Rebase against d575e0afe304d0096f8014f7f411bf28c126cc0b.

[kernel32-Codepage_Conversion]
Removed patch to make sure codepage conversion fails when destination length
is < 0 (accepted upstream).

[server-Coverity]
Removed patches to fix multiple possible invalid memory accesses detected by
Coverity (accepted upstream).

[user32-SetCaretPos]
Removed patch to avoid corruption of caret when SetCaretPos() is called
(accepted upstream).

patches/kernel32-Codepage_Conversion/0001-kernel32-Set-error-if-dstlen-0-in-codepage-conversio.patch

@@ -1,124 +0,0 @@
-From 351e216da1c1325ec354183ebf027b09b3d008c7 Mon Sep 17 00:00:00 2001
-From: Alex Henrie <alexhenrie24@gmail.com>
-Date: Sat, 19 Sep 2015 12:58:37 +0200
-Subject: kernel32: Set error if dstlen < 0 in codepage conversion functions
-
----
- dlls/kernel32/locale.c         |  4 ++--
- dlls/kernel32/tests/codepage.c | 48 +++++++++++++++++++++++++-----------------
- 2 files changed, 31 insertions(+), 21 deletions(-)
-
-diff --git a/dlls/kernel32/locale.c b/dlls/kernel32/locale.c
-index c0a66ef..6ede521 100644
---- a/dlls/kernel32/locale.c
-+++ b/dlls/kernel32/locale.c
-@@ -2125,7 +2125,7 @@ INT WINAPI MultiByteToWideChar( UINT page, DWORD flags, LPCSTR src, INT srclen,
-     const union cptable *table;
-     int ret;
- 
--    if (!src || !srclen || (!dst && dstlen))
-+    if (!src || !srclen || (!dst && dstlen) || dstlen < 0)
-     {
-         SetLastError( ERROR_INVALID_PARAMETER );
-         return 0;
-@@ -2341,7 +2341,7 @@ INT WINAPI WideCharToMultiByte( UINT page, DWORD flags, LPCWSTR src, INT srclen,
-     const union cptable *table;
-     int ret, used_tmp;
- 
--    if (!src || !srclen || (!dst && dstlen))
-+    if (!src || !srclen || (!dst && dstlen) || dstlen < 0)
-     {
-         SetLastError( ERROR_INVALID_PARAMETER );
-         return 0;
-diff --git a/dlls/kernel32/tests/codepage.c b/dlls/kernel32/tests/codepage.c
-index 54f62ae..6718a3b 100644
---- a/dlls/kernel32/tests/codepage.c
-+++ b/dlls/kernel32/tests/codepage.c
-@@ -28,6 +28,7 @@
- #include "winbase.h"
- #include "winnls.h"
- 
-+static const char foobarA[] = "foobar";
- static const WCHAR foobarW[] = {'f','o','o','b','a','r',0};
- 
- static void test_destination_buffer(void)
-@@ -144,48 +145,57 @@ static void test_negative_source_length(void)
- static void test_negative_dest_length(void)
- {
-     int len, i;
--    static char buf[LONGBUFLEN];
-+    static WCHAR bufW[LONGBUFLEN];
-+    static char bufA[LONGBUFLEN];
-     static WCHAR originalW[LONGBUFLEN];
-     static char originalA[LONGBUFLEN];
-     DWORD theError;
- 
-     /* Test return on -1 dest length */
-     SetLastError( 0xdeadbeef );
--    memset(buf,'x',sizeof(buf));
--    len = WideCharToMultiByte(CP_ACP, 0, foobarW, -1, buf, -1, NULL, NULL);
--    todo_wine {
--      ok(len == 0 && GetLastError() == ERROR_INVALID_PARAMETER,
--         "WideCharToMultiByte(destlen -1): len=%d error=%x\n", len, GetLastError());
--    }
-+    memset(bufA,'x',sizeof(bufA));
-+    len = WideCharToMultiByte(CP_ACP, 0, foobarW, -1, bufA, -1, NULL, NULL);
-+    ok(len == 0 && GetLastError() == ERROR_INVALID_PARAMETER,
