From 9ee9f733694243a81fb458cfc11edbdc3bdfc835 Mon Sep 17 00:00:00 2001
From: Joachim Henze <joachim.henze@reactos.org>
Date: Sun, 2 Apr 2023 16:27:42 +0200
Subject: [PATCH] [NTUSER] Fix BSOD 0x1E nullptr deref CORE-18899 (#5212)

fix authored by JIRA-user "TANGaming". I do suspect that the possibility of that nullptr deref was introduced on the master branch by 0.4.13-dev-962-g 4193b8d. Doug Lyons signalled his "ok" regarding the fix in chat already. CORE-18899
---
 win32ss/user/ntuser/defwnd.c | 15 +++++++++------
 win32ss/user/ntuser/event.c  |  3 +--
 win32ss/user/ntuser/hook.c   |  7 +++----
 3 files changed, 13 insertions(+), 12 deletions(-)

diff --git a/win32ss/user/ntuser/defwnd.c b/win32ss/user/ntuser/defwnd.c
index 81ece247b78..de4b4e12e18 100644
--- a/win32ss/user/ntuser/defwnd.c
+++ b/win32ss/user/ntuser/defwnd.c
@@ -1,9 +1,8 @@
 /*
- * COPYRIGHT:        See COPYING in the top level directory
- * PROJECT:          ReactOS Win32k subsystem
- * PURPOSE:          Miscellaneous User functions
- * FILE:             win32ss/user/ntuser/defwnd.c
- * PROGRAMER:
+ * PROJECT:     ReactOS Win32k subsystem
+ * LICENSE:     See COPYING in the top level directory
+ * PURPOSE:     Miscellaneous User functions
+ * COPYRIGHT:   2008-2020 James Tabor <james.tabor@reactos.org>
  */
 
 #include <win32k.h>
@@ -797,6 +796,10 @@ IntDefWindowProc(
             HWND hwndTop = UserGetForegroundWindow();
             PWND topWnd = UserGetWindowObject(hwndTop);
 
+            // MS Doc: foreground window can be NULL, e.g. when window is losing activation
+            if (!topWnd)
+               return 0;
+
             // We want to forbid snapping operations on the TaskBar
             // We use a heuristic for detecting the TaskBar Wnd by its typical Style & ExStyle Values
             ExStyleTB = (topWnd->ExStyle & WS_EX_TOOLWINDOW);
@@ -805,7 +808,7 @@ IntDefWindowProc(
                         && (ExStyleTB == WS_EX_TOOLWINDOW);
             TRACE("ExStyle=%x Style=%x IsTaskBar=%d\n", ExStyleTB, StyleTB, IsTaskBar);
 
-            if (topWnd && !IsTaskBar)
+            if (!IsTaskBar)
             {
                if ((topWnd->style & WS_THICKFRAME) == 0)
                   return 0;
diff --git a/win32ss/user/ntuser/event.c b/win32ss/user/ntuser/event.c
index f5a3a65c3bc..b52efe9389e 100644
--- a/win32ss/user/ntuser/event.c
+++ b/win32ss/user/ntuser/event.c
@@ -2,8 +2,7 @@
  * COPYRIGHT:         See COPYING in the top level directory
  * PROJECT:           ReactOS kernel
  * PURPOSE:           Window event handlers
- * FILE:              win32ss/user/ntuser/event.c
- * PROGRAMER:         James Tabor (james.tabor@rectos.org)
+ * PROGRAMER:         James Tabor <james.tabor@reactos.org>
  */
 
 #include <win32k.h>
diff --git a/win32ss/user/ntuser/hook.c b/win32ss/user/ntuser/hook.c
index 792d195470a..8f82d5b2f46 100644
--- a/win32ss/user/ntuser/hook.c
+++ b/win32ss/user/ntuser/hook.c
@@ -2,10 +2,9 @@
  * COPYRIGHT:        See COPYING in the top level directory
  * PROJECT:          ReactOS kernel
  * PURPOSE:          Window hooks
- * FILE:             win32ss/user/ntuser/hook.c
- * PROGRAMER:        Casper S. Hornstrup (chorns@users.sourceforge.net)
- *                   James Tabor (james.tabor@rectos.org)
- *                   Rafal Harabien (rafalh@reactos.org)
+ * PROGRAMER:        Casper S. Hornstrup <chorns@users.sourceforge.net>
+ *                   James Tabor <james.tabor@reactos.org>
+ *                   Rafal Harabien <rafalh@reactos.org>
   * NOTE:            Most of this code was adapted from Wine,
  *                   Copyright (C) 2002 Alexandre Julliard
  */