[PATCH] riched20: Add check to ensure iob is a valid index into the object array.
Nikolay Sivov
nsivov at codeweavers.com
Fri Jan 15 06:45:38 CST 2021
From: Ulrich Czekalla <uczekalla at codeweavers.com>
Signed-off-by: Nikolay Sivov <nsivov at codeweavers.com>
---
dlls/riched20/richole.c | 2 +-
dlls/riched20/tests/richole.c | 6 ++++++
2 files changed, 7 insertions(+), 1 deletion(-)
diff --git a/dlls/riched20/richole.c b/dlls/riched20/richole.c
index bedeefe9a63..b8b081fc916 100644
--- a/dlls/riched20/richole.c
+++ b/dlls/riched20/richole.c
@@ -1407,7 +1407,7 @@ IRichEditOle_fnGetObject(IRichEditOle *me, LONG iob,
}
else
{
- if (iob > IRichEditOle_GetObjectCount(me))
+ if (iob < 0 || iob >= IRichEditOle_GetObjectCount(me))
return E_INVALIDARG;
LIST_FOR_EACH_ENTRY(reobj, &This->editor->reobj_list, struct re_object, entry)
{
diff --git a/dlls/riched20/tests/richole.c b/dlls/riched20/tests/richole.c
index a5f439aece7..3cea9902620 100644
--- a/dlls/riched20/tests/richole.c
+++ b/dlls/riched20/tests/richole.c
@@ -3296,12 +3296,18 @@ static void test_InsertObject(void)
ok(hr == S_OK, "IRichEditOle_GetObject failed: 0x%08x\n", hr);
CHECK_REOBJECT_STRUCT(received_reo4, NULL, NULL, reo2.polesite, 2);
+ hr = IRichEditOle_GetObject(reole, 3, &received_reo4, REO_GETOBJ_POLESITE);
+ ok(hr == E_INVALIDARG, "IRichEditOle_GetObject should fail: 0x%08x\n", hr);
+
hr = IRichEditOle_GetObject(reole, 4, &received_reo4, REO_GETOBJ_POLESITE);
ok(hr == E_INVALIDARG, "IRichEditOle_GetObject should fail: 0x%08x\n", hr);
hr = IRichEditOle_GetObject(reole, 1024, &received_reo4, REO_GETOBJ_POLESITE);
ok(hr == E_INVALIDARG, "IRichEditOle_GetObject should fail: 0x%08x\n", hr);
+ hr = IRichEditOle_GetObject(reole, -10, &received_reo4, REO_GETOBJ_POLESITE);
+ ok(hr == E_INVALIDARG, "IRichEditOle_GetObject should fail: 0x%08x\n", hr);
+
/* received_reo4 will be zeroed before be used */
hr = IRichEditOle_GetObject(reole, 2, &received_reo4, REO_GETOBJ_NO_INTERFACES);
ok(hr == S_OK, "IRichEditOle_GetObject failed: 0x%08x\n", hr);
--
2.29.2
More information about the wine-devel
mailing list