[PATCH] user32/defwnd: Partially protect WM_SETTEXT handlers from invalid input

Nikolay Sivov nsivov at codeweavers.com
Tue Apr 18 15:24:36 CDT 2017 

Signed-off-by: Nikolay Sivov <nsivov at codeweavers.com>
---

For https://bugs.winehq.org/show_bug.cgi?id=41029

 dlls/user32/defwnd.c    |  4 ++++
 dlls/user32/tests/msg.c | 18 ++++++++++++++++++
 2 files changed, 22 insertions(+)

diff --git a/dlls/user32/defwnd.c b/dlls/user32/defwnd.c
index 6fbaf1ef18..b817313d8b 100644
--- a/dlls/user32/defwnd.c
+++ b/dlls/user32/defwnd.c
@@ -822,6 +822,8 @@ LRESULT WINAPI DefWindowProcA( HWND hwnd, UINT msg, WPARAM wParam, LPARAM lParam
         break;
 
     case WM_SETTEXT:
+        if (lParam && HIWORD(lParam) == 0)
+            break;
         DEFWND_SetTextA( hwnd, (LPCSTR)lParam );
         if( (GetWindowLongW( hwnd, GWL_STYLE ) & WS_CAPTION) == WS_CAPTION )
             NC_HandleNCPaint( hwnd , (HRGN)1 );  /* Repaint caption */
@@ -969,6 +971,8 @@ LRESULT WINAPI DefWindowProcW(
         break;
 
     case WM_SETTEXT:
+        if (lParam && HIWORD(lParam) == 0)
+            break;
         DEFWND_SetTextW( hwnd, (LPCWSTR)lParam );
         if( (GetWindowLongW( hwnd, GWL_STYLE ) & WS_CAPTION) == WS_CAPTION )
             NC_HandleNCPaint( hwnd , (HRGN)1 );  /* Repaint caption */
diff --git a/dlls/user32/tests/msg.c b/dlls/user32/tests/msg.c
index fbadf7d29a..760a9ea7a4 100644
--- a/dlls/user32/tests/msg.c
+++ b/dlls/user32/tests/msg.c
@@ -14438,6 +14438,7 @@ static void test_defwinproc(void)
     INT x, y;
     LRESULT res;
     struct rbuttonup_thread_data data;
+    char buffA[64];
     HANDLE thread;
 
     hwnd = CreateWindowExA(0, "TestWindowClass", "test_defwndproc",
@@ -14445,6 +14446,23 @@ static void test_defwinproc(void)
     assert(hwnd);
     flush_events();
 
+    buffA[0] = 0;
+    GetWindowTextA(hwnd, buffA, sizeof(buffA)/sizeof(*buffA));
+    ok(!strcmp(buffA, "test_defwndproc"), "unexpected window text, %s\n", buffA);
+
+    /* Zero high word of the lParam */
+    res = DefWindowProcA(hwnd, WM_SETTEXT, 0, 0x1234);
+    ok(res == 0, "WM_SETTEXT was expected to fail, %ld\n", res);
+
+    GetWindowTextA(hwnd, buffA, sizeof(buffA)/sizeof(*buffA));
+    ok(!strcmp(buffA, "test_defwndproc"), "unexpected window text, %s\n", buffA);
+
+    res = DefWindowProcW(hwnd, WM_SETTEXT, 0, 0x1234);
+    ok(res == 0, "WM_SETTEXT was expected to fail, %ld\n", res);
+
+    GetWindowTextA(hwnd, buffA, sizeof(buffA)/sizeof(*buffA));
+    ok(!strcmp(buffA, "test_defwndproc"), "unexpected window text, %s\n", buffA);
+
     GetCursorPos(&pos);
     GetWindowRect(hwnd, &rect);
     x = (rect.left+rect.right) / 2;
-- 
2.11.0

More information about the wine-patches mailing list