[PATCH v2 3/4] atl: Avoid NULL pointer reference in AtlComModuleRegisterClassObjects().

Zhiyi Zhang wine at gitlab.winehq.org
Wed Jul 6 09:15:08 CDT 2022 

From: Zhiyi Zhang <zzhang at codeweavers.com>

Signed-off-by: Zhiyi Zhang <zzhang at codeweavers.com>
---
 dlls/atl/atl.c          |  4 ++--
 dlls/atl100/tests/atl.c | 28 ++++++++++++++++++++++++++++
 dlls/atl110/tests/atl.c | 28 ++++++++++++++++++++++++++++
 3 files changed, 58 insertions(+), 2 deletions(-)

diff --git a/dlls/atl/atl.c b/dlls/atl/atl.c
index d501e7a6d76..5a302621d60 100644
--- a/dlls/atl/atl.c
+++ b/dlls/atl/atl.c
@@ -538,7 +538,7 @@ HRESULT WINAPI AtlComModuleRegisterClassObjects(_ATL_COM_MODULE *module, DWORD c
         return E_INVALIDARG;
 
     for(iter = module->m_ppAutoObjMapFirst; iter < module->m_ppAutoObjMapLast; iter++) {
-        if(!(*iter)->pfnGetClassObject)
+        if(!(*iter) || !(*iter)->pfnGetClassObject)
             continue;
 
         hres = (*iter)->pfnGetClassObject((*iter)->pfnCreateInstance, &IID_IUnknown, (void**)&unk);
@@ -566,7 +566,7 @@ HRESULT WINAPI AtlComModuleRegisterClassObjects(_ATL_COM_MODULE *module, DWORD c
         return E_INVALIDARG;
 
     for(iter = module->m_ppAutoObjMapFirst; iter < module->m_ppAutoObjMapLast; iter++) {
-        if(!(*iter)->pfnGetClassObject)
+        if(!(*iter) || !(*iter)->pfnGetClassObject)
             continue;
 
         hres = (*iter)->pfnGetClassObject((*iter)->pfnCreateInstance, &IID_IUnknown, (void**)&unk);
diff --git a/dlls/atl100/tests/atl.c b/dlls/atl100/tests/atl.c
index e002af0d24c..7da6e5a9cd6 100644
--- a/dlls/atl100/tests/atl.c
+++ b/dlls/atl100/tests/atl.c
@@ -1088,6 +1088,33 @@ static void test_AtlComModuleGetClassObject(void)
     ok(hr == CLASS_E_CLASSNOTAVAILABLE, "Unexpected hr %#lx.\n", hr);
 }
 
+static void test_AtlComModuleRegisterClassObjects(void)
+{
+    _ATL_OBJMAP_ENTRY *null_entry = NULL;
+    _ATL_COM_MODULE module;
+    HRESULT hr;
+
+    /* Test NULL module */
+    hr = AtlComModuleRegisterClassObjects(NULL, CLSCTX_INPROC_SERVER, REGCLS_MULTIPLEUSE);
+    ok(hr == E_INVALIDARG, "Unexpected hr %#lx.\n", hr);
+
+    /* Test NULL m_ppAutoObjMapFirst and m_ppAutoObjMapLast */
+    module.cbSize = sizeof(module);
+    module.m_ppAutoObjMapFirst = NULL;
+    module.m_ppAutoObjMapLast = NULL;
+    hr = AtlComModuleRegisterClassObjects(&module, CLSCTX_INPROC_SERVER, REGCLS_MULTIPLEUSE);
+    todo_wine_if(hr == S_OK)
+    ok(hr == S_FALSE, "Unexpected hr %#lx.\n", hr);
+
+    /* Test m_ppAutoObjMapFirst and m_ppAutoObjMapLast both pointing to a NULL entry */
+    module.cbSize = sizeof(module);
+    module.m_ppAutoObjMapFirst = &null_entry;
+    module.m_ppAutoObjMapLast = &null_entry;
+    hr = AtlComModuleRegisterClassObjects(&module, CLSCTX_INPROC_SERVER, REGCLS_MULTIPLEUSE);
+    todo_wine_if(hr == S_OK)
+    ok(hr == S_FALSE, "Unexpected hr %#lx.\n", hr);
+}
+
 START_TEST(atl)
 {
     if (!register_class())
@@ -1104,6 +1131,7 @@ START_TEST(atl)
     test_AtlAxAttachControl();
     test_AtlAxCreateControl();
     test_AtlComModuleGetClassObject();
+    test_AtlComModuleRegisterClassObjects();
 
     CoUninitialize();
 }
diff --git a/dlls/atl110/tests/atl.c b/dlls/atl110/tests/atl.c
index cb8f667596b..9e4bad87e97 100644
--- a/dlls/atl110/tests/atl.c
+++ b/dlls/atl110/tests/atl.c
@@ -55,11 +55,39 @@ static void test_AtlComModuleGetClassObject(void)
     ok(hr == CLASS_E_CLASSNOTAVAILABLE, "Unexpected hr %#lx.\n", hr);
 }
 
+static void test_AtlComModuleRegisterClassObjects(void)
+{
+    _ATL_OBJMAP_ENTRY_EX *null_entry = NULL;
+    _ATL_COM_MODULE module;
+    HRESULT hr;
+
+    /* Test NULL module */
+    hr = AtlComModuleRegisterClassObjects(NULL, CLSCTX_INPROC_SERVER, REGCLS_MULTIPLEUSE);
+    ok(hr == E_INVALIDARG, "Unexpected hr %#lx.\n", hr);
+
+    /* Test NULL m_ppAutoObjMapFirst and m_ppAutoObjMapLast */
+    module.cbSize = sizeof(module);
+    module.m_ppAutoObjMapFirst = NULL;
+    module.m_ppAutoObjMapLast = NULL;
+    hr = AtlComModuleRegisterClassObjects(&module, CLSCTX_INPROC_SERVER, REGCLS_MULTIPLEUSE);
+    todo_wine_if(hr == S_OK)
+    ok(hr == S_FALSE, "Unexpected hr %#lx.\n", hr);
+
+    /* Test m_ppAutoObjMapFirst and m_ppAutoObjMapLast both pointing to a NULL entry */
+    module.cbSize = sizeof(module);
+    module.m_ppAutoObjMapFirst = &null_entry;
+    module.m_ppAutoObjMapLast = &null_entry;
+    hr = AtlComModuleRegisterClassObjects(&module, CLSCTX_INPROC_SERVER, REGCLS_MULTIPLEUSE);
+    todo_wine_if(hr == S_OK)
+    ok(hr == S_FALSE, "Unexpected hr %#lx.\n", hr);
+}
+
 START_TEST(atl)
 {
     CoInitialize(NULL);
 
     test_AtlComModuleGetClassObject();
+    test_AtlComModuleRegisterClassObjects();
 
     CoUninitialize();
 }
-- 
GitLab


https://gitlab.winehq.org/wine/wine/-/merge_requests/358

More information about the wine-devel mailing list