Nikolay Sivov : comctl32: Protect TVM_GETITEM from invalid item pointers.

[Alexandre Julliard]

Module: wine
Branch: master
Commit: 60fedd23f95c66f4dce06c5c447de9ec99ebefa5
URL:    http://source.winehq.org/git/wine.git/?a=commit;h=60fedd23f95c66f4dce06c5c447de9ec99ebefa5

Author: Nikolay Sivov <nsivov at codeweavers.com>
Date:   Wed Nov  4 12:52:04 2015 +0100

comctl32: Protect TVM_GETITEM from invalid item pointers.

Signed-off-by: Sebastian Lackner <sebastian at fds-team.de>
Signed-off-by: Alexandre Julliard <julliard at winehq.org>

---

 dlls/comctl32/tests/treeview.c |  7 +++++++
 dlls/comctl32/treeview.c       | 16 +++++++++++++---
 2 files changed, 20 insertions(+), 3 deletions(-)

diff --git a/dlls/comctl32/tests/treeview.c b/dlls/comctl32/tests/treeview.c
index 5003dfa..917df23 100644
--- a/dlls/comctl32/tests/treeview.c
+++ b/dlls/comctl32/tests/treeview.c
@@ -905,6 +905,13 @@ static void test_get_set_item(void)
     expect(TRUE, ret);
     ok(tviRoot.state == TVIS_FOCUSED, "got state 0x%0x\n", tviRoot.state);
 
+    /* invalid item pointer, nt4 crashes here but later versions just return 0 */
+    tviRoot.hItem = (HTREEITEM)0xdeadbeef;
+    tviRoot.mask = TVIF_STATE;
+    tviRoot.state = 0;
+    ret = SendMessageA(hTree2, TVM_GETITEMA, 0, (LPARAM)&tviRoot);
+    expect(FALSE, ret);
+
     DestroyWindow(hTree);
     DestroyWindow(hTree2);
 }
diff --git a/dlls/comctl32/treeview.c b/dlls/comctl32/treeview.c
index 812bd35..6adafc4 100644
--- a/dlls/comctl32/treeview.c
+++ b/dlls/comctl32/treeview.c
@@ -63,6 +63,7 @@
 #include "vssym32.h"
 #include "wine/unicode.h"
 #include "wine/debug.h"
+#include "wine/exception.h"
 
 WINE_DEFAULT_DEBUG_CHANNEL(treeview);
 
@@ -2068,11 +2069,20 @@ TREEVIEW_GetItemT(const TREEVIEW_INFO *infoPtr, LPTVITEMEXW tvItem, BOOL isW)
 
     if (!TREEVIEW_ValidItem(infoPtr, item))
     {
+        BOOL valid_item = FALSE;
         if (!item) return FALSE;
 
-        TRACE("got item from different tree %p, called from %p\n", item->infoPtr, infoPtr);
-        infoPtr = item->infoPtr;
-        if (!TREEVIEW_ValidItem(infoPtr, item)) return FALSE;
+        __TRY
+        {
+            infoPtr = item->infoPtr;
+            TRACE("got item from different tree %p, called from %p\n", item->infoPtr, infoPtr);
+            valid_item = TREEVIEW_ValidItem(infoPtr, item);
+        }
+        __EXCEPT_PAGE_FAULT
+        {
+        }
+        __ENDTRY
+        if (!valid_item) return FALSE;
     }
 
     TREEVIEW_UpdateDispInfo(infoPtr, item, tvItem->mask);