Commit d9211c9e authored by Vincent Povirk's avatar Vincent Povirk Committed by Alexandre Julliard

atl: Do not access m_pTermFuncs if the structure is too small.

parent 99af1ee3
...@@ -123,15 +123,20 @@ HRESULT WINAPI AtlModuleLoadTypeLib(_ATL_MODULEW *pM, LPCOLESTR lpszIndex, ...@@ -123,15 +123,20 @@ HRESULT WINAPI AtlModuleLoadTypeLib(_ATL_MODULEW *pM, LPCOLESTR lpszIndex,
HRESULT WINAPI AtlModuleTerm(_ATL_MODULE *pM) HRESULT WINAPI AtlModuleTerm(_ATL_MODULE *pM)
{ {
_ATL_TERMFUNC_ELEM *iter = pM->m_pTermFuncs, *tmp; _ATL_TERMFUNC_ELEM *iter, *tmp;
TRACE("(%p)\n", pM); TRACE("(%p)\n", pM);
while(iter) { if (pM->cbSize > ATLVer1Size)
iter->pFunc(iter->dw); {
tmp = iter; iter = pM->m_pTermFuncs;
iter = iter->pNext;
HeapFree(GetProcessHeap(), 0, tmp); while(iter) {
iter->pFunc(iter->dw);
tmp = iter;
iter = iter->pNext;
HeapFree(GetProcessHeap(), 0, tmp);
}
} }
return S_OK; return S_OK;
...@@ -143,12 +148,15 @@ HRESULT WINAPI AtlModuleAddTermFunc(_ATL_MODULEW *pM, _ATL_TERMFUNC *pFunc, DWOR ...@@ -143,12 +148,15 @@ HRESULT WINAPI AtlModuleAddTermFunc(_ATL_MODULEW *pM, _ATL_TERMFUNC *pFunc, DWOR
TRACE("(%p %p %ld)\n", pM, pFunc, dw); TRACE("(%p %p %ld)\n", pM, pFunc, dw);
termfunc_elem = HeapAlloc(GetProcessHeap(), 0, sizeof(_ATL_TERMFUNC_ELEM)); if (pM->cbSize > ATLVer1Size)
termfunc_elem->pFunc = pFunc; {
termfunc_elem->dw = dw; termfunc_elem = HeapAlloc(GetProcessHeap(), 0, sizeof(_ATL_TERMFUNC_ELEM));
termfunc_elem->pNext = pM->m_pTermFuncs; termfunc_elem->pFunc = pFunc;
termfunc_elem->dw = dw;
termfunc_elem->pNext = pM->m_pTermFuncs;
pM->m_pTermFuncs = termfunc_elem; pM->m_pTermFuncs = termfunc_elem;
}
return S_OK; return S_OK;
} }
......
...@@ -113,8 +113,48 @@ static void test_winmodule(void) ...@@ -113,8 +113,48 @@ static void test_winmodule(void)
ok(winmod.m_pCreateWndList == create_data+1, "winmod.m_pCreateWndList != create_data\n"); ok(winmod.m_pCreateWndList == create_data+1, "winmod.m_pCreateWndList != create_data\n");
} }
static DWORD cb_val;
static void WINAPI term_callback(DWORD dw)
{
cb_val = dw;
}
static void test_term(void)
{
_ATL_MODULEW test;
HRESULT hres;
test.cbSize = sizeof(_ATL_MODULEW);
hres = AtlModuleInit(&test, NULL, NULL);
ok (hres == S_OK, "AtlModuleInit failed (0x%x).\n", (int)hres);
hres = AtlModuleAddTermFunc(&test, term_callback, 0x22);
ok (hres == S_OK, "AtlModuleAddTermFunc failed (0x%x).\n", (int)hres);
cb_val = 0xdeadbeef;
hres = AtlModuleTerm(&test);
ok (hres == S_OK, "AtlModuleTerm failed (0x%x).\n", (int)hres);
ok (cb_val == 0x22, "wrong callback value (0x%x).\n", (int)cb_val);
test.cbSize = FIELD_OFFSET(_ATL_MODULEW, dwAtlBuildVer);
hres = AtlModuleInit(&test, NULL, NULL);
ok (hres == S_OK, "AtlModuleInit failed (0x%x).\n", (int)hres);
hres = AtlModuleAddTermFunc(&test, term_callback, 0x23);
ok (hres == S_OK, "AtlModuleAddTermFunc failed (0x%x).\n", (int)hres);
cb_val = 0xdeadbeef;
hres = AtlModuleTerm(&test);
ok (hres == S_OK, "AtlModuleTerm failed (0x%x).\n", (int)hres);
ok (cb_val == 0xdeadbeef, "wrong callback value (0x%x).\n", (int)cb_val);
}
START_TEST(module) START_TEST(module)
{ {
test_StructSize(); test_StructSize();
test_winmodule(); test_winmodule();
test_term();
} }
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment