Vincent Povirk : atl: Do not access m_pTermFuncs if the structure is too small.
Alexandre Julliard
julliard at winehq.org
Sat Jul 27 13:23:35 CDT 2013
Module: wine
Branch: master
Commit: d9211c9e5f92a9127308a6c306d4a9af38ae89d7
URL: http://source.winehq.org/git/wine.git/?a=commit;h=d9211c9e5f92a9127308a6c306d4a9af38ae89d7
Author: Vincent Povirk <vincent at codeweavers.com>
Date: Thu Jul 25 15:13:24 2013 -0500
atl: Do not access m_pTermFuncs if the structure is too small.
---
dlls/atl/atl_main.c | 30 +++++++++++++++++++-----------
dlls/atl/tests/module.c | 40 ++++++++++++++++++++++++++++++++++++++++
2 files changed, 59 insertions(+), 11 deletions(-)
diff --git a/dlls/atl/atl_main.c b/dlls/atl/atl_main.c
index cc3cce1..985d706 100644
--- a/dlls/atl/atl_main.c
+++ b/dlls/atl/atl_main.c
@@ -123,15 +123,20 @@ HRESULT WINAPI AtlModuleLoadTypeLib(_ATL_MODULEW *pM, LPCOLESTR lpszIndex,
HRESULT WINAPI AtlModuleTerm(_ATL_MODULE *pM)
{
- _ATL_TERMFUNC_ELEM *iter = pM->m_pTermFuncs, *tmp;
+ _ATL_TERMFUNC_ELEM *iter, *tmp;
TRACE("(%p)\n", pM);
- while(iter) {
- iter->pFunc(iter->dw);
- tmp = iter;
- iter = iter->pNext;
- HeapFree(GetProcessHeap(), 0, tmp);
+ if (pM->cbSize > ATLVer1Size)
+ {
+ iter = pM->m_pTermFuncs;
+
+ while(iter) {
+ iter->pFunc(iter->dw);
+ tmp = iter;
+ iter = iter->pNext;
+ HeapFree(GetProcessHeap(), 0, tmp);
+ }
}
return S_OK;
@@ -143,12 +148,15 @@ HRESULT WINAPI AtlModuleAddTermFunc(_ATL_MODULEW *pM, _ATL_TERMFUNC *pFunc, DWOR
TRACE("(%p %p %ld)\n", pM, pFunc, dw);
- termfunc_elem = HeapAlloc(GetProcessHeap(), 0, sizeof(_ATL_TERMFUNC_ELEM));
- termfunc_elem->pFunc = pFunc;
- termfunc_elem->dw = dw;
- termfunc_elem->pNext = pM->m_pTermFuncs;
+ if (pM->cbSize > ATLVer1Size)
+ {
+ termfunc_elem = HeapAlloc(GetProcessHeap(), 0, sizeof(_ATL_TERMFUNC_ELEM));
+ termfunc_elem->pFunc = pFunc;
+ termfunc_elem->dw = dw;
+ termfunc_elem->pNext = pM->m_pTermFuncs;
- pM->m_pTermFuncs = termfunc_elem;
+ pM->m_pTermFuncs = termfunc_elem;
+ }
return S_OK;
}
diff --git a/dlls/atl/tests/module.c b/dlls/atl/tests/module.c
index 45cff06..192b23e 100644
--- a/dlls/atl/tests/module.c
+++ b/dlls/atl/tests/module.c
@@ -113,8 +113,48 @@ static void test_winmodule(void)
ok(winmod.m_pCreateWndList == create_data+1, "winmod.m_pCreateWndList != create_data\n");
}
+static DWORD cb_val;
+
+static void WINAPI term_callback(DWORD dw)
+{
+ cb_val = dw;
+}
+
+static void test_term(void)
+{
+ _ATL_MODULEW test;
+ HRESULT hres;
+
+ test.cbSize = sizeof(_ATL_MODULEW);
+
+ hres = AtlModuleInit(&test, NULL, NULL);
+ ok (hres == S_OK, "AtlModuleInit failed (0x%x).\n", (int)hres);
+
+ hres = AtlModuleAddTermFunc(&test, term_callback, 0x22);
+ ok (hres == S_OK, "AtlModuleAddTermFunc failed (0x%x).\n", (int)hres);
+
+ cb_val = 0xdeadbeef;
+ hres = AtlModuleTerm(&test);
+ ok (hres == S_OK, "AtlModuleTerm failed (0x%x).\n", (int)hres);
+ ok (cb_val == 0x22, "wrong callback value (0x%x).\n", (int)cb_val);
+
+ test.cbSize = FIELD_OFFSET(_ATL_MODULEW, dwAtlBuildVer);
+
+ hres = AtlModuleInit(&test, NULL, NULL);
+ ok (hres == S_OK, "AtlModuleInit failed (0x%x).\n", (int)hres);
+
+ hres = AtlModuleAddTermFunc(&test, term_callback, 0x23);
+ ok (hres == S_OK, "AtlModuleAddTermFunc failed (0x%x).\n", (int)hres);
+
+ cb_val = 0xdeadbeef;
+ hres = AtlModuleTerm(&test);
+ ok (hres == S_OK, "AtlModuleTerm failed (0x%x).\n", (int)hres);
+ ok (cb_val == 0xdeadbeef, "wrong callback value (0x%x).\n", (int)cb_val);
+}
+
START_TEST(module)
{
test_StructSize();
test_winmodule();
+ test_term();
}
More information about the wine-cvs
mailing list