Commit cdf06864 authored by Mikołaj Zalewski's avatar Mikołaj Zalewski Committed by Alexandre Julliard

shell32/explorer: Support different structure sizes in Shell_NotifyIcon.

parent 823c64ef
...@@ -45,7 +45,8 @@ static const WCHAR classname[] = /* Shell_TrayWnd */ {'S','h','e','l','l','_','T ...@@ -45,7 +45,8 @@ static const WCHAR classname[] = /* Shell_TrayWnd */ {'S','h','e','l','l','_','T
BOOL WINAPI Shell_NotifyIconA(DWORD dwMessage, PNOTIFYICONDATAA pnid) BOOL WINAPI Shell_NotifyIconA(DWORD dwMessage, PNOTIFYICONDATAA pnid)
{ {
NOTIFYICONDATAW nidW; NOTIFYICONDATAW nidW;
ZeroMemory(&nidW, sizeof(nidW));
nidW.cbSize = sizeof(nidW); nidW.cbSize = sizeof(nidW);
nidW.hWnd = pnid->hWnd; nidW.hWnd = pnid->hWnd;
nidW.uID = pnid->uID; nidW.uID = pnid->uID;
...@@ -54,21 +55,30 @@ BOOL WINAPI Shell_NotifyIconA(DWORD dwMessage, PNOTIFYICONDATAA pnid) ...@@ -54,21 +55,30 @@ BOOL WINAPI Shell_NotifyIconA(DWORD dwMessage, PNOTIFYICONDATAA pnid)
nidW.hIcon = pnid->hIcon; nidW.hIcon = pnid->hIcon;
/* szTip */ /* szTip */
MultiByteToWideChar(CP_ACP, 0, pnid->szTip, -1, nidW.szTip, sizeof(nidW.szTip)/sizeof(WCHAR)); if (pnid->uFlags & NIF_TIP)
MultiByteToWideChar(CP_ACP, 0, pnid->szTip, -1, nidW.szTip, sizeof(nidW.szTip)/sizeof(WCHAR));
nidW.dwState = pnid->dwState; if (pnid->cbSize >= NOTIFYICONDATAA_V2_SIZE)
nidW.dwStateMask = pnid->dwStateMask; {
nidW.dwState = pnid->dwState;
/* szInfo */ nidW.dwStateMask = pnid->dwStateMask;
MultiByteToWideChar(CP_ACP, 0, pnid->szInfo, -1, nidW.szInfo, sizeof(nidW.szInfo)/sizeof(WCHAR));
nidW.u.uTimeout = pnid->u.uTimeout; /* szInfo, szInfoTitle */
if (pnid->uFlags & NIF_INFO)
{
MultiByteToWideChar(CP_ACP, 0, pnid->szInfo, -1, nidW.szInfo, sizeof(nidW.szInfo)/sizeof(WCHAR));
MultiByteToWideChar(CP_ACP, 0, pnid->szInfoTitle, -1, nidW.szInfoTitle, sizeof(nidW.szInfoTitle)/sizeof(WCHAR));
}
/* szInfoTitle */ nidW.u.uTimeout = pnid->u.uTimeout;
MultiByteToWideChar(CP_ACP, 0, pnid->szInfoTitle, -1, nidW.szInfoTitle, sizeof(nidW.szInfoTitle)/sizeof(WCHAR)); nidW.dwInfoFlags = pnid->dwInfoFlags;
}
nidW.dwInfoFlags = pnid->dwInfoFlags; if (pnid->cbSize >= NOTIFYICONDATAA_V3_SIZE)
nidW.guidItem = pnid->guidItem;
if (pnid->cbSize >= sizeof(NOTIFYICONDATAA))
nidW.hBalloonIcon = pnid->hBalloonIcon;
return Shell_NotifyIconW(dwMessage, &nidW); return Shell_NotifyIconW(dwMessage, &nidW);
} }
...@@ -80,7 +90,7 @@ BOOL WINAPI Shell_NotifyIconW(DWORD dwMessage, PNOTIFYICONDATAW nid) ...@@ -80,7 +90,7 @@ BOOL WINAPI Shell_NotifyIconW(DWORD dwMessage, PNOTIFYICONDATAW nid)
HWND tray; HWND tray;
COPYDATASTRUCT cds; COPYDATASTRUCT cds;
TRACE("dwMessage = %d\n", dwMessage); TRACE("dwMessage = %d, nid->cbSize=%d\n", dwMessage, nid->cbSize);
tray = FindWindowExW(0, NULL, classname, NULL); tray = FindWindowExW(0, NULL, classname, NULL);
if (!tray) return FALSE; if (!tray) return FALSE;
...@@ -111,7 +121,7 @@ BOOL WINAPI Shell_NotifyIconW(DWORD dwMessage, PNOTIFYICONDATAW nid) ...@@ -111,7 +121,7 @@ BOOL WINAPI Shell_NotifyIconW(DWORD dwMessage, PNOTIFYICONDATAW nid)
cbMaskBits = (bmMask.bmPlanes * bmMask.bmWidth * bmMask.bmHeight * bmMask.bmBitsPixel) / 8; cbMaskBits = (bmMask.bmPlanes * bmMask.bmWidth * bmMask.bmHeight * bmMask.bmBitsPixel) / 8;
