Added patch to protect TVM_GETITEM from invalid item pointers.

patches/comctl32-TVM_GETITEM/0001-comctl32-Protect-TVM_GETITEM-from-invalid-item-point.patch

@@ -0,0 +1,71 @@
+From 1b058c627bdd31c151110e8f554ab6210248e105 Mon Sep 17 00:00:00 2001
+From: Nikolay Sivov <nsivov@codeweavers.com>
+Date: Fri, 22 Feb 2013 11:38:12 +0400
+Subject: comctl32: Protect TVM_GETITEM from invalid item pointers
+
+Changes by Sebastian Lackner <sebastian@fds-team.de>:
+* Avoid return in __TRY block.
+---
+ dlls/comctl32/tests/treeview.c |  9 +++++++++
+ dlls/comctl32/treeview.c       | 16 +++++++++++++---
+ 2 files changed, 22 insertions(+), 3 deletions(-)
+
+diff --git a/dlls/comctl32/tests/treeview.c b/dlls/comctl32/tests/treeview.c
+index 5003dfa..933a8b0 100644
+--- a/dlls/comctl32/tests/treeview.c
++++ b/dlls/comctl32/tests/treeview.c
+@@ -905,6 +905,15 @@ static void test_get_set_item(void)
+     expect(TRUE, ret);
+     ok(tviRoot.state == TVIS_FOCUSED, "got state 0x%0x\n", tviRoot.state);
+ 
++if (0)
++{
++    /* invalid item pointer, nt4 crashes here but later versions just return 0 */
++    tviRoot.hItem = (HTREEITEM)0xdeadbeef;
++    tviRoot.mask = TVIF_STATE;
++    tviRoot.state = 0;
++    ret = SendMessageA(hTree2, TVM_GETITEMA, 0, (LPARAM)&tviRoot);
++    expect(FALSE, ret);
++}
+     DestroyWindow(hTree);
+     DestroyWindow(hTree2);
+ }
+diff --git a/dlls/comctl32/treeview.c b/dlls/comctl32/treeview.c
+index 812bd35..6adafc4 100644
+--- a/dlls/comctl32/treeview.c
++++ b/dlls/comctl32/treeview.c
+@@ -63,6 +63,7 @@
+ #include "vssym32.h"
+ #include "wine/unicode.h"
+ #include "wine/debug.h"
++#include "wine/exception.h"
+ 
+ WINE_DEFAULT_DEBUG_CHANNEL(treeview);
+ 
+@@ -2068,11 +2069,20 @@ TREEVIEW_GetItemT(const TREEVIEW_INFO *infoPtr, LPTVITEMEXW tvItem, BOOL isW)
+ 
+     if (!TREEVIEW_ValidItem(infoPtr, item))
+     {
++        BOOL valid_item = FALSE;
+         if (!item) return FALSE;
+ 
+-        TRACE("got item from different tree %p, called from %p\n", item->infoPtr, infoPtr);
+-        infoPtr = item->infoPtr;
+-        if (!TREEVIEW_ValidItem(infoPtr, item)) return FALSE;
++        __TRY
++        {
++            infoPtr = item->infoPtr;
++            TRACE("got item from different tree %p, called from %p\n", item->infoPtr, infoPtr);
++            valid_item = TREEVIEW_ValidItem(infoPtr, item);
++        }
++        __EXCEPT_PAGE_FAULT
++        {
++        }
++        __ENDTRY
++        if (!valid_item) return FALSE;
+     }
+ 
+     TREEVIEW_UpdateDispInfo(infoPtr, item, tvItem->mask);
+-- 
+2.5.1
+

patches/comctl32-TVM_GETITEM/definition

@@ -0,0 +1 @@
+Fixes: [33001] Protect TVM_GETITEM from invalid item pointers

patches/patchinstall.sh

@@ -94,6 +94,7 @@ patch_enable_all ()
 	enable_combase_String="$1"
 	enable_comctl32_Button_Theming="$1"
 	enable_comctl32_LoadIconMetric="$1"
+	enable_comctl32_TVM_GETITEM="$1"
 	enable_configure_Absolute_RPATH="$1"
 	enable_crypt32_CMS_Certificates="$1"
 	enable_crypt32_CryptUnprotectMemory="$1"
@@ -380,6 +381,9 @@ patch_enable ()
 		comctl32-LoadIconMetric)
 			enable_comctl32_LoadIconMetric="$2"
 			;;
+		comctl32-TVM_GETITEM)
+			enable_comctl32_TVM_GETITEM="$2"
+			;;
 		configure-Absolute_RPATH)
 			enable_configure_Absolute_RPATH="$2"
 			;;
@@ -2373,6 +2377,21 @@ if test "$enable_comctl32_LoadIconMetric" -eq 1; then
 	) >> "$patchlist"
 fi
 
+# Patchset comctl32-TVM_GETITEM
+# |
+# | This patchset fixes the following Wine bugs:
+# |   *	[#33001] Protect TVM_GETITEM from invalid item pointers
+# |
+# | Modified files:
+# |   *	dlls/comctl32/tests/treeview.c, dlls/comctl32/treeview.c
+# |
+if test "$enable_comctl32_TVM_GETITEM" -eq 1; then
+	patch_apply comctl32-TVM_GETITEM/0001-comctl32-Protect-TVM_GETITEM-from-invalid-item-point.patch
+	(
+		echo '+    { "Nikolay Sivov", "comctl32: Protect TVM_GETITEM from invalid item pointers.", 1 },';
+	) >> "$patchlist"
+fi
+
 # Patchset configure-Absolute_RPATH
 # |
 # | This patchset fixes the following Wine bugs: