[PATCH 13/15] Add parameter validation to MCM_HITTEST handler
Nikolay Sivov
bunglehead at gmail.com
Sat Sep 26 14:26:53 CDT 2009
---
dlls/comctl32/monthcal.c | 4 ++++
dlls/comctl32/tests/monthcal.c | 17 +++++++++++++++--
include/commctrl.h | 7 +++++++
3 files changed, 26 insertions(+), 2 deletions(-)
diff --git a/dlls/comctl32/monthcal.c b/dlls/comctl32/monthcal.c
index 0d5ac3c..f137cfc 100644
--- a/dlls/comctl32/monthcal.c
+++ b/dlls/comctl32/monthcal.c
@@ -1141,6 +1141,7 @@ MONTHCAL_HitTest(const MONTHCAL_INFO *infoPtr, MCHITTESTINFO *lpht)
DWORD retval;
int day,wday,wnum;
+ if(!lpht || lpht->cbSize < MCHITTESTINFO_V1_SIZE) return -1;
x = lpht->pt.x;
y = lpht->pt.y;
@@ -1417,6 +1418,7 @@ MONTHCAL_LButtonDown(MONTHCAL_INFO *infoPtr, LPARAM lParam)
InvalidateRect(infoPtr->hwndSelf, NULL, FALSE);
}
+ ht.cbSize = sizeof(MCHITTESTINFO);
ht.pt.x = (short)LOWORD(lParam);
ht.pt.y = (short)HIWORD(lParam);
TRACE("(%d, %d)\n", ht.pt.x, ht.pt.y);
@@ -1550,6 +1552,7 @@ MONTHCAL_LButtonUp(MONTHCAL_INFO *infoPtr, LPARAM lParam)
redraw = TRUE;
}
+ ht.cbSize = sizeof(MCHITTESTINFO);
ht.pt.x = (short)LOWORD(lParam);
ht.pt.y = (short)HIWORD(lParam);
hit = MONTHCAL_HitTest(infoPtr, &ht);
@@ -1628,6 +1631,7 @@ MONTHCAL_MouseMove(MONTHCAL_INFO *infoPtr, LPARAM lParam)
if(!(infoPtr->status & MC_SEL_LBUTDOWN)) return 0;
+ ht.cbSize = sizeof(MCHITTESTINFO);
ht.pt.x = (short)LOWORD(lParam);
ht.pt.y = (short)HIWORD(lParam);
diff --git a/dlls/comctl32/tests/monthcal.c b/dlls/comctl32/tests/monthcal.c
index cefe8b9..becadae 100644
--- a/dlls/comctl32/tests/monthcal.c
+++ b/dlls/comctl32/tests/monthcal.c
@@ -867,6 +867,19 @@ static void test_monthcal_hittest(void)
hwnd = create_monthcal_control(0);
+ /* test with invalid structure size */
+ mchit.cbSize = MCHITTESTINFO_V1_SIZE - 1;
+ mchit.pt.x = 0;
+ mchit.pt.y = 0;
+ res = SendMessage(hwnd, MCM_HITTEST, 0, (LPARAM)&mchit);
+ expect(0, mchit.pt.x);
+ expect(0, mchit.pt.y);
+ expect(-1, res);
+ expect(0, mchit.uHit);
+ /* test with invalid pointer */
+ res = SendMessage(hwnd, MCM_HITTEST, 0, (LPARAM)NULL);
+ expect(-1, res);
+
flush_sequences(sequences, NUM_MSG_SEQUENCES);
st.wYear = 2007;
@@ -882,7 +895,7 @@ static void test_monthcal_hittest(void)
expect(1,res);
/* (0, 0) is the top left of the control and should not be active */
- mchit.cbSize = sizeof(MCHITTESTINFO);
+ mchit.cbSize = MCHITTESTINFO_V1_SIZE;
mchit.pt.x = 0;
mchit.pt.y = 0;
res = SendMessage(hwnd, MCM_HITTEST, 0, (LPARAM) & mchit);
@@ -1051,7 +1064,7 @@ static void test_monthcal_todaylink(void)
flush_sequences(sequences, NUM_MSG_SEQUENCES);
/* (70, 370) is in active area - today link */
- mchit.cbSize = sizeof(MCHITTESTINFO);
+ mchit.cbSize = MCHITTESTINFO_V1_SIZE;
mchit.pt.x = 70;
mchit.pt.y = 370;
res = SendMessage(hwnd, MCM_HITTEST, 0, (LPARAM) & mchit);
diff --git a/include/commctrl.h b/include/commctrl.h
index ae417c0..6a42e2e 100644
--- a/include/commctrl.h
+++ b/include/commctrl.h
@@ -4702,8 +4702,15 @@ typedef struct {
POINT pt;
UINT uHit;
SYSTEMTIME st;
+ /* Vista */
+ RECT rc;
+ INT iOffset;
+ INT iRow;
+ INT iCol;
} MCHITTESTINFO, *PMCHITTESTINFO;
+#define MCHITTESTINFO_V1_SIZE CCSIZEOF_STRUCT(MCHITTESTINFO, st)
+
typedef struct tagNMSELCHANGE
{
NMHDR nmhdr;
--
1.5.6.5
--=-GZL2Lrx9njOX/0/cfkCF--
More information about the wine-patches
mailing list