Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2025-04-04 12:39:35 +00:00
Code Issues Projects Releases Packages Wiki Activity

[USER32] RegisterClassExWOWW/ExA: NULL or IS_ATOM class are treated the same. (#5291)

Browse source 
CORE-18978

Fixes NULL pointer access when e.g. class.lpszClassName == NULL and
the class is registered. The RegisterClass(ExA/W/...) should return 0
instead of throwing an invalid access exception.

However, providing an invalid pointer will trigger a crash.
This commit is contained in:
Hermès Bélusca-Maïto 2023-05-18 22:47:26 +02:00
parent f172f98a10
commit 44e1d87596
No known key found for this signature in database
GPG key ID: 3B2539C65E7B93D0
1 changed files with 29 additions and 32 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

61
win32ss/user/user32/windows/class.c
View file

@ -1310,33 +1310,29 @@ RegisterClassExWOWW(WNDCLASSEXW *lpwcx,
RtlCopyMemory(&WndClass, lpwcx, sizeof(*lpwcx)); RtlCopyMemory(&WndClass, lpwcx, sizeof(*lpwcx));
RtlInitEmptyAnsiString(&AnsiMenuName, NULL, 0); RtlInitEmptyAnsiString(&AnsiMenuName, NULL, 0);
if (WndClass.lpszMenuName != NULL) if (!IS_INTRESOURCE(WndClass.lpszMenuName))
{ {
if (!IS_INTRESOURCE(WndClass.lpszMenuName)) if (WndClass.lpszMenuName[0])
{ {
if (WndClass.lpszMenuName[0]) RtlInitUnicodeString(&MenuName, WndClass.lpszMenuName);
{ RtlUnicodeStringToAnsiString(&AnsiMenuName, &MenuName, TRUE);
RtlInitUnicodeString(&MenuName, WndClass.lpszMenuName);
RtlUnicodeStringToAnsiString( &AnsiMenuName, &MenuName, TRUE);
}
} }
else
{
MenuName.Buffer = (LPWSTR)WndClass.lpszMenuName;
AnsiMenuName.Buffer = (PCHAR)WndClass.lpszMenuName;
}
}
if (IS_ATOM(WndClass.lpszClassName))
{
ClassName.Length =
ClassName.MaximumLength = 0;
ClassName.Buffer = (LPWSTR)WndClass.lpszClassName;
} }
else else
{
MenuName.Buffer = (LPWSTR)WndClass.lpszMenuName;
AnsiMenuName.Buffer = (PCHAR)WndClass.lpszMenuName;
}
if (WndClass.lpszClassName && !IS_ATOM(WndClass.lpszClassName))
{ {
RtlInitUnicodeString(&ClassName, WndClass.lpszClassName); RtlInitUnicodeString(&ClassName, WndClass.lpszClassName);
} }
else
{
ClassName.Length = ClassName.MaximumLength = 0;
ClassName.Buffer = (LPWSTR)WndClass.lpszClassName;
}
ClassVersion = ClassName; ClassVersion = ClassName;
if (fnID == 0) if (fnID == 0)
@ -1373,35 +1369,36 @@ RegisterClassExWOWW(WNDCLASSEXW *lpwcx,
ATOM WINAPI ATOM WINAPI
RegisterClassExA(CONST WNDCLASSEXA *lpwcx) RegisterClassExA(CONST WNDCLASSEXA *lpwcx)
{ {
RTL_ATOM Atom; ATOM Atom;
WNDCLASSEXW WndClass; WNDCLASSEXW WndClass;
WCHAR mname[MAX_BUFFER_LEN]; WCHAR mname[MAX_BUFFER_LEN];
WCHAR cname[MAX_BUFFER_LEN]; WCHAR cname[MAX_BUFFER_LEN];
C_ASSERT(sizeof(WndClass) == sizeof(*lpwcx));
RtlCopyMemory(&WndClass, lpwcx, sizeof(*lpwcx)); RtlCopyMemory(&WndClass, lpwcx, sizeof(*lpwcx));
if (WndClass.lpszMenuName != NULL) if (WndClass.lpszMenuName && !IS_INTRESOURCE(WndClass.lpszMenuName))
{ {
if (!IS_INTRESOURCE(WndClass.lpszMenuName)) if (WndClass.lpszMenuName[0])
{ {
if (WndClass.lpszMenuName[0]) if (!MultiByteToWideChar(CP_ACP, 0, lpwcx->lpszMenuName, -1, mname, MAX_ATOM_LEN + 1 ))
{ return 0;
if (!MultiByteToWideChar( CP_ACP, 0, lpwcx->lpszMenuName, -1, mname, MAX_ATOM_LEN + 1 )) return 0;
WndClass.lpszMenuName = mname; WndClass.lpszMenuName = mname;
}
} }
} }
if (!IS_ATOM(WndClass.lpszClassName)) if (WndClass.lpszClassName && !IS_ATOM(WndClass.lpszClassName))
{ {
if (!MultiByteToWideChar( CP_ACP, 0, lpwcx->lpszClassName, -1, cname, MAX_ATOM_LEN + 1 )) return 0; if (!MultiByteToWideChar(CP_ACP, 0, lpwcx->lpszClassName, -1, cname, MAX_ATOM_LEN + 1 ))
return 0;
WndClass.lpszClassName = cname; WndClass.lpszClassName = cname;
} }
Atom = RegisterClassExWOWW(&WndClass, Atom = RegisterClassExWOWW(&WndClass,
0, NULL,
0, 0,
CSF_ANSIPROC, CSF_ANSIPROC,
TRUE); TRUE);
@ -1410,7 +1407,7 @@ RegisterClassExA(CONST WNDCLASSEXA *lpwcx)
Atom, lpwcx->lpfnWndProc, lpwcx->hInstance, lpwcx->hbrBackground, Atom, lpwcx->lpfnWndProc, lpwcx->hInstance, lpwcx->hbrBackground,
lpwcx->style, lpwcx->cbClsExtra, lpwcx->cbWndExtra, WndClass); lpwcx->style, lpwcx->cbClsExtra, lpwcx->cbWndExtra, WndClass);
return (ATOM)Atom; return Atom;
} }
/* /*
@ -1421,7 +1418,7 @@ RegisterClassExW(CONST WNDCLASSEXW *lpwcx)
{ {
ATOM Atom; ATOM Atom;
Atom = RegisterClassExWOWW((WNDCLASSEXW *)lpwcx, 0, 0, 0, TRUE); Atom = RegisterClassExWOWW((WNDCLASSEXW *)lpwcx, NULL, 0, 0, TRUE);
TRACE("W atom=%04x wndproc=%p hinst=%p bg=%p style=%08x clsExt=%d winExt=%d\n", TRACE("W atom=%04x wndproc=%p hinst=%p bg=%p style=%08x clsExt=%d winExt=%d\n",
Atom, lpwcx->lpfnWndProc, lpwcx->hInstance, lpwcx->hbrBackground, Atom, lpwcx->lpfnWndProc, lpwcx->hInstance, lpwcx->hbrBackground,