-+       "WideCharToMultiByte(destlen -1): len=%d error=%x\n", len, GetLastError());
-+
-+    SetLastError( 0xdeadbeef );
-+    memset(bufW,'x',sizeof(bufW));
-+    len = MultiByteToWideChar(CP_ACP, 0, foobarA, -1, bufW, -1);
-+    ok(len == 0 && GetLastError() == ERROR_INVALID_PARAMETER,
-+       "MultiByteToWideChar(destlen -1): len=%d error=%x\n", len, GetLastError());
- 
-     /* Test return on -1000 dest length */
-     SetLastError( 0xdeadbeef );
--    memset(buf,'x',sizeof(buf));
--    len = WideCharToMultiByte(CP_ACP, 0, foobarW, -1, buf, -1000, NULL, NULL);
--    todo_wine {
--      ok(len == 0 && GetLastError() == ERROR_INVALID_PARAMETER,
--         "WideCharToMultiByte(destlen -1000): len=%d error=%x\n", len, GetLastError());
--    }
-+    memset(bufA,'x',sizeof(bufA));
-+    len = WideCharToMultiByte(CP_ACP, 0, foobarW, -1, bufA, -1000, NULL, NULL);
-+    ok(len == 0 && GetLastError() == ERROR_INVALID_PARAMETER,
-+       "WideCharToMultiByte(destlen -1000): len=%d error=%x\n", len, GetLastError());
-+
-+    SetLastError( 0xdeadbeef );
-+    memset(bufW,'x',sizeof(bufW));
-+    len = MultiByteToWideChar(CP_ACP, 0, foobarA, -1000, bufW, -1);
-+    ok(len == 0 && GetLastError() == ERROR_INVALID_PARAMETER,
-+       "MultiByteToWideChar(destlen -1000): len=%d error=%x\n", len, GetLastError());
- 
-     /* Test return on INT_MAX dest length */
-     SetLastError( 0xdeadbeef );
--    memset(buf,'x',sizeof(buf));
--    len = WideCharToMultiByte(CP_ACP, 0, foobarW, -1, buf, INT_MAX, NULL, NULL);
--    ok(len == 7 && !lstrcmpA(buf, "foobar") && GetLastError() == 0xdeadbeef,
-+    memset(bufA,'x',sizeof(bufA));
-+    len = WideCharToMultiByte(CP_ACP, 0, foobarW, -1, bufA, INT_MAX, NULL, NULL);
-+    ok(len == 7 && !lstrcmpA(bufA, "foobar") && GetLastError() == 0xdeadbeef,
-        "WideCharToMultiByte(destlen INT_MAX): len=%d error=%x\n", len, GetLastError());
- 
-     /* Test return on INT_MAX dest length and very long input */
-     SetLastError( 0xdeadbeef );
--    memset(buf,'x',sizeof(buf));
-+    memset(bufA,'x',sizeof(bufA));
-     for (i=0; i < LONGBUFLEN - 1; i++) {
-         originalW[i] = 'Q';
-         originalA[i] = 'Q';
-     }
-     originalW[LONGBUFLEN-1] = 0;
-     originalA[LONGBUFLEN-1] = 0;
--    len = WideCharToMultiByte(CP_ACP, 0, originalW, -1, buf, INT_MAX, NULL, NULL);
-+    len = WideCharToMultiByte(CP_ACP, 0, originalW, -1, bufA, INT_MAX, NULL, NULL);
-     theError = GetLastError();
--    ok(len == LONGBUFLEN && !lstrcmpA(buf, originalA) && theError == 0xdeadbeef,
-+    ok(len == LONGBUFLEN && !lstrcmpA(bufA, originalA) && theError == 0xdeadbeef,
-        "WideCharToMultiByte(srclen %d, destlen INT_MAX): len %d error=%x\n", LONGBUFLEN, len, theError);
- 
- }
--- 
-2.5.1
-

patches/kernel32-Codepage_Conversion/definition

@@ -1 +0,0 @@
-Fixes: Codepage conversion should fail when destination length is < 0

patches/patchinstall.sh

@@ -51,7 +51,7 @@ usage()
 # Get the upstream commit sha
 upstream_commit()
 {
-	echo "e5132e5a91208253e67c0eff709ab5c96d79b790"
+	echo "d575e0afe304d0096f8014f7f411bf28c126cc0b"
 }
 
 # Show version information
@@ -154,7 +154,6 @@ patch_enable_all ()
 	enable_iphlpapi_System_Ping="$1"
 	enable_iphlpapi_TCP_Table="$1"
 	enable_kernel32_COMSPEC="$1"
-	enable_kernel32_Codepage_Conversion="$1"
 	enable_kernel32_CompareString_Length="$1"
 	enable_kernel32_CopyFileEx="$1"
 	enable_kernel32_Cwd_Startup_Info="$1"
@@ -252,7 +251,6 @@ patch_enable_all ()
 	enable_rpcrt4_RpcBindingServerFromClient="$1"
 	enable_secur32_ANSI_NTLM_Credentials="$1"
 	enable_server_ClipCursor="$1"
-	enable_server_Coverity="$1"
 	enable_server_CreateProcess_ACLs="$1"
 	enable_server_Desktop_Refcount="$1"
 	enable_server_FileEndOfFileInformation="$1"
@@ -308,7 +306,6 @@ patch_enable_all ()
 	enable_user32_Mouse_Message_Hwnd="$1"
 	enable_user32_Refresh_MDI_Menus="$1"
 	enable_user32_ScrollWindowEx="$1"
-	enable_user32_SetCaretPos="$1"
 	enable_user32_SetCoalescableTimer="$1"
 	enable_user32_WM_CAPTURECHANGE="$1"
 	enable_user32_WM_MDICALCCHILDSCROLL="$1"
@@ -603,9 +600,6 @@ patch_enable ()
 		kernel32-COMSPEC)
 			enable_kernel32_COMSPEC="$2"
 			;;
-		kernel32-Codepage_Conversion)
-			enable_kernel32_Codepage_Conversion="$2"
-			;;
 		kernel32-CompareString_Length)
 			enable_kernel32_CompareString_Length="$2"
 			;;
@@ -897,9 +891,6 @@ patch_enable ()
 		server-ClipCursor)
 			enable_server_ClipCursor="$2"
 			;;
-		server-Coverity)
-			enable_server_Coverity="$2"
-			;;
 		server-CreateProcess_ACLs)
 			enable_server_CreateProcess_ACLs="$2"
 			;;
@@ -1065,9 +1056,6 @@ patch_enable ()
 		user32-ScrollWindowEx)
 			enable_user32_ScrollWindowEx="$2"
 			;;
-		user32-SetCaretPos)
-			enable_user32_SetCaretPos="$2"
-			;;
 		user32-SetCoalescableTimer)
 			enable_user32_SetCoalescableTimer="$2"
 			;;
@@ -3749,18 +3737,6 @@ if test "$enable_kernel32_COMSPEC" -eq 1; then
 	) >> "$patchlist"
 fi
 
-# Patchset kernel32-Codepage_Conversion
-# |
-# | Modified files:
-# |   *	dlls/kernel32/locale.c, dlls/kernel32/tests/codepage.c
-# |
-if test "$enable_kernel32_Codepage_Conversion" -eq 1; then
-	patch_apply kernel32-Codepage_Conversion/0001-kernel32-Set-error-if-dstlen-0-in-codepage-conversio.patch
-	(
-		echo '+    { "Alex Henrie", "kernel32: Set error if dstlen < 0 in codepage conversion functions.", 1 },';
-	) >> "$patchlist"
-fi
-
 # Patchset kernel32-CompareString_Length
 # |
 # | This patchset fixes the following Wine bugs:
@@ -5393,20 +5369,6 @@ if test "$enable_server_ClipCursor" -eq 1; then
 	) >> "$patchlist"
 fi
 
-# Patchset server-Coverity
-# |
-# | Modified files:
-# |   *	server/directory.c, server/registry.c
-# |
-if test "$enable_server_Coverity" -eq 1; then
-	patch_apply server-Coverity/0001-server-Add-missing-check-for-objattr-variable-in-loa.patch
-	patch_apply server-Coverity/0002-server-Avoid-invalid-memory-access-if-creation-of-na.patch
-	(
-		echo '+    { "Sebastian Lackner", "server: Add missing check for objattr variable in load_registry wineserver call (Coverity).", 1 },';
-		echo '+    { "Sebastian Lackner", "server: Avoid invalid memory access if creation of namespace fails in create_directory (Coverity).", 1 },';
-	) >> "$patchlist"
-fi
-
 # Patchset server-FileEndOfFileInformation
 # |
 # | Modified files:
@@ -6189,18 +6151,6 @@ if test "$enable_user32_ScrollWindowEx" -eq 1; then
 	) >> "$patchlist"
 fi
 
