[PATCH] ole32: Avoid null pointer dereferences in CoGetTreatAsClass.
Alex Henrie
alexhenrie24 at gmail.com
Thu Jul 6 00:01:22 CDT 2017
Discovered while debugging TI Connect with Valgrind. Although TI Connect
has an exception handler that prevents a crash, this bug is probably
contributing to the program freezing later on.
Signed-off-by: Alex Henrie <alexhenrie24 at gmail.com>
---
dlls/ole32/compobj.c | 4 ++++
dlls/ole32/tests/compobj.c | 8 ++++++++
2 files changed, 12 insertions(+)
diff --git a/dlls/ole32/compobj.c b/dlls/ole32/compobj.c
index 1ce9cec6e5..6024448524 100644
--- a/dlls/ole32/compobj.c
+++ b/dlls/ole32/compobj.c
@@ -3825,6 +3825,10 @@ HRESULT WINAPI CoGetTreatAsClass(REFCLSID clsidOld, LPCLSID clsidNew)
LONG len = sizeof(szClsidNew);
TRACE("(%s,%p)\n", debugstr_guid(clsidOld), clsidNew);
+
+ if (!clsidOld || !clsidNew)
+ return E_INVALIDARG;
+
*clsidNew = *clsidOld; /* copy over old value */
res = COM_OpenKeyForCLSID(clsidOld, wszTreatAs, KEY_READ, &hkey);
diff --git a/dlls/ole32/tests/compobj.c b/dlls/ole32/tests/compobj.c
index e585a4600c..feb1d72eac 100644
--- a/dlls/ole32/tests/compobj.c
+++ b/dlls/ole32/tests/compobj.c
@@ -2176,10 +2176,18 @@ static void test_TreatAsClass(void)
win_skip("CoGetTreatAsClass not present\n");
return;
}
+
hr = pCoGetTreatAsClass(&deadbeef,&out);
ok (hr == S_FALSE, "expected S_FALSE got %x\n",hr);
ok (IsEqualGUID(&out,&deadbeef), "expected to get same clsid back\n");
+ hr = pCoGetTreatAsClass(NULL, &out);
+ ok(hr == E_INVALIDARG, "expected E_INVALIDARG got %08x\n", hr);
+ ok(IsEqualGUID(&out, &deadbeef), "expected no change to the clsid\n");
+
+ hr = pCoGetTreatAsClass(&deadbeef, NULL);
+ ok(hr == E_INVALIDARG, "expected E_INVALIDARG got %08x\n", hr);
+
lr = RegOpenKeyExA(HKEY_CLASSES_ROOT, "CLSID", 0, KEY_READ, &clsidkey);
ok(!lr, "Couldn't open CLSID key, error %d\n", lr);
--
2.13.2
More information about the wine-patches
mailing list