode) if (bUnicode)
...@@ -1255,7 +1262,8 @@ HEADER_SetItemT (HWND hwnd, INT nItem, LPHDITEMW phdi, BOOL bUnicode) ...@@ -1255,7 +1262,8 @@ HEADER_SetItemT (HWND hwnd, INT nItem, LPHDITEMW phdi, BOOL bUnicode)
{ {
if (lpItem->pszText) if (lpItem->pszText)
{ {
Free(lpItem->pszText); if (lpItem->pszText != emptyString && lpItem->pszText != LPSTR_TEXTCALLBACKW)
Free(lpItem->pszText);
lpItem->pszText = NULL; lpItem->pszText = NULL;
} }
if (phdi->pszText) if (phdi->pszText)
...@@ -1374,8 +1382,7 @@ HEADER_Destroy (HWND hwnd, WPARAM wParam, LPARAM lParam) ...@@ -1374,8 +1382,7 @@ HEADER_Destroy (HWND hwnd, WPARAM wParam, LPARAM lParam)
if (infoPtr->items) { if (infoPtr->items) {
lpItem = infoPtr->items; lpItem = infoPtr->items;
for (nItem = 0; nItem < infoPtr->uNumItem; nItem++, lpItem++) { for (nItem = 0; nItem < infoPtr->uNumItem; nItem++, lpItem++) {
if ((lpItem->pszText) && (lpItem->pszText != LPSTR_TEXTCALLBACKW)) HEADER_DisposeItem(lpItem);
Free (lpItem->pszText);
} }
Free (infoPtr->items); Free (infoPtr->items);
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment