Author: tkreuzer Date: Wed Oct 27 17:08:40 2010 New Revision: 49309 URL: http://svn.reactos.org/svn/reactos?rev=49309&view=rev Log: [WIN32K] Fix possible NULL pointer dereferences. Spotted by Amine Khaldi. Modified: trunk/reactos/subsystems/win32/win32k/ntuser/keyboard.c trunk/reactos/subsystems/win32/win32k/ntuser/message.c Modified: trunk/reactos/subsystems/win32/win32k/ntuser/keyboard.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/subsystems/win32/win32k/nt… ============================================================================== --- trunk/reactos/subsystems/win32/win32k/ntuser/keyboard.c [iso-8859-1] (original) +++ trunk/reactos/subsystems/win32/win32k/ntuser/keyboard.c [iso-8859-1] Wed Oct 27 17:08:40 2010 @@ -941,6 +941,12 @@ VscVkTable = KeyboardLayout->pVSCtoVK_E1; } + if (!VscVkTable) + { + DPRINT1("somethings wrong, Prefix=0x%x", Prefix); + return; + } + RawVk = 0xff; while (VscVkTable->Vsc) { Modified: trunk/reactos/subsystems/win32/win32k/ntuser/message.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/subsystems/win32/win32k/nt… ============================================================================== --- trunk/reactos/subsystems/win32/win32k/ntuser/message.c [iso-8859-1] (original) +++ trunk/reactos/subsystems/win32/win32k/ntuser/message.c [iso-8859-1] Wed Oct 27 17:08:40 2010 @@ -2492,18 +2492,23 @@ UserEnterExclusive(); /* Validate input */ - if (hWnd && (hWnd != INVALID_HANDLE_VALUE) && !(Window = UserGetWindowObject(hWnd))) - { - UserLeave(); - return FALSE; - } + if (hWnd && (hWnd != INVALID_HANDLE_VALUE)) + { + Window = UserGetWindowObject(hWnd); + if (!Window) + { + UserLeave(); + return FALSE; + } + } + switch(dwType) { case FNID_DEFWINDOWPROC: - UserRefObjectCo(Window, &Ref); + if (Window) UserRefObjectCo(Window, &Ref); lResult = IntDefWindowProc(Window, Msg, wParam, lParam, Ansi); Ret = TRUE; - UserDerefObjectCo(Window); + if (Window) UserDerefObjectCo(Window); break; case FNID_SENDNOTIFYMESSAGE: Ret = UserSendNotifyMessage(hWnd, Msg, wParam, lParam);