From: "carlo.bramix@libero.it" Subject: [shlwapi] Add NULL checks to StrCpyW and StrCatW Message-Id: <8123325.17025741334430062049.JavaMail.defaultUser@defaultHost> Date: Sat, 14 Apr 2012 21:01:02 +0200 (CEST) From Bug #25261: I looked the terminal output in the attachment of this bug and then I did some debugging on Windows. I tested StrCpyW and also StrCatW (my intuition suggested me to do so) and I discovered that: StrCpyW(myDestination, mySource) does not crash, it copies the content of mySource into myDestination, pointer to myDestination is returned. StrCpyW(myDestination, NULL) does not crash, it leaves myDestination unchanged, pointer to myDestination is returned. StrCpyW(NULL, NULL) does not crash, it returns NULL. StrCatW has the same behavior of StrCpyW. Actually, it seems to me that many string functions implemented into shlwapi are already protected against wrong parameters, evidently StrCpyW and StrCatW have need the same fixes that have been made elsewhere, since strcpyW and strcatW don't do it. Attached patch should fix the defect, it just adds the test if both parameters are not NULL before proceeding to the copy. Sincerely, Carlo Bramini. diff --git a/dlls/shlwapi/string.c b/dlls/shlwapi/string.c index c65d576..e2f1cba 100644 --- a/dlls/shlwapi/string.c +++ b/dlls/shlwapi/string.c @@ -477,7 +477,8 @@ LPWSTR WINAPI StrCatW(LPWSTR lpszStr, LPCWSTR lpszSrc) { TRACE("(%s,%s)\n", debugstr_w(lpszStr), debugstr_w(lpszSrc)); - strcatW(lpszStr, lpszSrc); + if (lpszStr && lpszSrc) + strcatW(lpszStr, lpszSrc); return lpszStr; } @@ -497,7 +498,8 @@ LPWSTR WINAPI StrCpyW(LPWSTR lpszStr, LPCWSTR lpszSrc) { TRACE("(%p,%s)\n", lpszStr, debugstr_w(lpszSrc)); - strcpyW(lpszStr, lpszSrc); + if (lpszStr && lpszSrc) + strcpyW(lpszStr, lpszSrc); return lpszStr; }