[PATCH 2/2] edit: Fix crash in EM_REPLACESEL after EM_GETHANDLE.

Roman Pišl rpisl at seznam.cz
Wed Oct 26 17:41:44 CDT 2016 

Fixes bug https://bugs.winehq.org/show_bug.cgi?id=40832.

Signed-off-by: Roman Pišl <rpisl at seznam.cz>
---
 dlls/user32/edit.c | 26 ++++++++++----------------
 1 file changed, 10 insertions(+), 16 deletions(-)

diff --git a/dlls/user32/edit.c b/dlls/user32/edit.c
index 78d78ea..b3ca9d8 100644
--- a/dlls/user32/edit.c
+++ b/dlls/user32/edit.c
@@ -149,7 +149,6 @@ typedef struct
 	HLOCAL hloc32W;			/* our unicode local memory block */
 	HLOCAL hloc32A;			/* alias for ANSI control receiving EM_GETHANDLE
 				   	   or EM_SETHANDLE */
-        HLOCAL hlocapp;                 /* The text buffer handle belongs to the app */
 	/*
 	 * IME Data
 	 */
@@ -1263,8 +1262,6 @@ static inline void text_buffer_changed(EDITSTATE *es)
  */
 static void EDIT_LockBuffer(EDITSTATE *es)
 {
-        if (es->hlocapp) return;
-
 	if (!es->text) {
 
 	    if(!es->hloc32W) return;
@@ -1305,8 +1302,6 @@ static void EDIT_LockBuffer(EDITSTATE *es)
  */
 static void EDIT_UnlockBuffer(EDITSTATE *es, BOOL force)
 {
-        if (es->hlocapp) return;
-
 	/* Edit window might be already destroyed */
 	if(!IsWindow(es->hwndSelf))
 	{
@@ -2478,11 +2473,6 @@ static HLOCAL EDIT_EM_GetHandle(EDITSTATE *es)
 	    hLocal = es->hloc32A;
 	}
 
-        EDIT_UnlockBuffer(es, TRUE);
-
-        /* The text buffer handle belongs to the app */
-        es->hlocapp = hLocal;
-
 	TRACE("Returning %p, LocalSize() = %ld\n", hLocal, LocalSize(hLocal));
 	return hLocal;
 }
@@ -2604,6 +2594,12 @@ static void EDIT_EM_ReplaceSel(EDITSTATE *es, BOOL can_undo, LPCWSTR lpsz_replac
 	if (!EDIT_MakeFit(es, tl - (e - s) + strl))
 		return;
 
+	if (!es->text)
+	{
+		ERR("es->text == 0 ... please report\n");
+		return;
+	}
+
 	if (e != s) {
 		/* there is something to be deleted */
 		TRACE("deleting stuff.\n");
@@ -2822,9 +2818,6 @@ static void EDIT_EM_SetHandle(EDITSTATE *es, HLOCAL hloc)
 
 	es->buffer_size = LocalSize(es->hloc32W)/sizeof(WCHAR) - 1;
 
-        /* The text buffer handle belongs to the control */
-        es->hlocapp = NULL;
-
 	EDIT_LockBuffer(es);
         text_buffer_changed(es);
 
@@ -4607,11 +4600,12 @@ static LRESULT EDIT_WM_NCDestroy(EDITSTATE *es)
 {
 	LINEDEF *pc, *pp;
 
-        /* The app can own the text buffer handle */
-        if (es->hloc32W && (es->hloc32W != es->hlocapp)) {
+	if (es->hloc32W)
+	{
 		LocalFree(es->hloc32W);
 	}
-        if (es->hloc32A && (es->hloc32A != es->hlocapp)) {
+	if (es->hloc32A)
+	{
 		LocalFree(es->hloc32A);
 	}
 	EDIT_InvalidateUniscribeData(es);
-- 
2.7.4

More information about the wine-patches mailing list