cbColourBits = (bmColour.bmPlanes * bmColour.bmWidth * bmColour.bmHeight * bmColour.bmBitsPixel) / 8; cbColourBits = (bmColour.bmPlanes * bmColour.bmWidth * bmColour.bmHeight * bmColour.bmBitsPixel) / 8;
cds.cbData = sizeof(*nid) + 2*sizeof(BITMAP) + cbMaskBits + cbColourBits; cds.cbData = nid->cbSize + 2*sizeof(BITMAP) + cbMaskBits + cbColourBits;
buffer = HeapAlloc(GetProcessHeap(), 0, cds.cbData); buffer = HeapAlloc(GetProcessHeap(), 0, cds.cbData);
if (!buffer) if (!buffer)
{ {
...@@ -122,7 +132,7 @@ BOOL WINAPI Shell_NotifyIconW(DWORD dwMessage, PNOTIFYICONDATAW nid) ...@@ -122,7 +132,7 @@ BOOL WINAPI Shell_NotifyIconW(DWORD dwMessage, PNOTIFYICONDATAW nid)
cds.lpData = buffer; cds.lpData = buffer;
memcpy(buffer, nid, sizeof(*nid)); memcpy(buffer, nid, sizeof(*nid));
buffer += sizeof(*nid); buffer += nid->cbSize;
memcpy(buffer, &bmMask, sizeof(bmMask)); memcpy(buffer, &bmMask, sizeof(bmMask));
buffer += sizeof(bmMask); buffer += sizeof(bmMask);
memcpy(buffer, &bmColour, sizeof(bmColour)); memcpy(buffer, &bmColour, sizeof(bmColour));
...@@ -138,7 +148,7 @@ BOOL WINAPI Shell_NotifyIconW(DWORD dwMessage, PNOTIFYICONDATAW nid) ...@@ -138,7 +148,7 @@ BOOL WINAPI Shell_NotifyIconW(DWORD dwMessage, PNOTIFYICONDATAW nid)
else else
{ {
noicon: noicon:
cds.cbData = sizeof(*nid); cds.cbData = nid->cbSize;
cds.lpData = nid; cds.lpData = nid;
} }
......
...@@ -363,6 +363,8 @@ typedef struct _NOTIFYICONDATAA ...@@ -363,6 +363,8 @@ typedef struct _NOTIFYICONDATAA
} DUMMYUNIONNAME; } DUMMYUNIONNAME;
CHAR szInfoTitle[64]; CHAR szInfoTitle[64];
DWORD dwInfoFlags; DWORD dwInfoFlags;
GUID guidItem;
HICON hBalloonIcon;
} NOTIFYICONDATAA, *PNOTIFYICONDATAA; } NOTIFYICONDATAA, *PNOTIFYICONDATAA;
typedef struct _NOTIFYICONDATAW typedef struct _NOTIFYICONDATAW
...@@ -382,6 +384,8 @@ typedef struct _NOTIFYICONDATAW ...@@ -382,6 +384,8 @@ typedef struct _NOTIFYICONDATAW
} DUMMYUNIONNAME; } DUMMYUNIONNAME;
WCHAR szInfoTitle[64]; WCHAR szInfoTitle[64];
DWORD dwInfoFlags; DWORD dwInfoFlags;
GUID guidItem;
HICON hBalloonIcon;
} NOTIFYICONDATAW, *PNOTIFYICONDATAW; } NOTIFYICONDATAW, *PNOTIFYICONDATAW;
DECL_WINELIB_TYPE_AW(NOTIFYICONDATA) DECL_WINELIB_TYPE_AW(NOTIFYICONDATA)
...@@ -392,6 +396,19 @@ BOOL WINAPI Shell_NotifyIconW(DWORD dwMessage, PNOTIFYICONDATAW lpData); ...@@ -392,6 +396,19 @@ BOOL WINAPI Shell_NotifyIconW(DWORD dwMessage, PNOTIFYICONDATAW lpData);
#define Shell_NotifyIcon WINELIB_NAME_AW(Shell_NotifyIcon) #define Shell_NotifyIcon WINELIB_NAME_AW(Shell_NotifyIcon)
/* pre IE 5.0 */
#define NOTIFYICONDATAA_V1_SIZE FIELD_OFFSET(NOTIFYICONDATAA, szTip[64])
#define NOTIFYICONDATAW_V1_SIZE FIELD_OFFSET(NOTIFYICONDATAW, szTip[64])
/* pre Window XP */
#define NOTIFYICONDATAA_V2_SIZE FIELD_OFFSET(NOTIFYICONDATAA, guidItem)
#define NOTIFYICONDATAW_V2_SIZE FIELD_OFFSET(NOTIFYICONDATAW, guidItem)
/* pre Window Vista */
#define NOTIFYICONDATAA_V3_SIZE FIELD_OFFSET(NOTIFYICONDATAA, hBalloonIcon)
#define NOTIFYICONDATAW_V3_SIZE FIELD_OFFSET(NOTIFYICONDATAW, hBalloonIcon)
/****************************************** /******************************************
* Links * Links
*/ */
......
