Added patch to fix NULL pointer dereference in get_frame_by_name.

Note: An almost identical version was also submitted by Indrek Altpere to wine-patches, but Michael Müller submitted his own attempt even earlier to me - see timestamp of the patch.
2025-09-12 18:50:20 -07:00 · 2015-05-29 20:09:02 +02:00
parent cec272a2d4
commit f5c6731e84
5 changed files with 52 additions and 1 deletions
--- a/patches/mshtml-get_frame_by_name/0001-mshtml-Do-not-crash-on-null-window-in-get_frame_by_n.patch
+++ b/patches/mshtml-get_frame_by_name/0001-mshtml-Do-not-crash-on-null-window-in-get_frame_by_n.patch
@@ -0,0 +1,29 @@
+From d426832abe3e622e471dddf472f5b24aa53d6fe8 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
+Date: Fri, 29 May 2015 02:41:09 +0200
+Subject: mshtml: Do not crash on null window in get_frame_by_name.
+
+---
+ dlls/mshtml/htmlwindow.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/dlls/mshtml/htmlwindow.c b/dlls/mshtml/htmlwindow.c
+index 618648e..92ed869 100644
+--- a/dlls/mshtml/htmlwindow.c
+++ b/dlls/mshtml/htmlwindow.c
+@@ -406,6 +406,12 @@ HRESULT get_frame_by_name(HTMLOuterWindow *This, const WCHAR *name, BOOL deep, H
+ 
+         nsIDOMWindow_Release(nswindow);
+ 
+        if (!window_iter)
+        {
+            FIXME("nsIDOMWindow %p is invalid!\n", nswindow);
+            continue;
+        }
+
+         hres = IHTMLElement_get_id(&window_iter->frame_element->element.IHTMLElement_iface, &id);
+         if(FAILED(hres)) {
+             FIXME("IHTMLElement_get_id failed: 0x%08x\n", hres);
+-- 
+2.4.2
+
--- a/patches/mshtml-get_frame_by_name/definition
+++ b/patches/mshtml-get_frame_by_name/definition
@@ -0,0 +1 @@
+Fixes: [34982] Fix NULL pointer dereference in get_frame_by_name
--- a/patches/patchinstall.sh
+++ b/patches/patchinstall.sh
@@ -150,6 +150,7 @@ patch_enable_all ()
 	enable_mmdevapi_AEV_Stubs="$1"
 	enable_mountmgr_DosDevices="$1"
 	enable_mscoree_CorValidateImage="$1"
+	enable_mshtml_get_frame_by_name="$1"
 	enable_msvcp90_basic_string_dtor="$1"
 	enable_msvcrt_Math_Precision="$1"
 	enable_msvcrt_atof_strtod="$1"
@@ -513,6 +514,9 @@ patch_enable ()
 		mscoree-CorValidateImage)
 			enable_mscoree_CorValidateImage="$2"
 			;;
+		mshtml-get_frame_by_name)
+			enable_mshtml_get_frame_by_name="$2"
+			;;
 		msvcp90-basic_string_dtor)
 			enable_msvcp90_basic_string_dtor="$2"
 			;;
@@ -3756,6 +3760,21 @@ if test "$enable_mscoree_CorValidateImage" -eq 1; then
 	) >> "$patchlist"
 fi

+# Patchset mshtml-get_frame_by_name
+# |
+# | This patchset fixes the following Wine bugs:
+# |   *	[#34982] Fix NULL pointer dereference in get_frame_by_name
+# |
+# | Modified files:
+# |   *	dlls/mshtml/htmlwindow.c
+# |
+if test "$enable_mshtml_get_frame_by_name" -eq 1; then
+	patch_apply mshtml-get_frame_by_name/0001-mshtml-Do-not-crash-on-null-window-in-get_frame_by_n.patch
+	(
+		echo '+    { "Michael Müller", "mshtml: Do not crash on null window in get_frame_by_name.", 1 },';
+	) >> "$patchlist"
+fi
+
 # Patchset msvcp90-basic_string_dtor
 # |
 # | This patchset fixes the following Wine bugs:
				`@@ -0,0 +1 @@`
				`Fixes: [34982] Fix NULL pointer dereference in get_frame_by_name`