user32: RegisterClassEx should check for invalid cbSize field.

Dylan Smith dylan.ah.smith at gmail.com
Sat Jul 17 14:32:00 CDT 2010 

---
 dlls/user32/class.c       |    4 ++--
 dlls/user32/tests/class.c |   16 ++++++++++++++++
 2 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/dlls/user32/class.c b/dlls/user32/class.c
index 72cafc7..6d1ab7f 100644
--- a/dlls/user32/class.c
+++ b/dlls/user32/class.c
@@ -486,7 +486,7 @@ ATOM WINAPI RegisterClassExA( const WNDCLASSEXA* wc )
     CLASS *classPtr;
     HINSTANCE instance;
 
-    if (wc->cbClsExtra < 0 || wc->cbWndExtra < 0 ||
+    if (wc->cbSize != sizeof(*wc) || wc->cbClsExtra < 0 || wc->cbWndExtra < 0 ||
         wc->hInstance == user32_module)  /* we can't register a class for user32 */
     {
          SetLastError( ERROR_INVALID_PARAMETER );
@@ -535,7 +535,7 @@ ATOM WINAPI RegisterClassExW( const WNDCLASSEXW* wc )
     CLASS *classPtr;
     HINSTANCE instance;
 
-    if (wc->cbClsExtra < 0 || wc->cbWndExtra < 0 ||
+    if (wc->cbSize != sizeof(*wc) || wc->cbClsExtra < 0 || wc->cbWndExtra < 0 ||
         wc->hInstance == user32_module)  /* we can't register a class for user32 */
     {
          SetLastError( ERROR_INVALID_PARAMETER );
diff --git a/dlls/user32/tests/class.c b/dlls/user32/tests/class.c
index 33c78bf..d0546cf 100644
--- a/dlls/user32/tests/class.c
+++ b/dlls/user32/tests/class.c
@@ -315,6 +315,7 @@ static void check_thread_instance( const char *name, HINSTANCE inst, HINSTANCE i
 static void test_instances(void)
 {
     WNDCLASSA cls, wc;
+    WNDCLASSEXA wcexA;
     HWND hwnd, hwnd2;
     const char *name = "__test__";
     HINSTANCE kernel32 = GetModuleHandleA("kernel32");
@@ -348,6 +349,21 @@ static void test_instances(void)
     check_thread_instance( name, kernel32, kernel32, kernel32 );
     ok( UnregisterClassA( name, kernel32 ), "Unregister failed for kernel32\n" );
 
+    wcexA.cbSize        = 0;
+    wcexA.style         = cls.style;
+    wcexA.lpfnWndProc   = cls.lpfnWndProc;
+    wcexA.cbClsExtra    = cls.cbClsExtra;
+    wcexA.cbWndExtra    = cls.cbWndExtra;
+    wcexA.hInstance     = cls.hInstance;
+    wcexA.hIcon         = cls.hIcon;
+    wcexA.hCursor       = cls.hCursor;
+    wcexA.hbrBackground = cls.hbrBackground;
+    wcexA.lpszMenuName  = cls.lpszMenuName;
+    wcexA.lpszClassName = cls.lpszClassName;
+    wcexA.hIconSm       = 0;
+    ok( ((RegisterClassExA( &wcexA ) == 0) && (GetLastError() == ERROR_INVALID_PARAMETER)),
+          "Failed with invalid number of cbSize bytes\n");
+
     /* Bug 2631 - Supplying an invalid number of bytes fails */
     cls.cbClsExtra    = 0;
     cls.cbWndExtra    = -1;
-- 
1.7.0.4

More information about the wine-patches mailing list