Robert Shearman : oleaut32: Add some validation for the DISPPARAMS structure in ITypeInfo::Invoke.

Alexandre Julliard julliard at wine.codeweavers.com
Mon Jul 31 15:01:23 CDT 2006 

Module: wine
Branch: refs/heads/master
Commit: 33582cc69e67dda776dd8c05758115584f41aa4c
URL:    http://source.winehq.org/git/?p=wine.git;a=commit;h=33582cc69e67dda776dd8c05758115584f41aa4c

Author: Robert Shearman <rob at codeweavers.com>
Date:   Mon Jul 31 16:44:02 2006 +0100

oleaut32: Add some validation for the DISPPARAMS structure in ITypeInfo::Invoke.

---

 dlls/oleaut32/tests/typelib.c |    9 +++++++++
 dlls/oleaut32/typelib.c       |   14 ++++++++++++++
 2 files changed, 23 insertions(+), 0 deletions(-)

diff --git a/dlls/oleaut32/tests/typelib.c b/dlls/oleaut32/tests/typelib.c
index 30fa962..852d08d 100644
--- a/dlls/oleaut32/tests/typelib.c
+++ b/dlls/oleaut32/tests/typelib.c
@@ -461,6 +461,15 @@ static void test_TypeInfo(void)
     hr = ITypeInfo_Invoke(pTypeInfo, (void *)0xdeadbeef, dispidMember, DISPATCH_PROPERTYGET, &dispparams, NULL, NULL, NULL);
     ok(hr == DISP_E_MEMBERNOTFOUND, "ITypeInfo_Invoke should have returned DISP_E_MEMBERNOTFOUND instead of 0x%08lx\n", hr);
 
+    /* test NULL dispparams */
+    hr = ITypeInfo_Invoke(pTypeInfo, (void *)0xdeadbeef, dispidMember, DISPATCH_METHOD, NULL, NULL, NULL, NULL);
+    ok(hr == E_INVALIDARG, "ITypeInfo_Invoke should have returned E_INVALIDARG instead of 0x%08lx\n", hr);
+
+    /* test dispparams->cNamedArgs being bigger than dispparams->cArgs */
+    dispparams.cNamedArgs = 1;
+    hr = ITypeInfo_Invoke(pTypeInfo, (void *)0xdeadbeef, dispidMember, DISPATCH_METHOD, &dispparams, NULL, NULL, NULL);
+    ok(hr == E_INVALIDARG, "ITypeInfo_Invoke should have returned E_INVALIDARG instead of 0x%08lx\n", hr);
+
     ITypeInfo_Release(pTypeInfo);
 
     hr = ITypeLib_GetTypeInfoOfGuid(pTypeLib, &IID_IDispatch, &pTypeInfo);
diff --git a/dlls/oleaut32/typelib.c b/dlls/oleaut32/typelib.c
index 3ba1b4e..0e58ae8 100644
--- a/dlls/oleaut32/typelib.c
+++ b/dlls/oleaut32/typelib.c
@@ -5218,8 +5218,22 @@ static HRESULT WINAPI ITypeInfo_fnInvoke
     TRACE("(%p)(%p,id=%ld,flags=0x%08x,%p,%p,%p,%p)\n",
       This,pIUnk,memid,wFlags,pDispParams,pVarResult,pExcepInfo,pArgErr
     );
+
+    if (!pDispParams)
+    {
+        ERR("NULL pDispParams not allowed\n");
+        return E_INVALIDARG;
+    }
+
     dump_DispParms(pDispParams);
 
+    if (pDispParams->cNamedArgs > pDispParams->cArgs)
+    {
+        ERR("named argument array cannot be bigger than argument array (%d/%d)\n",
+            pDispParams->cNamedArgs, pDispParams->cArgs);
+        return E_INVALIDARG;
+    }
+
     /* we do this instead of using GetFuncDesc since it will return a fake
      * FUNCDESC for dispinterfaces and we want the real function description */
     for (pFuncInfo = This->funclist; pFuncInfo; pFuncInfo=pFuncInfo->next)

More information about the wine-cvs mailing list