From: Zhiyi Zhang <wine@gitlab.winehq.org>
Subject: [PATCH 2/3] atl: Avoid NULL pointer reference in AtlComModuleRegisterClassObjects().
Message-Id: <wine-wine-mr358-v1-patch2@gitlab-mail-bridge>
Date: Fri, 01 Jul 2022 08:00:34 +0000
In-Reply-To: <wine-wine-mr358-v1@gitlab-mail-bridge>
References: <merge_request_437@gitlab.winehq.org> <wine-wine-mr358-v1@gitlab-mail-bridge>

From: Zhiyi Zhang <zzhang@codeweavers.com>

Signed-off-by: Zhiyi Zhang <zzhang@codeweavers.com>
---
 dlls/atl/atl.c          |  4 ++--
 dlls/atl100/tests/atl.c | 28 ++++++++++++++++++++++++++++
 dlls/atl110/tests/atl.c | 36 ++++++++++++++++++++++++++++++++++++
 3 files changed, 66 insertions(+), 2 deletions(-)

diff --git a/dlls/atl/atl.c b/dlls/atl/atl.c
index d501e7a6d76..5a302621d60 100644
--- a/dlls/atl/atl.c
+++ b/dlls/atl/atl.c
@@ -538,7 +538,7 @@ HRESULT WINAPI AtlComModuleRegisterClassObjects(_ATL_COM_MODULE *module, DWORD c
         return E_INVALIDARG;
 
     for(iter = module->m_ppAutoObjMapFirst; iter < module->m_ppAutoObjMapLast; iter++) {
-        if(!(*iter)->pfnGetClassObject)
+        if(!(*iter) || !(*iter)->pfnGetClassObject)
             continue;
 
         hres = (*iter)->pfnGetClassObject((*iter)->pfnCreateInstance, &IID_IUnknown, (void**)&unk);
@@ -566,7 +566,7 @@ HRESULT WINAPI AtlComModuleRegisterClassObjects(_ATL_COM_MODULE *module, DWORD c
         return E_INVALIDARG;
 
     for(iter = module->m_ppAutoObjMapFirst; iter < module->m_ppAutoObjMapLast; iter++) {
-        if(!(*iter)->pfnGetClassObject)
+        if(!(*iter) || !(*iter)->pfnGetClassObject)
             continue;
 
         hres = (*iter)->pfnGetClassObject((*iter)->pfnCreateInstance, &IID_IUnknown, (void**)&unk);
diff --git a/dlls/atl100/tests/atl.c b/dlls/atl100/tests/atl.c
index e002af0d24c..7da6e5a9cd6 100644
--- a/dlls/atl100/tests/atl.c
+++ b/dlls/atl100/tests/atl.c
@@ -1088,6 +1088,33 @@ static void test_AtlComModuleGetClassObject(void)
     ok(hr == CLASS_E_CLASSNOTAVAILABLE, "Unexpected hr %#lx.\n", hr);
 }
 
+static void test_AtlComModuleRegisterClassObjects(void)
+{
+    _ATL_OBJMAP_ENTRY *null_entry = NULL;
+    _ATL_COM_MODULE module;
+    HRESULT hr;
+
+    /* Test NULL module */
+    hr = AtlComModuleRegisterClassObjects(NULL, CLSCTX_INPROC_SERVER, REGCLS_MULTIPLEUSE);
+    ok(hr == E_INVALIDARG, "Unexpected hr %#lx.\n", hr);
+
+    /* Test NULL m_ppAutoObjMapFirst and m_ppAutoObjMapLast */
+    module.cbSize = sizeof(module);
+    module.m_ppAutoObjMapFirst = NULL;
+    module.m_ppAutoObjMapLast = NULL;
+    hr = AtlComModuleRegisterClassObjects(&module, CLSCTX_INPROC_SERVER, REGCLS_MULTIPLEUSE);
+    todo_wine_if(hr == S_OK)
+    ok(hr == S_FALSE, "Unexpected hr %#lx.\n", hr);
+
+    /* Test m_ppAutoObjMapFirst and m_ppAutoObjMapLast both pointing to a NULL entry */
+    module.cbSize = sizeof(module);
+    module.m_ppAutoObjMapFirst = &null_entry;
+    module.m_ppAutoObjMapLast = &null_entry;
+    hr = AtlComModuleRegisterClassObjects(&module, CLSCTX_INPROC_SERVER, REGCLS_MULTIPLEUSE);
+    todo_wine_if(hr == S_OK)
+    ok(hr == S_FALSE, "Unexpected hr %#lx.\n", hr);
+}
+
 START_TEST(atl)
 {
     if (!register_class())
@@ -1104,6 +1131,7 @@ START_TEST(atl)
     test_AtlAxAttachControl();
     test_AtlAxCreateControl();
     test_AtlComModuleGetClassObject();
+    test_AtlComModuleRegisterClassObjects();
 
