[PATCH] user32: check for valid pointer in CreateIconFromResource

Wolfram Sang wolfram at the-dreams.de
Sat Jun 26 06:19:15 CDT 2010


According to TestBot (#2851), all non-crashing Windows versions return 0.

Found while working on Bug 21012. Although this patch doesn't cure this
bug, I think it is still worth adding the check because the pointer
may come from the (always evil ;)) user-application.

V2 moves the check to the WINAPI call, away from the internal function.
For consistency, remove a similar superfluous check from
CURSORICON_CreateIconFromANI.

While auditing the internal uses of CURSORICON_CreateIconFromBMI, a
missing check for succesful HeapAlloc was spotted and fixed.

Signed-off-by: Wolfram Sang <wolfram at the-dreams.de>
---
 dlls/user32/cursoricon.c       |    7 +++++--
 dlls/user32/tests/cursoricon.c |    5 +++++
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/dlls/user32/cursoricon.c b/dlls/user32/cursoricon.c
index 9a1810e..b104706 100644
--- a/dlls/user32/cursoricon.c
+++ b/dlls/user32/cursoricon.c
@@ -1064,8 +1064,6 @@ static HCURSOR CURSORICON_CreateIconFromANI( const LPBYTE bits, DWORD bits_size,
 
     TRACE("bits %p, bits_size %d\n", bits, bits_size);
 
-    if (!bits) return 0;
-
     riff_find_chunk( ANI_ACON_ID, ANI_RIFF_ID, &root_chunk, &ACON_chunk );
     if (!ACON_chunk.data)
     {
@@ -1104,6 +1102,7 @@ static HCURSOR CURSORICON_CreateIconFromANI( const LPBYTE bits, DWORD bits_size,
         width, height, depth );
 
     frame_bits = HeapAlloc( GetProcessHeap(), 0, entry->dwDIBSize );
+    if (!frame_bits) return 0;
     memcpy( frame_bits, icon_data + entry->dwDIBOffset, entry->dwDIBSize );
 
     if (!header.width || !header.height)
@@ -1142,6 +1141,10 @@ HICON WINAPI CreateIconFromResourceEx( LPBYTE bits, UINT cbSize,
                    bits, cbSize, dwVersion, width, height,
                    bIcon ? "icon" : "cursor", (cFlag & LR_MONOCHROME) ? "mono" : "" );
 
+    /* A few Windows versions crash getting NULL, but most simply return it */
+    if (!bits)
+        return 0;
+
     if (bIcon)
     {
         hotspot.x = width / 2;
diff --git a/dlls/user32/tests/cursoricon.c b/dlls/user32/tests/cursoricon.c
index b2e1d84..e81e76d 100644
--- a/dlls/user32/tests/cursoricon.c
+++ b/dlls/user32/tests/cursoricon.c
@@ -1005,6 +1005,11 @@ static void test_CreateIconFromResource(void)
     error = GetLastError();
     ok(error == 0xdeadbeef, "Last error: %u\n", error);
 
+    /* Rejection of NULL pointer crashes at least on WNT4WSSP6, W2KPROSP4, WXPPROSP3
+     *
+     * handle = CreateIconFromResource(NULL, ICON_RES_SIZE, TRUE, 0x00030000);
+     * ok(handle == NULL, "Invalid pointer accepted (%p)\n", handle);
+     */
     HeapFree(GetProcessHeap(), 0, hotspot);
 }
 
-- 
1.7.1




More information about the wine-patches mailing list