wine/wine-staging
0
0
Fork 0
mirror of https://gitlab.winehq.org/wine/wine-staging.git synced 2024-11-21 16:46:54 -08:00
Code Issues Packages Projects Releases Wiki Activity

Added patch to protect TVM_GETITEM from invalid item pointers.

Browse Source
This commit is contained in:
Sebastian Lackner 2015-09-28 00:35:20 +02:00
parent 5f353ac80e
commit 0d466f5e6d
5 changed files with 94 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
README.md
View File

@ -39,13 +39,14 @@ Wine. All those differences are also documented on the
Included bug fixes and improvements
-----------------------------------
**Bug fixes and features included in the next upcoming release [8]:**
**Bug fixes and features included in the next upcoming release [9]:**
* Add implementation for msidb commandline tool
* Codepage conversion should fail when destination length is < 0
* Do not trust width/height passed to edit control in WM_SIZE message ([Wine Bug #37542](https://bugs.winehq.org/show_bug.cgi?id=37542))
* Fix calculation of listbox size when horizontal scrollbar is present ([Wine Bug #38142](https://bugs.winehq.org/show_bug.cgi?id=38142))
* Implement semi-stub for d3d8 swapchain effect D3DSWAPEFFECT_COPY_VSYNC ([Wine Bug #39281](https://bugs.winehq.org/show_bug.cgi?id=39281))
* Protect TVM_GETITEM from invalid item pointers ([Wine Bug #33001](https://bugs.winehq.org/show_bug.cgi?id=33001))
* Reduce stack usage of virtual memory functions ([Wine Bug #34558](https://bugs.winehq.org/show_bug.cgi?id=34558))
* Refresh MDI menus when DefMDIChildProc(WM_SETTEXT) is called ([Wine Bug #21855](https://bugs.winehq.org/show_bug.cgi?id=21855))
* Return STATUS_INVALID_DEVICE_REQUEST when trying to call NtReadFile on directory

1
debian/changelog vendored
View File

@ -14,6 +14,7 @@ wine-staging (1.7.52) UNRELEASED; urgency=low
* Added patch to ignore width/height passed to edit control in WM_SIZE
message.
* Added patch to refresh MDI menus when DefMDIChildProc(WM_SETTEXT) is called.
* Added patch to protect TVM_GETITEM from invalid item pointers.
* Removed patch to fix possible memory leak in netprofm init_networks (fixed
upstream).
* Removed patch for stub of dwmapi.DwmUpdateThumbnailProperties (accepted

71
patches/comctl32-TVM_GETITEM/0001-comctl32-Protect-TVM_GETITEM-from-invalid-item-point.patch Normal file
View File

