[reactos] 02/02: [USER32] Fix edit UAF by importing wine commit b40ddf42370e8344a862fbbc40384678db3871a9 - Ros-diffs

25 Feb 2023

https://git.reactos.org/?p=reactos.git;a=commitdiff;h=76753cd34290d35e001322...
commit 76753cd34290d35e001322a8043e0eb289654aae
Author:     Mark Jansen mark.jansen@reactos.org
AuthorDate: Tue Jan 31 18:12:52 2023 +0100
Commit:     Mark Jansen mark.jansen@reactos.org
CommitDate: Sat Feb 25 23:41:41 2023 +0100
[USER32] Fix edit UAF by importing wine commit b40ddf42370e8344a862fbbc40384678db3871a9
---
 win32ss/user/user32/controls/edit.c | 59 ++++++++++++++++++-------------------
 1 file changed, 29 insertions(+), 30 deletions(-)

diff --git a/win32ss/user/user32/controls/edit.c b/win32ss/user/user32/controls/edit.c
index 38e17fc12d1..a65a4d6dab3 100644
--- a/win32ss/user/user32/controls/edit.c
+++ b/win32ss/user/user32/controls/edit.c
@@ -161,17 +161,15 @@ typedef struct
 #define SWAP_UINT32(x,y) do { UINT temp = (UINT)(x); (x) = (UINT)(y); (y) = temp; } while(0)
 #define ORDER_UINT(x,y) do { if ((UINT)(y) < (UINT)(x)) SWAP_UINT32((x),(y)); } while(0)
-/* used for disabled or read-only edit control */
-#define EDIT_NOTIFY_PARENT(es, wNotifyCode) \
-	do \
-	{ /* Notify parent which has created this edit control */ \
-	    TRACE("notification " #wNotifyCode " sent to hwnd=%p\n", es->hwndParent); \
-	    SendMessageW(es->hwndParent, WM_COMMAND, \
-		     MAKEWPARAM(GetWindowLongPtrW((es->hwndSelf),GWLP_ID), wNotifyCode), \
-		     (LPARAM)(es->hwndSelf)); \
-	} while(0)
-
 static const WCHAR empty_stringW[] = {0};
+static inline BOOL notify_parent(const EDITSTATE *es, INT code)
+{
+    HWND hwnd = es->hwndSelf;
+    TRACE("notification %d sent to %p.\n", code, es->hwndParent);
+    SendMessageW(es->hwndParent, WM_COMMAND, MAKEWPARAM(GetWindowLongPtrW(es->hwndSelf, GWLP_ID), code), (LPARAM)es->hwndSelf);
+    return IsWindow(hwnd);
+}
+
 static LRESULT EDIT_EM_PosFromChar(EDITSTATE *es, INT index, BOOL after_wrap);
/*********************************************************************
@@ -1452,7 +1450,7 @@ static BOOL EDIT_MakeFit(EDITSTATE *es, UINT size)
if (es->buffer_size < size) {
    	WARN("FAILED !  We now have %d+1\n", es->buffer_size);
-		EDIT_NOTIFY_PARENT(es, EN_ERRSPACE);
+		notify_parent(es, EN_ERRSPACE);
    	return FALSE;
    } else {
    	TRACE("We now have %d+1\n", es->buffer_size);
@@ -1499,7 +1497,7 @@ static void EDIT_UpdateTextRegion(EDITSTATE *es, HRGN hrgn, BOOL bErase)
 {
     if (es->flags & EF_UPDATE) {
         es->flags &= ~EF_UPDATE;
-        EDIT_NOTIFY_PARENT(es, EN_UPDATE);
+        if (!notify_parent(es, EN_UPDATE)) return;
     }
     InvalidateRgn(es->hwndSelf, hrgn, bErase);
 }
@@ -1514,7 +1512,7 @@ static void EDIT_UpdateText(EDITSTATE *es, const RECT *rc, BOOL bErase)
 {
     if (es->flags & EF_UPDATE) {
         es->flags &= ~EF_UPDATE;
-        EDIT_NOTIFY_PARENT(es, EN_UPDATE);
+        if (!notify_parent(es, EN_UPDATE)) return;
     }
     InvalidateRect(es->hwndSelf, rc, bErase);
 }
@@ -1790,9 +1788,9 @@ static BOOL EDIT_EM_LineScroll_internal(EDITSTATE *es, INT dx, INT dy)
    	EDIT_UpdateScrollInfo(es);
    }
    if (dx && !(es->flags & EF_HSCROLL_TRACK))
-		EDIT_NOTIFY_PARENT(es, EN_HSCROLL);
+		notify_parent(es, EN_HSCROLL);
    if (dy && !(es->flags & EF_VSCROLL_TRACK))
-		EDIT_NOTIFY_PARENT(es, EN_VSCROLL);
+		notify_parent(es, EN_VSCROLL);
    return TRUE;
 }
@@ -2652,8 +2650,9 @@ static void EDIT_EM_ReplaceSel(EDITSTATE *es, BOOL can_undo, LPCWSTR lpsz_replac
/* Issue the EN_MAXTEXT notification and continue with replacing text
          * so that buffer limit is honored. */
-	if ((honor_limit) && (size > es->buffer_limit)) {
-		EDIT_NOTIFY_PARENT(es, EN_MAXTEXT);
+	if ((honor_limit) && (size > es->buffer_limit))
+	{
+		if (!notify_parent(es, EN_MAXTEXT)) return;
    	/* Buffer limit can be smaller than the actual length of text in combobox */
    	if (es->buffer_limit < (tl - (e-s)))
    		strl = 0;
@@ -2711,7 +2710,7 @@ static void EDIT_EM_ReplaceSel(EDITSTATE *es, BOOL can_undo, LPCWSTR lpsz_replac
    		strl = 0;
    		e = s;
    		hrgn = CreateRectRgn(0, 0, 0, 0);
-			EDIT_NOTIFY_PARENT(es, EN_MAXTEXT);
+			if (!notify_parent(es, EN_MAXTEXT)) return;
    	}
    }
    else {
@@ -2728,7 +2727,7 @@ static void EDIT_EM_ReplaceSel(EDITSTATE *es, BOOL can_undo, LPCWSTR lpsz_replac
    			EDIT_CalcLineWidth_SL(es);
    		}
                         text_buffer_changed(es);
-			EDIT_NOTIFY_PARENT(es, EN_MAXTEXT);
+			if (!notify_parent(es, EN_MAXTEXT)) return;
    	}
    }
    
@@ -2819,7 +2818,7 @@ static void EDIT_EM_ReplaceSel(EDITSTATE *es, BOOL can_undo, LPCWSTR lpsz_replac
         if(send_update || (es->flags & EF_UPDATE))
    {
        es->flags &= ~EF_UPDATE;
-	    EDIT_NOTIFY_PARENT(es, EN_CHANGE);
+	    if (!notify_parent(es, EN_CHANGE)) return;
    }
    EDIT_InvalidateUniscribeData(es);
 }
@@ -3119,7 +3118,7 @@ static BOOL EDIT_EM_Undo(EDITSTATE *es)
    EDIT_EM_ReplaceSel(es, TRUE, utext, TRUE, TRUE);
    EDIT_EM_SetSel(es, es->undo_position, es->undo_position + es->undo_insert_count, FALSE);
         /* send the notification after the selection start and end are set */
-        EDIT_NOTIFY_PARENT(es, EN_CHANGE);
+        if (!notify_parent(es, EN_CHANGE)) return TRUE;
    EDIT_EM_ScrollCaret(es);
    HeapFree(GetProcessHeap(), 0, utext);
@@ -3654,9 +3653,9 @@ static LRESULT EDIT_WM_KillFocus(EDITSTATE *es)
    /* throw away left over scroll when we lose focus */
    es->wheelDeltaRemainder = 0;
-	if (es->hwndListBox == NULL)
-		EDIT_NOTIFY_PARENT(es, EN_KILLFOCUS);
-	else
+	if (es->hwndListBox == NULL) {
+		if (!notify_parent(es, EN_KILLFOCUS)) return 0;
+	} else
    { /* send the undocumented WM_CBLOSTTEXTFOCUS message to combobox */
    	hCombo = GetParent(es->hwndSelf);
    	lStyles = GetWindowLong(hCombo, GWL_STYLE);
@@ -3668,7 +3667,7 @@ static LRESULT EDIT_WM_KillFocus(EDITSTATE *es)
         DestroyCaret();
         if(!(es->style & ES_NOHIDESEL))
                 EDIT_InvalidateText(es, es->selection_start, es->selection_end);
-        EDIT_NOTIFY_PARENT(es, EN_KILLFOCUS);
+        if (!notify_parent(es, EN_KILLFOCUS)) return 0;
         /* throw away left over scroll when we lose focus */
         es->wheelDeltaRemainder = 0;
 #endif
@@ -3917,7 +3916,7 @@ static void EDIT_WM_SetFocus(EDITSTATE *es)
    EDIT_SetCaretPos(es, es->selection_end,
    		 es->flags & EF_AFTER_WRAP);
    ShowCaret(es->hwndSelf);
-	EDIT_NOTIFY_PARENT(es, EN_SETFOCUS);
+	notify_parent(es, EN_SETFOCUS);
 }
@@ -4029,8 +4028,8 @@ static void EDIT_WM_SetText(EDITSTATE *es, LPCWSTR text, BOOL unicode)
      */
     if( !((es->style & ES_MULTILINE) || es->hwndListBox))
     {
-        EDIT_NOTIFY_PARENT(es, EN_UPDATE);
-        EDIT_NOTIFY_PARENT(es, EN_CHANGE);
+        if (!notify_parent(es, EN_UPDATE)) return;
+        if (!notify_parent(es, EN_CHANGE)) return;
     }
     EDIT_EM_ScrollCaret(es);
     EDIT_UpdateScrollInfo(es);    
@@ -4231,7 +4230,7 @@ static LRESULT EDIT_WM_HScroll(EDITSTATE *es, INT action, INT pos)
    	if (!dx) {
    		/* force scroll info update */
    		EDIT_UpdateScrollInfo(es);
-			EDIT_NOTIFY_PARENT(es, EN_HSCROLL);
+			notify_parent(es, EN_HSCROLL);
    	}
    	break;
    case SB_ENDSCROLL:
@@ -4354,7 +4353,7 @@ static LRESULT EDIT_WM_VScroll(EDITSTATE *es, INT action, INT pos)
    	{
    		/* force scroll info update */
    		EDIT_UpdateScrollInfo(es);
-			EDIT_NOTIFY_PARENT(es, EN_VSCROLL);
+			notify_parent(es, EN_VSCROLL);
    	}
    	break;
    case SB_ENDSCROLL:

    