[PATCH 3/3] atl: Avoid NULL pointer reference in AtlComModuleRevokeClassObjects().

Zhiyi Zhang wine at gitlab.winehq.org
Fri Jul 1 03:00:35 CDT 2022 

From: Zhiyi Zhang <zzhang at codeweavers.com>

Signed-off-by: Zhiyi Zhang <zzhang at codeweavers.com>
---
 dlls/atl/atl.c          |  6 ++++++
 dlls/atl100/tests/atl.c | 26 ++++++++++++++++++++++++++
 dlls/atl110/tests/atl.c | 34 ++++++++++++++++++++++++++++++++++
 3 files changed, 66 insertions(+)

diff --git a/dlls/atl/atl.c b/dlls/atl/atl.c
index 5a302621d60..32e0c722f8b 100644
--- a/dlls/atl/atl.c
+++ b/dlls/atl/atl.c
@@ -598,6 +598,9 @@ HRESULT WINAPI AtlComModuleRevokeClassObjects(_ATL_COM_MODULE *module)
         return E_INVALIDARG;
 
     for(iter = module->m_ppAutoObjMapFirst; iter < module->m_ppAutoObjMapLast; iter++) {
+        if(!(*iter))
+            continue;
+
         hres = CoRevokeClassObject((*iter)->dwRegister);
         if(FAILED(hres))
             return hres;
@@ -617,6 +620,9 @@ HRESULT WINAPI AtlComModuleRevokeClassObjects(_ATL_COM_MODULE *module)
         return E_INVALIDARG;
 
     for(iter = module->m_ppAutoObjMapFirst; iter < module->m_ppAutoObjMapLast; iter++) {
+        if(!(*iter))
+            continue;
+
         hres = CoRevokeClassObject((*iter)->pCache->dwRegister);
         if(FAILED(hres))
             return hres;
diff --git a/dlls/atl100/tests/atl.c b/dlls/atl100/tests/atl.c
index 7da6e5a9cd6..a40c38df25a 100644
--- a/dlls/atl100/tests/atl.c
+++ b/dlls/atl100/tests/atl.c
@@ -1115,6 +1115,31 @@ static void test_AtlComModuleRegisterClassObjects(void)
     ok(hr == S_FALSE, "Unexpected hr %#lx.\n", hr);
 }
 
+static void test_AtlComModuleRevokeClassObjects(void)
+{
+    _ATL_OBJMAP_ENTRY *null_entry = NULL;
+    _ATL_COM_MODULE module;
+    HRESULT hr;
+
+    /* Test NULL module */
+    hr = AtlComModuleRevokeClassObjects(NULL);
+    ok(hr == E_INVALIDARG, "Unexpected hr %#lx.\n", hr);
+
+    /* Test NULL m_ppAutoObjMapFirst and m_ppAutoObjMapLast */
+    module.cbSize = sizeof(module);
+    module.m_ppAutoObjMapFirst = NULL;
+    module.m_ppAutoObjMapLast = NULL;
+    hr = AtlComModuleRevokeClassObjects(&module);
+    ok(hr == S_OK, "Unexpected hr %#lx.\n", hr);
+
+    /* Test m_ppAutoObjMapFirst and m_ppAutoObjMapLast both pointing to a NULL entry */
+    module.cbSize = sizeof(module);
+    module.m_ppAutoObjMapFirst = &null_entry;
+    module.m_ppAutoObjMapLast = &null_entry;
+    hr = AtlComModuleRevokeClassObjects(&module);
+    ok(hr == S_OK, "Unexpected hr %#lx.\n", hr);
+}
+
 START_TEST(atl)
 {
     if (!register_class())
@@ -1132,6 +1157,7 @@ START_TEST(atl)
     test_AtlAxCreateControl();
     test_AtlComModuleGetClassObject();
     test_AtlComModuleRegisterClassObjects();
+    test_AtlComModuleRevokeClassObjects();
 
     CoUninitialize();
 }
diff --git a/dlls/atl110/tests/atl.c b/dlls/atl110/tests/atl.c
index 57e7f5b9b21..79958f2bd7a 100644
--- a/dlls/atl110/tests/atl.c
+++ b/dlls/atl110/tests/atl.c
@@ -31,6 +31,7 @@
 
 static HRESULT (WINAPI *pAtlComModuleGetClassObject)(_ATL_COM_MODULE *, REFCLSID, REFIID, void **);
 static HRESULT (WINAPI *pAtlComModuleRegisterClassObjects)(_ATL_COM_MODULE *, DWORD, DWORD);
+static HRESULT (WINAPI *pAtlComModuleRevokeClassObjects)(_ATL_COM_MODULE *);
 
 static HMODULE atl110;
 
@@ -41,6 +42,7 @@ static void init_functions(void)
 #define X(f) p##f = (void *)GetProcAddress(atl110, #f);
     X(AtlComModuleGetClassObject)
     X(AtlComModuleRegisterClassObjects)
+    X(AtlComModuleRevokeClassObjects)
 #undef X
 }
 
@@ -109,6 +111,37 @@ static void test_AtlComModuleRegisterClassObjects(void)
     ok(hr == S_FALSE, "Unexpected hr %#lx.\n", hr);
 }
 
+static void test_AtlComModuleRevokeClassObjects(void)
+{
+    _ATL_OBJMAP_ENTRY_EX *null_entry = NULL;
+    _ATL_COM_MODULE module;
+    HRESULT hr;
+
+    if (!pAtlComModuleRevokeClassObjects)
+    {
+        win_skip("AtlComModuleRevokeClassObjects() is unavailable.\n");
+        return;
+    }
+
+    /* Test NULL module */
+    hr = pAtlComModuleRevokeClassObjects(NULL);
+    ok(hr == E_INVALIDARG, "Unexpected hr %#lx.\n", hr);
+
+    /* Test NULL m_ppAutoObjMapFirst and m_ppAutoObjMapLast */
+    module.cbSize = sizeof(module);
+    module.m_ppAutoObjMapFirst = NULL;
+    module.m_ppAutoObjMapLast = NULL;
+    hr = pAtlComModuleRevokeClassObjects(&module);
+    ok(hr == S_OK, "Unexpected hr %#lx.\n", hr);
+
+    /* Test m_ppAutoObjMapFirst and m_ppAutoObjMapLast both pointing to a NULL entry */
+    module.cbSize = sizeof(module);
+    module.m_ppAutoObjMapFirst = &null_entry;
+    module.m_ppAutoObjMapLast = &null_entry;
+    hr = pAtlComModuleRevokeClassObjects(&module);
+    ok(hr == S_OK, "Unexpected hr %#lx.\n", hr);
+}
+
 START_TEST(atl)
 {
     CoInitialize(NULL);
@@ -116,6 +149,7 @@ START_TEST(atl)
 
     test_AtlComModuleGetClassObject();
     test_AtlComModuleRegisterClassObjects();
+    test_AtlComModuleRevokeClassObjects();
 
     FreeLibrary(atl110);
     CoUninitialize();
-- 
GitLab

https://gitlab.winehq.org/wine/wine/-/merge_requests/358

More information about the wine-devel mailing list