@ -0,0 +1,71 @@
From 1b058c627bdd31c151110e8f554ab6210248e105 Mon Sep 17 00:00:00 2001
From: Nikolay Sivov <nsivov@codeweavers.com>
Date: Fri, 22 Feb 2013 11:38:12 +0400
Subject: comctl32: Protect TVM_GETITEM from invalid item pointers
Changes by Sebastian Lackner <sebastian@fds-team.de>:
* Avoid return in __TRY block.
---
dlls/comctl32/tests/treeview.c | 9 +++++++++
dlls/comctl32/treeview.c | 16 +++++++++++++---
2 files changed, 22 insertions(+), 3 deletions(-)
diff --git a/dlls/comctl32/tests/treeview.c b/dlls/comctl32/tests/treeview.c
index 5003dfa..933a8b0 100644
--- a/dlls/comctl32/tests/treeview.c
+++ b/dlls/comctl32/tests/treeview.c
@@ -905,6 +905,15 @@ static void test_get_set_item(void)
expect(TRUE, ret);
ok(tviRoot.state == TVIS_FOCUSED, "got state 0x%0x\n", tviRoot.state);
+if (0)
+{
+ /* invalid item pointer, nt4 crashes here but later versions just return 0 */
+ tviRoot.hItem = (HTREEITEM)0xdeadbeef;
+ tviRoot.mask = TVIF_STATE;
+ tviRoot.state = 0;
+ ret = SendMessageA(hTree2, TVM_GETITEMA, 0, (LPARAM)&tviRoot);
+ expect(FALSE, ret);
+}
DestroyWindow(hTree);
DestroyWindow(hTree2);
}
diff --git a/dlls/comctl32/treeview.c b/dlls/comctl32/treeview.c
index 812bd35..6adafc4 100644
--- a/dlls/comctl32/treeview.c
+++ b/dlls/comctl32/treeview.c
@@ -63,6 +63,7 @@
#include "vssym32.h"
#include "wine/unicode.h"
#include "wine/debug.h"
+#include "wine/exception.h"
WINE_DEFAULT_DEBUG_CHANNEL(treeview);
@@ -2068,11 +2069,20 @@ TREEVIEW_GetItemT(const TREEVIEW_INFO *infoPtr, LPTVITEMEXW tvItem, BOOL isW)
if (!TREEVIEW_ValidItem(infoPtr, item))
{
+ BOOL valid_item = FALSE;
if (!item) return FALSE;
- TRACE("got item from different tree %p, called from %p\n", item->infoPtr, infoPtr);
- infoPtr = item->infoPtr;
- if (!TREEVIEW_ValidItem(infoPtr, item)) return FALSE;
+ __TRY
+ {
+ infoPtr = item->infoPtr;
+ TRACE("got item from different tree %p, called from %p\n", item->infoPtr, infoPtr);
+ valid_item = TREEVIEW_ValidItem(infoPtr, item);
+ }
+ __EXCEPT_PAGE_FAULT
+ {
+ }
+ __ENDTRY
+ if (!valid_item) return FALSE;
}
TREEVIEW_UpdateDispInfo(infoPtr, item, tvItem->mask);
--
2.5.1

1
patches/comctl32-TVM_GETITEM/definition Normal file
View File

@ -0,0 +1 @@
Fixes: [33001] Protect TVM_GETITEM from invalid item pointers

19
patches/patchinstall.sh
View File

@ -94,6 +94,7 @@ patch_enable_all ()
enable_combase_String="$1"
enable_comctl32_Button_Theming="$1"
enable_comctl32_LoadIconMetric="$1"
enable_comctl32_TVM_GETITEM="$1"
enable_configure_Absolute_RPATH="$1"
enable_crypt32_CMS_Certificates="$1"
enable_crypt32_CryptUnprotectMemory="$1"
@ -380,6 +381,9 @@ patch_enable ()
comctl32-LoadIconMetric)
enable_comctl32_LoadIconMetric="$2"
;;
comctl32-TVM_GETITEM)
enable_comctl32_TVM_GETITEM="$2"
;;
configure-Absolute_RPATH)
enable_configure_Absolute_RPATH="$2"
;;
@ -2373,6 +2377,21 @@ if test "$enable_comctl32_LoadIconMetric" -eq 1; then
) >> "$patchlist"
fi
# Patchset comctl32-TVM_GETITEM
# |
# | This patchset fixes the following Wine bugs:
# | * [#33001] Protect TVM_GETITEM from invalid item pointers
# |
# | Modified files:
# | * dlls/comctl32/tests/treeview.c, dlls/comctl32/treeview.c
# |
if test "$enable_comctl32_TVM_GETITEM" -eq 1; then
patch_apply comctl32-TVM_GETITEM/0001-comctl32-Protect-TVM_GETITEM-from-invalid-item-point.patch
(
echo '+ { "Nikolay Sivov", "comctl32: Protect TVM_GETITEM from invalid item pointers.", 1 },';
) >> "$patchlist"
fi
# Patchset configure-Absolute_RPATH
# |
# | This patchset fixes the following Wine bugs: