From a1b2fc2a80cc1e389e3a248bd67559b7ca9b6ce9 Mon Sep 17 00:00:00 2001 From: Gerard Patel Date: Wed, 10 May 2000 01:34:53 +0000 Subject: [PATCH] Protect against use of comctl32 private control memory after it has been freed. --- dlls/comctl32/animate.c | 4 ++++ dlls/comctl32/comboex.c | 6 +++++- dlls/comctl32/header.c | 5 ++++- dlls/comctl32/hotkey.c | 5 ++++- dlls/comctl32/ipaddress.c | 4 ++++ dlls/comctl32/listview.c | 4 ++++ dlls/comctl32/monthcal.c | 5 ++++- dlls/comctl32/pager.c | 5 ++++- dlls/comctl32/progress.c | 4 +++- dlls/comctl32/rebar.c | 5 ++++- dlls/comctl32/status.c | 6 +++++- dlls/comctl32/tab.c | 6 ++++++ dlls/comctl32/tooltips.c | 5 ++++- dlls/comctl32/trackbar.c | 4 ++++ dlls/comctl32/updown.c | 5 +++-- 15 files changed, 62 insertions(+), 11 deletions(-) diff --git a/dlls/comctl32/animate.c b/dlls/comctl32/animate.c index 47f27a4c9aa..e243af9a068 100644 --- a/dlls/comctl32/animate.c +++ b/dlls/comctl32/animate.c @@ -604,6 +604,7 @@ static LRESULT ANIMATE_Destroy(HWND hWnd, WPARAM wParam, LPARAM lParam) /* free animate info data */ COMCTL32_Free(infoPtr); + SetWindowLongA(hWnd, 0, 0); FreeLibrary(hModWinmm); return 0; @@ -643,6 +644,9 @@ static LRESULT WINAPI ANIMATE_Size(HWND hWnd, WPARAM wParam, LPARAM lParam) static LRESULT WINAPI ANIMATE_WindowProc(HWND hWnd, UINT uMsg, WPARAM wParam, LPARAM lParam) { + TRACE("hwnd=%x msg=%x wparam=%x lparam=%lx\n", hWnd, uMsg, wParam, lParam); + if (!ANIMATE_GetInfoPtr(hWnd) && (uMsg != WM_NCCREATE)) + return DefWindowProcA(hWnd, uMsg, wParam, lParam); switch (uMsg) { case ACM_OPENA: diff --git a/dlls/comctl32/comboex.c b/dlls/comctl32/comboex.c index 6ff7a32b75c..3144ab0e238 100644 --- a/dlls/comctl32/comboex.c +++ b/dlls/comctl32/comboex.c @@ -201,7 +201,7 @@ COMBOEX_Destroy (HWND hwnd, WPARAM wParam, LPARAM lParam) /* free comboex info data */ COMCTL32_Free (infoPtr); - + SetWindowLongA (hwnd, 0, 0); return 0; } @@ -224,6 +224,10 @@ COMBOEX_Size (HWND hwnd, WPARAM wParam, LPARAM lParam) static LRESULT WINAPI COMBOEX_WindowProc (HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lParam) { + TRACE("hwnd=%x msg=%x wparam=%x lParam=%lx\n", hwnd, uMsg, wParam, lParam); + if (!COMBOEX_GetInfoPtr (hwnd) && (uMsg != WM_CREATE)) + return DefWindowProcA (hwnd, uMsg, wParam, lParam); + switch (uMsg) { /* case CBEM_DELETEITEM: */ diff --git a/dlls/comctl32/header.c b/dlls/comctl32/header.c index b30556deb46..800e1fa7d8e 100644 --- a/dlls/comctl32/header.c +++ b/dlls/comctl32/header.c @@ -1130,7 +1130,7 @@ HEADER_Destroy (HWND hwnd, WPARAM wParam, LPARAM lParam) ImageList_Destroy (infoPtr->himl); COMCTL32_Free (infoPtr); - + SetWindowLongA (hwnd, 0, 0); return 0; } @@ -1454,6 +1454,9 @@ HEADER_SetFont (HWND hwnd, WPARAM wParam, LPARAM lParam) static LRESULT WINAPI HEADER_WindowProc (HWND hwnd, UINT msg, WPARAM wParam, LPARAM lParam) { + TRACE("hwnd=%x msg=%x wparam=%x lParam=%lx\n", hwnd, msg, wParam, lParam); + if (!HEADER_GetInfoPtr (hwnd) && (msg != WM_CREATE)) + return DefWindowProcA (hwnd, msg, wParam, lParam); switch (msg) { case HDM_CREATEDRAGIMAGE: return HEADER_CreateDragImage (hwnd, wParam); diff --git a/dlls/comctl32/hotkey.c b/dlls/comctl32/hotkey.c index c7dd58c1d18..a0cbc81fe4d 100644 --- a/dlls/comctl32/hotkey.c +++ b/dlls/comctl32/hotkey.c @@ -66,7 +66,7 @@ HOTKEY_Destroy (HWND hwnd, WPARAM wParam, LPARAM lParam) /* free hotkey info data */ COMCTL32_Free (infoPtr); - + SetWindowLongA (hwnd, 0, 0); return 0; } @@ -269,6 +269,9 @@ HOTKEY_SysKeyUp (HWND hwnd, WPARAM wParam, LPARAM lParam) static LRESULT WINAPI HOTKEY_WindowProc (HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lParam) { + TRACE("hwnd=%x msg=%x wparam=%x lparam=%lx\n", hwnd, uMsg, wParam, lParam); + if (!HOTKEY_GetInfoPtr (hwnd) && (uMsg != WM_CREATE)) + return DefWindowProcA (hwnd, uMsg, wParam, lParam); switch (uMsg) { /* case HKM_GETHOTKEY: */ diff --git a/dlls/comctl32/ipaddress.c b/dlls/comctl32/ipaddress.c index a0bddb965e8..e052e9bdd2a 100644 --- a/dlls/comctl32/ipaddress.c +++ b/dlls/comctl32/ipaddress.c @@ -140,6 +140,7 @@ IPADDRESS_Destroy (HWND hwnd, WPARAM wParam, LPARAM lParam) } COMCTL32_Free (infoPtr); + SetWindowLongA (hwnd, 0, 0); return 0; } @@ -594,6 +595,9 @@ IPADDRESS_SubclassProc (HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lParam) static LRESULT WINAPI IPADDRESS_WindowProc (HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lParam) { + TRACE("hwnd=%x msg=%x wparam=%x lparam=%lx\n", hwnd, uMsg, wParam, lParam); + if (!IPADDRESS_GetInfoPtr (hwnd) && (uMsg != WM_CREATE)) + return DefWindowProcA (hwnd, uMsg, wParam, lParam); switch (uMsg) { case IPM_CLEARADDRESS: diff --git a/dlls/comctl32/listview.c b/dlls/comctl32/listview.c index 44cde993f92..587df82d98e 100644 --- a/dlls/comctl32/listview.c +++ b/dlls/comctl32/listview.c @@ -6710,6 +6710,7 @@ static LRESULT LISTVIEW_NCDestroy(HWND hwnd) /* free listview info pointer*/ COMCTL32_Free(infoPtr); + SetWindowLongA(hwnd, 0, 0); return 0; } @@ -7300,6 +7301,9 @@ static INT LISTVIEW_StyleChanged(HWND hwnd, WPARAM wStyleType, static LRESULT WINAPI LISTVIEW_WindowProc(HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lParam) { + TRACE("hwnd=%x uMsg=%x wParam=%x lParam=%lx\n", hwnd, uMsg, wParam, lParam); + if (!GetWindowLongA(hwnd, 0) && (uMsg != WM_NCCREATE)) + return DefWindowProcA( hwnd, uMsg, wParam, lParam ); switch (uMsg) { case LVM_APPROXIMATEVIEWRECT: diff --git a/dlls/comctl32/monthcal.c b/dlls/comctl32/monthcal.c index 1556b332544..4cab52a2096 100644 --- a/dlls/comctl32/monthcal.c +++ b/dlls/comctl32/monthcal.c @@ -1621,7 +1621,7 @@ MONTHCAL_Destroy(HWND hwnd, WPARAM wParam, LPARAM lParam) /* free month calendar info data */ COMCTL32_Free(infoPtr); - + SetWindowLongA(hwnd, 0, 0); return 0; } @@ -1629,6 +1629,9 @@ MONTHCAL_Destroy(HWND hwnd, WPARAM wParam, LPARAM lParam) static LRESULT WINAPI MONTHCAL_WindowProc(HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lParam) { + TRACE("hwnd=%x msg=%x wparam=%x lparam=%lx\n", hwnd, uMsg, wParam, lParam); + if (!MONTHCAL_GetInfoPtr(hwnd) && (uMsg != WM_CREATE)) + return DefWindowProcA(hwnd, uMsg, wParam, lParam); switch(uMsg) { case MCM_GETCURSEL: diff --git a/dlls/comctl32/pager.c b/dlls/comctl32/pager.c index 0b299f28a33..c1161aa09a3 100644 --- a/dlls/comctl32/pager.c +++ b/dlls/comctl32/pager.c @@ -230,7 +230,7 @@ PAGER_Destroy (HWND hwnd, WPARAM wParam, LPARAM lParam) /* free pager info data */ COMCTL32_Free (infoPtr); - + SetWindowLongA (hwnd, 0, 0); return 0; } @@ -290,6 +290,9 @@ PAGER_Size (HWND hwnd, WPARAM wParam, LPARAM lParam) static LRESULT WINAPI PAGER_WindowProc (HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lParam) { + TRACE("hwnd=%x msg=%x wparam=%x lparam=%lx\n", hwnd, uMsg, wParam, lParam); + if (!PAGER_GetInfoPtr (hwnd) && (uMsg != WM_CREATE)) + return DefWindowProcA (hwnd, uMsg, wParam, lParam); switch (uMsg) { case PGM_FORWARDMOUSE: diff --git a/dlls/comctl32/progress.c b/dlls/comctl32/progress.c index bd22757d7ce..792bab2995c 100644 --- a/dlls/comctl32/progress.c +++ b/dlls/comctl32/progress.c @@ -198,7 +198,8 @@ static LRESULT WINAPI ProgressWindowProc(HWND hwnd, UINT message, { PROGRESS_INFO *infoPtr = PROGRESS_GetInfoPtr(hwnd); UINT temp; - + if (!infoPtr && (message != WM_CREATE)) + return DefWindowProcA( hwnd, message, wParam, lParam ); switch(message) { case WM_NCCREATE: @@ -229,6 +230,7 @@ static LRESULT WINAPI ProgressWindowProc(HWND hwnd, UINT message, case WM_DESTROY: TRACE("Progress Ctrl destruction, hwnd=%04x\n", hwnd); COMCTL32_Free (infoPtr); + SetWindowLongA(hwnd, 0, 0); break; case WM_ERASEBKGND: diff --git a/dlls/comctl32/rebar.c b/dlls/comctl32/rebar.c index 289f68fc54b..fac8b528d0a 100644 --- a/dlls/comctl32/rebar.c +++ b/dlls/comctl32/rebar.c @@ -1680,7 +1680,7 @@ REBAR_Destroy (HWND hwnd, WPARAM wParam, LPARAM lParam) /* free rebar info data */ COMCTL32_Free (infoPtr); - + SetWindowLongA (hwnd, 0, 0); TRACE("destroyed!\n"); return 0; } @@ -1886,6 +1886,9 @@ REBAR_Size (HWND hwnd, WPARAM wParam, LPARAM lParam) static LRESULT WINAPI REBAR_WindowProc (HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lParam) { + TRACE("hwnd=%x msg=%x wparam=%x lparam=%lx\n", hwnd, uMsg, wParam, lParam); + if (!REBAR_GetInfoPtr (hwnd) && (uMsg != WM_CREATE)) + return DefWindowProcA (hwnd, uMsg, wParam, lParam); switch (uMsg) { /* case RB_BEGINDRAG: */ diff --git a/dlls/comctl32/status.c b/dlls/comctl32/status.c index c5f440c226d..cbd33474677 100644 --- a/dlls/comctl32/status.c +++ b/dlls/comctl32/status.c @@ -901,7 +901,7 @@ STATUSBAR_WMDestroy (HWND hwnd) DestroyWindow (self->hwndToolTip); COMCTL32_Free (self); - + SetWindowLongA(hwnd, 0, 0); return 0; } @@ -1098,6 +1098,10 @@ STATUSBAR_SendNotify (HWND hwnd, UINT code) static LRESULT WINAPI StatusWindowProc (HWND hwnd, UINT msg, WPARAM wParam, LPARAM lParam) { + TRACE("hwnd=%x msg=%x wparam=%x lparam=%lx\n", hwnd, msg, wParam, lParam); + if (!(STATUSBAR_GetInfoPtr(hwnd)) && (msg != WM_CREATE)) + return DefWindowProcA (hwnd, msg, wParam, lParam); + switch (msg) { case SB_GETBORDERS: return STATUSBAR_GetBorders (lParam); diff --git a/dlls/comctl32/tab.c b/dlls/comctl32/tab.c index e0d31ccb5c5..a72d443bf5e 100644 --- a/dlls/comctl32/tab.c +++ b/dlls/comctl32/tab.c @@ -1931,12 +1931,18 @@ TAB_Destroy (HWND hwnd, WPARAM wParam, LPARAM lParam) DestroyWindow(infoPtr->hwndUpDown); COMCTL32_Free (infoPtr); + SetWindowLongA(hwnd, 0, 0); return 0; } static LRESULT WINAPI TAB_WindowProc (HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lParam) { + + TRACE("hwnd=%x msg=%x wParam=%x lParam=%lx\n", hwnd, uMsg, wParam, lParam); + if (!TAB_GetInfoPtr(hwnd) && (uMsg != WM_CREATE)) + return DefWindowProcA (hwnd, uMsg, wParam, lParam); + switch (uMsg) { case TCM_GETIMAGELIST: diff --git a/dlls/comctl32/tooltips.c b/dlls/comctl32/tooltips.c index cb2bba9126a..b5107efe9ca 100644 --- a/dlls/comctl32/tooltips.c +++ b/dlls/comctl32/tooltips.c @@ -1961,7 +1961,7 @@ TOOLTIPS_Destroy (HWND hwnd, WPARAM wParam, LPARAM lParam) /* free tool tips info data */ COMCTL32_Free (infoPtr); - + SetWindowLongA(hwnd, 0, 0); return 0; } @@ -2233,6 +2233,9 @@ TOOLTIPS_SubclassProc (HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lParam) static LRESULT CALLBACK TOOLTIPS_WindowProc (HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lParam) { + TRACE("hwnd=%x msg=%x wparam=%x lParam=%lx\n", hwnd, uMsg, wParam, lParam); + if (!(TOOLTIPS_GetInfoPtr(hwnd) && (uMsg != WM_CREATE))) + return DefWindowProcA (hwnd, uMsg, wParam, lParam); switch (uMsg) { case TTM_ACTIVATE: diff --git a/dlls/comctl32/trackbar.c b/dlls/comctl32/trackbar.c index 77ed28ae100..2b786d22c72 100644 --- a/dlls/comctl32/trackbar.c +++ b/dlls/comctl32/trackbar.c @@ -1118,6 +1118,7 @@ TRACKBAR_Destroy (HWND hwnd, WPARAM wParam, LPARAM lParam) DestroyWindow (infoPtr->hwndToolTip); COMCTL32_Free (infoPtr); + SetWindowLongA (hwnd, 0, 0); return 0; } @@ -1449,6 +1450,9 @@ TRACKBAR_KeyUp (HWND hwnd, WPARAM wParam) static LRESULT WINAPI TRACKBAR_WindowProc (HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lParam) { + TRACE("hwnd=%x msg=%x wparam=%x lparam=%lx\n", hwnd, uMsg, wParam, lParam); + if (!TRACKBAR_GetInfoPtr (hwnd) && (uMsg != WM_CREATE)) + return DefWindowProcA (hwnd, uMsg, wParam, lParam); switch (uMsg) { case TBM_CLEARSEL: diff --git a/dlls/comctl32/updown.c b/dlls/comctl32/updown.c index 686adad9db5..3f914962286 100644 --- a/dlls/comctl32/updown.c +++ b/dlls/comctl32/updown.c @@ -699,7 +699,8 @@ static LRESULT WINAPI UpDownWindowProc(HWND hwnd, UINT message, WPARAM wParam, UPDOWN_INFO *infoPtr = UPDOWN_GetInfoPtr (hwnd); DWORD dwStyle = GetWindowLongA (hwnd, GWL_STYLE); int temp; - + if (!infoPtr && (message != WM_CREATE) && (message != WM_NCCREATE)) + return DefWindowProcA (hwnd, message, wParam, lParam); switch(message) { case WM_NCCREATE: @@ -733,7 +734,7 @@ static LRESULT WINAPI UpDownWindowProc(HWND hwnd, UINT message, WPARAM wParam, RemovePropA(infoPtr->Buddy, BUDDY_UPDOWN_HWND); COMCTL32_Free (infoPtr); - + SetWindowLongA (hwnd, 0, 0); TRACE("UpDown Ctrl destruction, hwnd=%04x\n", hwnd); break; -- 2.11.4.GIT