-# Patchset user32-SetCaretPos
-# |
-# | Modified files:
-# |   *	dlls/user32/caret.c, server/protocol.def, server/queue.c
-# |
-if test "$enable_user32_SetCaretPos" -eq 1; then
-	patch_apply user32-SetCaretPos/0001-user32-Set-correct-caret-state-in-the-server-in-SetC.patch
-	(
-		echo '+    { "Anton Baskanov", "user32: Set correct caret state in the server in SetCaretPos.", 5 },';
-	) >> "$patchlist"
-fi
-
 # Patchset user32-SetCoalescableTimer
 # |
 # | This patchset fixes the following Wine bugs:

patches/server-Coverity/0001-server-Add-missing-check-for-objattr-variable-in-loa.patch

@@ -1,26 +0,0 @@
-From b2fec3a86116deb45df5c8f3f6ac07434d3d34a7 Mon Sep 17 00:00:00 2001
-From: Sebastian Lackner <sebastian@fds-team.de>
-Date: Sat, 23 Jan 2016 20:23:04 +0100
-Subject: server: Add missing check for objattr variable in load_registry
- wineserver call (Coverity).
-
----
- server/registry.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/server/registry.c b/server/registry.c
-index 5723824..a35765c 100644
---- a/server/registry.c
-+++ b/server/registry.c
-@@ -2187,6 +2187,8 @@ DECL_HANDLER(load_registry)
-     const struct security_descriptor *sd;
-     const struct object_attributes *objattr = get_req_object_attributes( &sd, &name );
- 
-+    if (!objattr) return;
-+
-     if (!thread_single_check_privilege( current, &SeRestorePrivilege ))
-     {
-         set_error( STATUS_PRIVILEGE_NOT_HELD );
--- 
-2.6.4
-

patches/server-Coverity/0002-server-Avoid-invalid-memory-access-if-creation-of-na.patch

@@ -1,26 +0,0 @@
-From 4e690407c338be1553e6c2c18977364152477339 Mon Sep 17 00:00:00 2001
-From: Sebastian Lackner <sebastian@fds-team.de>
-Date: Sat, 23 Jan 2016 20:23:48 +0100
-Subject: server: Avoid invalid memory access if creation of namespace fails in
- create_directory (Coverity).
-
----
- server/directory.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/server/directory.c b/server/directory.c
-index de049ef..937ab89 100644
---- a/server/directory.c
-+++ b/server/directory.c
-@@ -192,7 +192,7 @@ static struct directory *create_directory( struct directory *root, const struct
-         if (!(dir->entries = create_namespace( hash_size )))
-         {
-             release_object( dir );
--            dir = NULL;
-+            return NULL;
-         }
-         if (sd) default_set_sd( &dir->obj, sd, OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION |
-                                 DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION );
--- 
-2.6.4
-

patches/user32-SetCaretPos/0001-user32-Set-correct-caret-state-in-the-server-in-SetC.patch

@@ -1,99 +0,0 @@
-From 64b178a05599e08ff0ceb28e6455bedd58487ff1 Mon Sep 17 00:00:00 2001
-From: Anton Baskanov <baskanov@gmail.com>
-Date: Thu, 31 Dec 2015 17:39:02 +0100
-Subject: user32: Set correct caret state in the server in SetCaretPos. (try 5)
-
-Signed-off-by: Anton Baskanov <baskanov@gmail.com>
-Signed-off-by: Sebastian Lackner <sebastian@fds-team.de>
----
- dlls/user32/caret.c | 8 ++++----
- server/protocol.def | 6 +++++-
- server/queue.c      | 8 ++++++--
- 3 files changed, 15 insertions(+), 7 deletions(-)
-
-diff --git a/dlls/user32/caret.c b/dlls/user32/caret.c
-index 53bb5b4..734377a 100644
---- a/dlls/user32/caret.c
-+++ b/dlls/user32/caret.c
-@@ -86,7 +86,7 @@ static void CALLBACK CARET_Callback( HWND hwnd, UINT msg, UINT_PTR id, DWORD cti
-         req->x      = 0;
-         req->y      = 0;
-         req->hide   = 0;
--        req->state  = -1;  /* toggle current state */
-+        req->state  = CARET_STATE_TOGGLE;
-         if ((ret = !wine_server_call( req )))
-         {
-             hwnd      = wine_server_ptr_handle( reply->full_handle );
-@@ -256,7 +256,7 @@ BOOL WINAPI SetCaretPos( INT x, INT y )
-         req->x      = x;
-         req->y      = y;
-         req->hide   = 0;
--        req->state  = 1;
-+        req->state  = CARET_STATE_ON_IF_POS_CHANGED;
-         if ((ret = !wine_server_call_err( req )))
-         {
-             hwnd      = wine_server_ptr_handle( reply->full_handle );
-@@ -300,7 +300,7 @@ BOOL WINAPI HideCaret( HWND hwnd )
-         req->x      = 0;
-         req->y      = 0;
-         req->hide   = 1;
--        req->state  = 0;
-+        req->state  = CARET_STATE_OFF;
-         if ((ret = !wine_server_call_err( req )))
-         {
-             hwnd      = wine_server_ptr_handle( reply->full_handle );
-@@ -339,7 +339,7 @@ BOOL WINAPI ShowCaret( HWND hwnd )
-         req->x      = 0;
-         req->y      = 0;
-         req->hide   = -1;
--        req->state  = 1;
-+        req->state  = CARET_STATE_ON;
-         if ((ret = !wine_server_call_err( req )))
-         {
-             hwnd      = wine_server_ptr_handle( reply->full_handle );
-diff --git a/server/protocol.def b/server/protocol.def
-index ea5bd61..ad702fe 100644
---- a/server/protocol.def
-+++ b/server/protocol.def
-@@ -2978,7 +2978,7 @@ enum coords_relative
-     int            x;             /* caret x position */
-     int            y;             /* caret y position */
-     int            hide;          /* increment for hide count (can be negative to show it) */
--    int            state;         /* caret state (1=on, 0=off, -1=toggle current state) */
-+    int            state;         /* caret state (see below) */
- @REPLY
-     user_handle_t  full_handle;   /* handle to the current caret window */
-     rectangle_t    old_rect;      /* previous caret rectangle */
-@@ -2988,6 +2988,10 @@ enum coords_relative
- #define SET_CARET_POS        0x01  /* set the caret position from x,y */
- #define SET_CARET_HIDE       0x02  /* increment the caret hide count */
- #define SET_CARET_STATE      0x04  /* set the caret on/off state */
-+#define CARET_STATE_OFF                0 /* off */
-+#define CARET_STATE_ON                 1 /* on */
-+#define CARET_STATE_TOGGLE            -1 /* toggle current state */
-+#define CARET_STATE_ON_IF_POS_CHANGED -2 /* on if the position differs, unchanged otherwise */
- 
- 
- /* Set a window hook */
-diff --git a/server/queue.c b/server/queue.c
-index 3099e12..25260e4 100644
---- a/server/queue.c
-+++ b/server/queue.c
-@@ -3039,8 +3039,12 @@ DECL_HANDLER(set_caret_info)
-     }
-     if (req->flags & SET_CARET_STATE)
-     {
--        if (req->state == -1) input->caret_state = !input->caret_state;
--        else input->caret_state = !!req->state;
-+        if (req->state == CARET_STATE_TOGGLE)
-+            input->caret_state = !input->caret_state;
-+        else if (req->state != CARET_STATE_ON_IF_POS_CHANGED)
-+            input->caret_state = (req->state != CARET_STATE_OFF);
-+        else if (req->x != reply->old_rect.left || req->y != reply->old_rect.top)
-+            input->caret_state = 1;
-     }
- }
- 
--- 
-2.6.4
-

patches/user32-SetCaretPos/definition

@@ -1 +0,0 @@
-Fixes: Avoid corruption of caret when SetCaretPos() is called