From: Nikolay Sivov Subject: [PATCH] comctl32/toolbar: Protect from NULL pointer access in TB_GETBUTTONINFOW handler Message-Id: <20170111123142.9473-1-nsivov@codeweavers.com> Date: Wed, 11 Jan 2017 15:31:42 +0300 Signed-off-by: Nikolay Sivov --- Fixes https://bugs.winehq.org/show_bug.cgi?id=34465 TB_GETBUTTONINFOA will keep crashing as it does on Windows dlls/comctl32/tests/toolbar.c | 11 ++++++++++- dlls/comctl32/toolbar.c | 2 +- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/dlls/comctl32/tests/toolbar.c b/dlls/comctl32/tests/toolbar.c index 7dcdadb9a7..f2f7924411 100644 --- a/dlls/comctl32/tests/toolbar.c +++ b/dlls/comctl32/tests/toolbar.c @@ -1710,12 +1710,13 @@ static void test_recalc(void) static void test_getbuttoninfo(void) { HWND hToolbar = NULL; + TBBUTTONINFOW tbiW; + TBBUTTONINFOA tbi; int i; rebuild_toolbar_with_buttons(&hToolbar); for (i = 0; i < 128; i++) { - TBBUTTONINFOA tbi; int ret; tbi.cbSize = i; @@ -1727,6 +1728,14 @@ static void test_getbuttoninfo(void) compare(ret, -1, "%d"); } } + + /* TBIF_TEXT with NULL pszText */ + memset(&tbiW, 0, sizeof(tbiW)); + tbiW.cbSize = sizeof(tbiW); + tbiW.dwMask = TBIF_BYINDEX | TBIF_STYLE | TBIF_COMMAND | TBIF_TEXT; + i = SendMessageA(hToolbar, TB_GETBUTTONINFOW, 1, (LPARAM)&tbiW); + ok(i == 1, "Got index %d\n", i); + DestroyWindow(hToolbar); } diff --git a/dlls/comctl32/toolbar.c b/dlls/comctl32/toolbar.c index 422845c5f8..0c545a286f 100644 --- a/dlls/comctl32/toolbar.c +++ b/dlls/comctl32/toolbar.c @@ -3397,7 +3397,7 @@ TOOLBAR_GetButtonInfoT(const TOOLBAR_INFO *infoPtr, INT Id, LPTBBUTTONINFOW lpTb Str_GetPtrW(lpText, lpTbInfo->pszText, lpTbInfo->cchText); else Str_GetPtrWtoA(lpText, (LPSTR)lpTbInfo->pszText, lpTbInfo->cchText); - } else + } else if (!bUnicode || lpTbInfo->pszText) lpTbInfo->pszText[0] = '\0'; } return nIndex; -- 2.11.0