[v5 PATCH] comctl32/tooltip: Protect TTM_ADDTOOLW from invalid text pointers
Nikolay Sivov
bunglehead at gmail.com
Tue Mar 1 02:44:59 CST 2016
On 01.03.2016 9:46, Alistair Leslie-Hughes wrote:
> diff --git a/dlls/comctl32/tooltips.c b/dlls/comctl32/tooltips.c
> index 8bf6919..43c02ee 100644
> --- a/dlls/comctl32/tooltips.c
> +++ b/dlls/comctl32/tooltips.c
> @@ -1038,7 +1038,9 @@ TOOLTIPS_AddToolT (TOOLTIPS_INFO *infoPtr, const TTTOOLINFOW *ti, BOOL isW)
> infoPtr->hwndSelf, ti->hwnd, ti->uId,
> (ti->uFlags & TTF_IDISHWND) ? " TTF_IDISHWND" : "");
>
> - if (ti->cbSize >= TTTOOLINFOW_V2_SIZE && !ti->lpszText && isW)
> + if (ti->cbSize >= TTTOOLINFOW_V2_SIZE && isW && (!ti->lpszText ||
> + (ti->lpszText != LPSTR_TEXTCALLBACKW &&
> + IsBadStringPtrW(ti->lpszText, sizeof(WCHAR)))))
> return FALSE;
>
> if (infoPtr->uNumTools == 0) {
>
IsBadStringPtrW() won't do what you expect, if you expect it to validate
whole string up to NULL char. Also !ti->lpszText case is covered by
IsBadStringPtrW(), you don't need to test for it separately.
More information about the wine-devel
mailing list