[PATCH] combase: Fix cornercase error handling in WindowsCreateStringReference

Thu Oct 29 03:21:22 CDT 2015

When WindowsCreateStringReference is given a non-null input string,
the input string must be null terminated at the given length,
even if the input length is zero.

This behaviour was changed in a20e75432, which on the other hand
fixed crashes with a null input string with a zero length.

Tests are added for both these cases, and for the same cases
for WindowsCreateString.

Signed-off-by: Martin Storsjo <martin at martin.st>
---
 dlls/combase/string.c       |  4 ++--
 dlls/combase/tests/string.c | 15 +++++++++++++++
 2 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/dlls/combase/string.c b/dlls/combase/string.c
index 49d7695..99cd591 100644
--- a/dlls/combase/string.c
+++ b/dlls/combase/string.c
@@ -105,6 +105,8 @@ HRESULT WINAPI WindowsCreateStringReference(LPCWSTR ptr, UINT32 len,
 
     if (out == NULL || header == NULL)
         return E_INVALIDARG;
+    if (ptr != NULL && ptr[len] != '\0')
+        return E_INVALIDARG;
     if (len == 0)
     {
         *out = NULL;
@@ -112,8 +114,6 @@ HRESULT WINAPI WindowsCreateStringReference(LPCWSTR ptr, UINT32 len,
     }
     if (ptr == NULL)
         return E_POINTER;
-    if (ptr[len] != '\0')
-        return E_INVALIDARG;
     priv->buffer = (LPWSTR)ptr;
     priv->length = len;
     priv->reference = TRUE;
diff --git a/dlls/combase/tests/string.c b/dlls/combase/tests/string.c
index 5a59b50..7af5f7e 100644
--- a/dlls/combase/tests/string.c
+++ b/dlls/combase/tests/string.c
@@ -124,6 +124,9 @@ static void test_create_delete(void)
      * length. According to MSDN this should be E_INVALIDARG, but it returns
      * 0x80000017 in practice. */
     ok(FAILED(pWindowsCreateStringReference(input_string, 5, &header, &str)), "Incorrect error handling\n");
+    /* If the input string is non-null, it must be null-terminated even if the
+     * length is zero. */
+    ok(FAILED(pWindowsCreateStringReference(input_string, 0, &header, &str)), "Incorrect error handling\n");
     ok(pWindowsCreateStringReference(input_string, 6, NULL, &str) == E_INVALIDARG, "Incorrect error handling\n");
     ok(pWindowsCreateStringReference(input_string, 6, &header, NULL) == E_INVALIDARG, "Incorrect error handling\n");
     ok(pWindowsCreateStringReference(NULL, 6, &header, &str) == E_POINTER, "Incorrect error handling\n");
@@ -138,9 +141,21 @@ static void test_create_delete(void)
     ok(str == NULL, "Empty string not a null string\n");
     ok(pWindowsDeleteString(str) == S_OK, "Failed to delete string\n");
 
+    ok(pWindowsCreateString(input_string, 0, &str) == S_OK, "Failed to create string\n");
+    ok(str == NULL, "Empty string not a null string\n");
+    ok(pWindowsDeleteString(str) == S_OK, "Failed to delete string\n");
+
     ok(pWindowsCreateStringReference(input_empty_string, 0, &header, &str) == S_OK, "Failed to create string\n");
     ok(str == NULL, "Empty string not a null string\n");
     ok(pWindowsDeleteString(str) == S_OK, "Failed to delete string\n");
+
+    ok(pWindowsCreateString(NULL, 0, &str) == S_OK, "Failed to create string\n");
+    ok(str == NULL, "Empty string not a null string\n");
+    ok(pWindowsDeleteString(str) == S_OK, "Failed to delete string\n");
+
+    ok(pWindowsCreateStringReference(NULL, 0, &header, &str) == S_OK, "Failed to create string\n");
+    ok(str == NULL, "Empty string not a null string\n");
+    ok(pWindowsDeleteString(str) == S_OK, "Failed to delete string\n");
 }
 
 static void test_duplicate(void)
-- 
1.8.1.2