...@@ -301,13 +301,18 @@ static void delete_icon(const NOTIFYICONDATAW *nid) ...@@ -301,13 +301,18 @@ static void delete_icon(const NOTIFYICONDATAW *nid)
static void handle_incoming(HWND hwndSource, COPYDATASTRUCT *cds) static void handle_incoming(HWND hwndSource, COPYDATASTRUCT *cds)
{ {
NOTIFYICONDATAW nid; NOTIFYICONDATAW nid;
DWORD cbSize;
if (cds->cbData < sizeof(nid)) return; if (cds->cbData < NOTIFYICONDATAW_V1_SIZE) return;
memcpy(&nid, cds->lpData, sizeof(nid)); cbSize = ((PNOTIFYICONDATA)cds->lpData)->cbSize;
if (cbSize < NOTIFYICONDATAW_V1_SIZE) return;
ZeroMemory(&nid, sizeof(nid));
memcpy(&nid, cds->lpData, min(sizeof(nid), cbSize));
/* FIXME: if statement only needed because we don't support interprocess /* FIXME: if statement only needed because we don't support interprocess
* icon handles */ * icon handles */
if ((nid.uFlags & NIF_ICON) && (cds->cbData >= sizeof(nid) + 2 * sizeof(BITMAP))) if ((nid.uFlags & NIF_ICON) && (cds->cbData >= nid.cbSize + 2 * sizeof(BITMAP)))
{ {
LONG cbMaskBits; LONG cbMaskBits;
LONG cbColourBits; LONG cbColourBits;
...@@ -315,7 +320,7 @@ static void handle_incoming(HWND hwndSource, COPYDATASTRUCT *cds) ...@@ -315,7 +320,7 @@ static void handle_incoming(HWND hwndSource, COPYDATASTRUCT *cds)
BITMAP bmColour; BITMAP bmColour;
const char *buffer = cds->lpData; const char *buffer = cds->lpData;
buffer += sizeof(nid); buffer += nid.cbSize;
memcpy(&bmMask, buffer, sizeof(bmMask)); memcpy(&bmMask, buffer, sizeof(bmMask));
buffer += sizeof(bmMask); buffer += sizeof(bmMask);
...@@ -325,7 +330,7 @@ static void handle_incoming(HWND hwndSource, COPYDATASTRUCT *cds) ...@@ -325,7 +330,7 @@ static void handle_incoming(HWND hwndSource, COPYDATASTRUCT *cds)
cbMaskBits = (bmMask.bmPlanes * bmMask.bmWidth * bmMask.bmHeight * bmMask.bmBitsPixel) / 8; cbMaskBits = (bmMask.bmPlanes * bmMask.bmWidth * bmMask.bmHeight * bmMask.bmBitsPixel) / 8;
cbColourBits = (bmColour.bmPlanes * bmColour.bmWidth * bmColour.bmHeight * bmColour.bmBitsPixel) / 8; cbColourBits = (bmColour.bmPlanes * bmColour.bmWidth * bmColour.bmHeight * bmColour.bmBitsPixel) / 8;
if (cds->cbData < sizeof(nid) + 2 * sizeof(BITMAP) + cbMaskBits + cbColourBits) if (cds->cbData < nid.cbSize + 2 * sizeof(BITMAP) + cbMaskBits + cbColourBits)
{ {
WINE_ERR("buffer underflow\n"); WINE_ERR("buffer underflow\n");
return; return;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment