[ros-diffs] [reactos] 02/02: [USER32] RegisterClassExWOWW/ExA: NULL or IS_ATOM class are treated the same. (#5291)

21 May 2023

https://git.reactos.org/?p=reactos.git;a=commitdiff;h=44e1d875963adf4521790b...
commit 44e1d875963adf4521790b36229950175c5af213
Author:     Hermès Bélusca-Maïto hermes.belusca-maito@reactos.org
AuthorDate: Thu May 18 22:47:26 2023 +0200
Commit:     Hermès Bélusca-Maïto hermes.belusca-maito@reactos.org
CommitDate: Sun May 21 19:35:19 2023 +0200
[USER32] RegisterClassExWOWW/ExA: NULL or IS_ATOM class are treated the same. (#5291)
CORE-18978
Fixes NULL pointer access when e.g. class.lpszClassName == NULL and
    the class is registered. The RegisterClass(ExA/W/...) should return 0
    instead of throwing an invalid access exception.
However, providing an invalid pointer will trigger a crash.
---
 win32ss/user/user32/windows/class.c | 57 ++++++++++++++++++-------------------
 1 file changed, 27 insertions(+), 30 deletions(-)

diff --git a/win32ss/user/user32/windows/class.c b/win32ss/user/user32/windows/class.c
index df11d1692f1..6abaf350bc1 100644
--- a/win32ss/user/user32/windows/class.c
+++ b/win32ss/user/user32/windows/class.c
@@ -1310,32 +1310,28 @@ RegisterClassExWOWW(WNDCLASSEXW *lpwcx,
     RtlCopyMemory(&WndClass, lpwcx, sizeof(*lpwcx));
RtlInitEmptyAnsiString(&AnsiMenuName, NULL, 0);
-    if (WndClass.lpszMenuName != NULL)
+    if (!IS_INTRESOURCE(WndClass.lpszMenuName))
     {
-        if (!IS_INTRESOURCE(WndClass.lpszMenuName))
+        if (WndClass.lpszMenuName[0])
         {
-            if (WndClass.lpszMenuName[0])
-            {
-               RtlInitUnicodeString(&MenuName, WndClass.lpszMenuName);
-               RtlUnicodeStringToAnsiString( &AnsiMenuName, &MenuName, TRUE);
-            }
-        }
-        else
-        {
-            MenuName.Buffer = (LPWSTR)WndClass.lpszMenuName;
-             AnsiMenuName.Buffer = (PCHAR)WndClass.lpszMenuName;
+            RtlInitUnicodeString(&MenuName, WndClass.lpszMenuName);
+            RtlUnicodeStringToAnsiString(&AnsiMenuName, &MenuName, TRUE);
         }
     }
+    else
+    {
+        MenuName.Buffer = (LPWSTR)WndClass.lpszMenuName;
+        AnsiMenuName.Buffer = (PCHAR)WndClass.lpszMenuName;
+    }
-    if (IS_ATOM(WndClass.lpszClassName))
+    if (WndClass.lpszClassName && !IS_ATOM(WndClass.lpszClassName))
     {
-        ClassName.Length =
-        ClassName.MaximumLength = 0;
-        ClassName.Buffer = (LPWSTR)WndClass.lpszClassName;
+        RtlInitUnicodeString(&ClassName, WndClass.lpszClassName);
     }
     else
     {
-        RtlInitUnicodeString(&ClassName, WndClass.lpszClassName);
+        ClassName.Length = ClassName.MaximumLength = 0;
+        ClassName.Buffer = (LPWSTR)WndClass.lpszClassName;
     }
ClassVersion = ClassName;
@@ -1373,35 +1369,36 @@ RegisterClassExWOWW(WNDCLASSEXW *lpwcx,
 ATOM WINAPI
 RegisterClassExA(CONST WNDCLASSEXA *lpwcx)
 {
-    RTL_ATOM Atom;
+    ATOM Atom;
     WNDCLASSEXW WndClass;
     WCHAR mname[MAX_BUFFER_LEN];
     WCHAR cname[MAX_BUFFER_LEN];
+    C_ASSERT(sizeof(WndClass) == sizeof(*lpwcx));
+
     RtlCopyMemory(&WndClass, lpwcx, sizeof(*lpwcx));
-    if (WndClass.lpszMenuName != NULL)
+    if (WndClass.lpszMenuName && !IS_INTRESOURCE(WndClass.lpszMenuName))
     {
-        if (!IS_INTRESOURCE(WndClass.lpszMenuName))
+        if (WndClass.lpszMenuName[0])
         {
-            if (WndClass.lpszMenuName[0])
-            {
-                if (!MultiByteToWideChar( CP_ACP, 0, lpwcx->lpszMenuName, -1, mname, MAX_ATOM_LEN + 1 )) return 0;
+            if (!MultiByteToWideChar(CP_ACP, 0, lpwcx->lpszMenuName, -1, mname, MAX_ATOM_LEN + 1 ))
+                return 0;
-                WndClass.lpszMenuName = mname;
-            }
+            WndClass.lpszMenuName = mname;
         }
     }
-    if (!IS_ATOM(WndClass.lpszClassName))
+    if (WndClass.lpszClassName && !IS_ATOM(WndClass.lpszClassName))
     {
-        if (!MultiByteToWideChar( CP_ACP, 0, lpwcx->lpszClassName, -1, cname, MAX_ATOM_LEN + 1 )) return 0;
+        if (!MultiByteToWideChar(CP_ACP, 0, lpwcx->lpszClassName, -1, cname, MAX_ATOM_LEN + 1 ))
+            return 0;
WndClass.lpszClassName = cname;
     }
Atom = RegisterClassExWOWW(&WndClass,
-                               0,
+                               NULL,
                                0,
                                CSF_ANSIPROC,
                                TRUE);
@@ -1410,7 +1407,7 @@ RegisterClassExA(CONST WNDCLASSEXA *lpwcx)
            Atom, lpwcx->lpfnWndProc, lpwcx->hInstance, lpwcx->hbrBackground,
            lpwcx->style, lpwcx->cbClsExtra, lpwcx->cbWndExtra, WndClass);
-    return (ATOM)Atom;
+    return Atom;
 }
/*
@@ -1421,7 +1418,7 @@ RegisterClassExW(CONST WNDCLASSEXW *lpwcx)
 {
     ATOM Atom;
-    Atom = RegisterClassExWOWW((WNDCLASSEXW *)lpwcx, 0, 0, 0, TRUE);
+    Atom = RegisterClassExWOWW((WNDCLASSEXW *)lpwcx, NULL, 0, 0, TRUE);
TRACE("W atom=%04x wndproc=%p hinst=%p bg=%p style=%08x clsExt=%d winExt=%d\n",
           Atom, lpwcx->lpfnWndProc, lpwcx->hInstance, lpwcx->hbrBackground,

    

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

[ros-diffs] [reactos] 02/02: [USER32] RegisterClassExWOWW/ExA: NULL or IS_ATOM class are treated the same. (#5291)