https://git.reactos.org/?p=reactos.git;a=commitdiff;h=7fff96e7fe64d3241c83f7...
commit 7fff96e7fe64d3241c83f7d866041758105b62cb Author: Muthu R Kumar muthu90tech@gmail.com AuthorDate: Sat Dec 31 07:53:02 2022 -0800 Commit: GitHub noreply@github.com CommitDate: Sat Dec 31 16:53:02 2022 +0100
[NTOBJSHEX] Return early from GetInfoFromPidl when pcidl is null in LPCITEMIDLIST (#4946)
This fixes a crash when attempting to drag-n-drop items from NTObject Namespace and System Registry. CORE-18480, CORE-18481 --- dll/shellext/ntobjshex/ntobjfolder.cpp | 7 ++++++- dll/shellext/ntobjshex/regfolder.cpp | 7 ++++++- 2 files changed, 12 insertions(+), 2 deletions(-)
diff --git a/dll/shellext/ntobjshex/ntobjfolder.cpp b/dll/shellext/ntobjshex/ntobjfolder.cpp index f4aef063103..32c031619da 100644 --- a/dll/shellext/ntobjshex/ntobjfolder.cpp +++ b/dll/shellext/ntobjshex/ntobjfolder.cpp @@ -516,8 +516,13 @@ BOOL CNtObjectFolder::IsFolder(const NtPidlEntry * info)
HRESULT CNtObjectFolder::GetInfoFromPidl(LPCITEMIDLIST pcidl, const NtPidlEntry ** pentry) { - NtPidlEntry * entry = (NtPidlEntry*) &(pcidl->mkid); + if (!pcidl) + { + DbgPrint("PCIDL is NULL\n"); + return E_INVALIDARG; + }
+ NtPidlEntry * entry = (NtPidlEntry*) &(pcidl->mkid); if (entry->cb < sizeof(NtPidlEntry)) { DbgPrint("PCIDL too small %l (required %l)\n", entry->cb, sizeof(NtPidlEntry)); diff --git a/dll/shellext/ntobjshex/regfolder.cpp b/dll/shellext/ntobjshex/regfolder.cpp index 83683f05171..ace12e5f173 100644 --- a/dll/shellext/ntobjshex/regfolder.cpp +++ b/dll/shellext/ntobjshex/regfolder.cpp @@ -469,8 +469,13 @@ BOOL CRegistryFolder::IsFolder(const RegPidlEntry * info)
HRESULT CRegistryFolder::GetInfoFromPidl(LPCITEMIDLIST pcidl, const RegPidlEntry ** pentry) { - RegPidlEntry * entry = (RegPidlEntry*) &(pcidl->mkid); + if (!pcidl) + { + DbgPrint("PCIDL is NULL\n"); + return E_INVALIDARG; + }
+ RegPidlEntry * entry = (RegPidlEntry*) &(pcidl->mkid); if (entry->cb < sizeof(RegPidlEntry)) { DbgPrint("PCIDL too small %l (required %l)\n", entry->cb, sizeof(RegPidlEntry));