'oleaut32: Add some validation for the DISPPARAMS structure in'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       wine-patches
Subject:    oleaut32: Add some validation for the DISPPARAMS structure in
From:       Robert Shearman <rob () codeweavers ! com>
Date:       2006-07-31 15:44:02
Message-ID: 44CE2542.1040908 () codeweavers ! com
[Download RAW message or body]

---
  dlls/oleaut32/tests/typelib.c |    9 +++++++++
  dlls/oleaut32/typelib.c       |   14 ++++++++++++++
  2 files changed, 23 insertions(+), 0 deletions(-)

["4cf5bcfc26cb0d9027f9b5daf330388c0842fd94.diff" (text/x-patch)]

diff --git a/dlls/oleaut32/tests/typelib.c b/dlls/oleaut32/tests/typelib.c
index 30fa962..852d08d 100644
--- a/dlls/oleaut32/tests/typelib.c
+++ b/dlls/oleaut32/tests/typelib.c
@@ -461,6 +461,15 @@ static void test_TypeInfo(void)
     hr = ITypeInfo_Invoke(pTypeInfo, (void *)0xdeadbeef, dispidMember, \
                DISPATCH_PROPERTYGET, &dispparams, NULL, NULL, NULL);
     ok(hr == DISP_E_MEMBERNOTFOUND, "ITypeInfo_Invoke should have returned \
DISP_E_MEMBERNOTFOUND instead of 0x%08lx\n", hr);  
+    /* test NULL dispparams */
+    hr = ITypeInfo_Invoke(pTypeInfo, (void *)0xdeadbeef, dispidMember, \
DISPATCH_METHOD, NULL, NULL, NULL, NULL); +    ok(hr == E_INVALIDARG, \
"ITypeInfo_Invoke should have returned E_INVALIDARG instead of 0x%08lx\n", hr); +
+    /* test dispparams->cNamedArgs being bigger than dispparams->cArgs */
+    dispparams.cNamedArgs = 1;
+    hr = ITypeInfo_Invoke(pTypeInfo, (void *)0xdeadbeef, dispidMember, \
DISPATCH_METHOD, &dispparams, NULL, NULL, NULL); +    ok(hr == E_INVALIDARG, \
"ITypeInfo_Invoke should have returned E_INVALIDARG instead of 0x%08lx\n", hr); +
     ITypeInfo_Release(pTypeInfo);
 
     hr = ITypeLib_GetTypeInfoOfGuid(pTypeLib, &IID_IDispatch, &pTypeInfo);
diff --git a/dlls/oleaut32/typelib.c b/dlls/oleaut32/typelib.c
index c66017c..8b96c4a 100644
--- a/dlls/oleaut32/typelib.c
+++ b/dlls/oleaut32/typelib.c
@@ -5218,8 +5218,22 @@ static HRESULT WINAPI ITypeInfo_fnInvoke
     TRACE("(%p)(%p,id=%ld,flags=0x%08x,%p,%p,%p,%p)\n",
       This,pIUnk,memid,wFlags,pDispParams,pVarResult,pExcepInfo,pArgErr
     );
+
+    if (!pDispParams)
+    {
+        ERR("NULL pDispParams not allowed\n");
+        return E_INVALIDARG;
+    }
+
     dump_DispParms(pDispParams);
 
+    if (pDispParams->cNamedArgs > pDispParams->cArgs)
+    {
+        ERR("named argument array cannot be bigger than argument array (%d/%d)\n",
+            pDispParams->cNamedArgs, pDispParams->cArgs);
+        return E_INVALIDARG;
+    }
+
     /* we do this instead of using GetFuncDesc since it will return a fake
      * FUNCDESC for dispinterfaces and we want the real function description */
     for (pFuncInfo = This->funclist; pFuncInfo; pFuncInfo=pFuncInfo->next)





[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic