https://git.reactos.org/?p=reactos.git;a=commitdiff;h=1061e7f7db44b73711ae7…
commit 1061e7f7db44b73711ae7fe05a53cc77e672b861
Author: Whindmar Saksit <whindsaks(a)proton.me>
AuthorDate: Tue Aug 13 20:57:58 2024 +0200
Commit: GitHub <noreply(a)github.com>
CommitDate: Tue Aug 13 20:57:58 2024 +0200
[BROWSEUI] Don't access callers invalid PIDL during browse (#7242)
The interaction between the shell browser and its address bar causes the browser to read from a freed PIDL, sometimes causing a crash.
CORE-19697
---
dll/win32/browseui/shellbrowser.cpp | 13 ++++++++++++-
1 file changed, 12 insertions(+), 1 deletion(-)
diff --git a/dll/win32/browseui/shellbrowser.cpp b/dll/win32/browseui/shellbrowser.cpp
index 00fbb06e07b..219767387cb 100644
--- a/dll/win32/browseui/shellbrowser.cpp
+++ b/dll/win32/browseui/shellbrowser.cpp
@@ -1034,6 +1034,10 @@ HRESULT CShellBrowser::BrowseToPath(IShellFolder *newShellFolder,
if (FAILED_UNEXPECTEDLY(hResult))
return hResult;
+ if (FAILED_UNEXPECTEDLY(hResult = SHILClone(absolutePIDL, &absolutePIDL)))
+ return hResult;
+ CComHeapPtr<ITEMIDLIST> pidlAbsoluteClone(const_cast<LPITEMIDLIST>(absolutePIDL));
+
// update history
if (flags & BTP_UPDATE_CUR_HISTORY)
{
@@ -1078,7 +1082,14 @@ HRESULT CShellBrowser::BrowseToPath(IShellFolder *newShellFolder,
// update current pidl
ILFree(fCurrentDirectoryPIDL);
- fCurrentDirectoryPIDL = ILClone(absolutePIDL);
+ fCurrentDirectoryPIDL = pidlAbsoluteClone.Detach();
+ /* CORE-19697: CAddressEditBox::OnWinEvent(CBN_SELCHANGE) causes CAddressEditBox to
+ * call BrowseObject(pidlLastParsed). As part of our browsing we call FireNavigateComplete
+ * and this in turn causes CAddressEditBox::Invoke to ILFree(pidlLastParsed)!
+ * We then call SHBindToParent on absolutePIDL (which is really (the now invalid) pidlLastParsed) and we
+ * end up accessing invalid memory! We therefore set absolutePIDL to be our cloned PIDL here.
+ */
+ absolutePIDL = fCurrentDirectoryPIDL;
// create view window
hResult = newShellView->CreateViewWindow(saveCurrentShellView, folderSettings,
https://git.reactos.org/?p=reactos.git;a=commitdiff;h=07a76b3dec662f32f883a…
commit 07a76b3dec662f32f883a119a339333c523f7eb1
Author: George Bișoc <george.bisoc(a)reactos.org>
AuthorDate: Mon Aug 12 14:08:12 2024 +0200
Commit: George Bișoc <george.bisoc(a)reactos.org>
CommitDate: Tue Aug 13 14:17:04 2024 +0200
[STOBJECT] Do not report the remaining battery capacity if it is unknown
Support for system batteries in ReactOS is really minimal to the point of non-existing. We are detecting the presence of any upcoming battery but since there's lacking in critical code that deals with communication
between PO and the battery class driver as the battery systray icon uses GetSystemPowerStatus to gather battery info which in turn inquires the power manager via NtPowerInformation(SystemBatteryState), we have
to report to the user that the remaining capacity is unknown rather than returning a pseudo capacity value.
Technically this so called "pesudo" value is just a construct denoted as BATTERY_PERCENTAGE_UNKNOWN. Not reporting the actual remaining capacity makes sense, as there could be a scenario where the battery may not
properly report its real datum, therefore it's best to be honest to the user what's really going on.
CORE-19452
CORE-18969
---
dll/shellext/stobject/power.cpp | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/dll/shellext/stobject/power.cpp b/dll/shellext/stobject/power.cpp
index 9d80665dc87..ecae456b66e 100644
--- a/dll/shellext/stobject/power.cpp
+++ b/dll/shellext/stobject/power.cpp
@@ -90,6 +90,12 @@ static HICON DynamicLoadIcon(HINSTANCE hinst)
}
if (((PowerStatus.BatteryFlag & BATTERY_FLAG_NO_BATTERY) == 0) &&
+ (PowerStatus.BatteryLifePercent == BATTERY_PERCENTAGE_UNKNOWN))
+ {
+ hBatIcon = LoadIcon(hinst, MAKEINTRESOURCE(IDI_BATTCAP_ERR));
+ g_strTooltip.LoadStringW(IDS_PWR_UNKNOWN_REMAINING);
+ }
+ else if (((PowerStatus.BatteryFlag & BATTERY_FLAG_NO_BATTERY) == 0) &&
((PowerStatus.BatteryFlag & BATTERY_FLAG_CHARGING) == BATTERY_FLAG_CHARGING))
{
index = Quantize(PowerStatus.BatteryLifePercent);