https://git.reactos.org/?p=reactos.git;a=commitdiff;h=ae2a85d003da762e4bcb2… commit ae2a85d003da762e4bcb232b15f1180333e5917a Author: Hermès Bélusca-Maïto &lt;hermes.belusca-maito(a)reactos.org&gt; AuthorDate: Sat Jun 8 19:43:02 2019 +0200 Commit: Hermès Bélusca-Maïto &lt;hermes.belusca-maito(a)reactos.org&gt; CommitDate: Sat Jun 8 19:43:02 2019 +0200 [SHELL32] Fix some NULL-pointers validation. - In the exported SHCreateDefaultContextMenu() and IDataObject_Constructor() functions (called amongst others by the exported CIDLData_CreateFromIDArray() function). - In the exported SHCreateShellFolderView() function. - In CDefView::GetItemObject(), where data was written to *ppvOut before ppvOut was being checked for NULL. --- dll/win32/shell32/CDefView.cpp | 11 ++++++----- dll/win32/shell32/CDefaultContextMenu.cpp | 7 ++++++- dll/win32/shell32/CIDLDataObj.cpp | 2 ++ 3 files changed, 14 insertions(+), 6 deletions(-) diff --git a/dll/win32/shell32/CDefView.cpp b/dll/win32/shell32/CDefView.cpp index 334e0b3613..8541e56fa7 100644 --- a/dll/win32/shell32/CDefView.cpp +++ b/dll/win32/shell32/CDefView.cpp @@ -2419,6 +2419,9 @@ HRESULT WINAPI CDefView::GetItemObject(UINT uItem, REFIID riid, LPVOID *ppvOut) TRACE("(%p)->(uItem=0x%08x,\n\tIID=%s, ppv=%p)\n", this, uItem, debugstr_guid(&riid), ppvOut); + if (!ppvOut) + return E_INVALIDARG; + *ppvOut = NULL; switch (uItem) @@ -2426,9 +2429,6 @@ HRESULT WINAPI CDefView::GetItemObject(UINT uItem, REFIID riid, LPVOID *ppvOut) case SVGIO_BACKGROUND: if (IsEqualIID(riid, IID_IContextMenu)) { - if (!ppvOut) - hr = E_OUTOFMEMORY; - hr = CDefViewBckgrndMenu_CreateInstance(m_pSF2Parent, riid, ppvOut); if (FAILED_UNEXPECTEDLY(hr)) return hr; @@ -3449,13 +3449,14 @@ HRESULT WINAPI SHCreateShellFolderView(const SFV_CREATE *pcsfv, CComPtr<IShellView> psv; HRESULT hRes; - *ppsv = NULL; - if (!pcsfv || pcsfv->cbSize != sizeof(*pcsfv)) + if (!ppsv || !pcsfv || pcsfv->cbSize != sizeof(*pcsfv)) return E_INVALIDARG; TRACE("sf=%p outer=%p callback=%p\n", pcsfv->pshf, pcsfv->psvOuter, pcsfv->psfvcb); + *ppsv = NULL; + hRes = CDefView_CreateInstance(pcsfv->pshf, IID_PPV_ARG(IShellView, &psv)); if (FAILED(hRes)) return hRes; diff --git a/dll/win32/shell32/CDefaultContextMenu.cpp b/dll/win32/shell32/CDefaultContextMenu.cpp index 93ce54c984..a65e5a05ab 100644 --- a/dll/win32/shell32/CDefaultContextMenu.cpp +++ b/dll/win32/shell32/CDefaultContextMenu.cpp @@ -1472,7 +1472,12 @@ HRESULT WINAPI SHCreateDefaultContextMenu(const DEFCONTEXTMENU *pdcm, REFIID riid, void **ppv) { - HRESULT hr = CDefaultContextMenu_CreateInstance(pdcm, NULL, riid, ppv); + HRESULT hr; + + if (!ppv) + return E_INVALIDARG; + + hr = CDefaultContextMenu_CreateInstance(pdcm, NULL, riid, ppv); if (FAILED_UNEXPECTEDLY(hr)) return hr; diff --git a/dll/win32/shell32/CIDLDataObj.cpp b/dll/win32/shell32/CIDLDataObj.cpp index a446adaf7b..a28aed1718 100644 --- a/dll/win32/shell32/CIDLDataObj.cpp +++ b/dll/win32/shell32/CIDLDataObj.cpp @@ -410,6 +410,8 @@ HRESULT WINAPI CIDLDataObj::EndOperation(HRESULT hResult, IBindCtx *pbcReserved, */ HRESULT IDataObject_Constructor(HWND hwndOwner, PCIDLIST_ABSOLUTE pMyPidl, PCUIDLIST_RELATIVE_ARRAY apidl, UINT cidl, IDataObject **dataObject) { + if (!dataObject) + return E_INVALIDARG; return ShellObjectCreatorInit<CIDLDataObj>(hwndOwner, pMyPidl, apidl, cidl, IID_PPV_ARG(IDataObject, dataObject)); }