     CoUninitialize();
 }
diff --git a/dlls/atl110/tests/atl.c b/dlls/atl110/tests/atl.c
index 12f3518b429..57e7f5b9b21 100644
--- a/dlls/atl110/tests/atl.c
+++ b/dlls/atl110/tests/atl.c
@@ -30,6 +30,7 @@
 #include <wine/test.h>
 
 static HRESULT (WINAPI *pAtlComModuleGetClassObject)(_ATL_COM_MODULE *, REFCLSID, REFIID, void **);
+static HRESULT (WINAPI *pAtlComModuleRegisterClassObjects)(_ATL_COM_MODULE *, DWORD, DWORD);
 
 static HMODULE atl110;
 
@@ -39,6 +40,7 @@ static void init_functions(void)
 
 #define X(f) p##f = (void *)GetProcAddress(atl110, #f);
     X(AtlComModuleGetClassObject)
+    X(AtlComModuleRegisterClassObjects)
 #undef X
 }
 
@@ -74,12 +76,46 @@ static void test_AtlComModuleGetClassObject(void)
     ok(hr == CLASS_E_CLASSNOTAVAILABLE, "Unexpected hr %#lx.\n", hr);
 }
 
+static void test_AtlComModuleRegisterClassObjects(void)
+{
+    _ATL_OBJMAP_ENTRY_EX *null_entry = NULL;
+    _ATL_COM_MODULE module;
+    HRESULT hr;
+
+    if (!pAtlComModuleRegisterClassObjects)
+    {
+        win_skip("AtlComModuleRegisterClassObjects() is unavailable.\n");
+        return;
+    }
+
+    /* Test NULL module */
+    hr = pAtlComModuleRegisterClassObjects(NULL, CLSCTX_INPROC_SERVER, REGCLS_MULTIPLEUSE);
+    ok(hr == E_INVALIDARG, "Unexpected hr %#lx.\n", hr);
+
+    /* Test NULL m_ppAutoObjMapFirst and m_ppAutoObjMapLast */
+    module.cbSize = sizeof(module);
+    module.m_ppAutoObjMapFirst = NULL;
+    module.m_ppAutoObjMapLast = NULL;
+    hr = pAtlComModuleRegisterClassObjects(&module, CLSCTX_INPROC_SERVER, REGCLS_MULTIPLEUSE);
+    todo_wine_if(hr == S_OK)
+    ok(hr == S_FALSE, "Unexpected hr %#lx.\n", hr);
+
+    /* Test m_ppAutoObjMapFirst and m_ppAutoObjMapLast both pointing to a NULL entry */
+    module.cbSize = sizeof(module);
+    module.m_ppAutoObjMapFirst = &null_entry;
+    module.m_ppAutoObjMapLast = &null_entry;
+    hr = pAtlComModuleRegisterClassObjects(&module, CLSCTX_INPROC_SERVER, REGCLS_MULTIPLEUSE);
+    todo_wine_if(hr == S_OK)
+    ok(hr == S_FALSE, "Unexpected hr %#lx.\n", hr);
+}
+
 START_TEST(atl)
 {
     CoInitialize(NULL);
     init_functions();
 
     test_AtlComModuleGetClassObject();
+    test_AtlComModuleRegisterClassObjects();
 
     FreeLibrary(atl110);
     CoUninitialize();

-- 
GitLab


https://gitlab.winehq.org/wine/wine/-/merge_requests/358