Re: shell32: check cbSize in Shell_NotifyIconW to make apps sending garbage work (fixes bug #7940)
"Mikolaj Zalewski" <mikolaj(a)zalewski.pl> wrote:
+ /* The validation is also done in explorer. However we must also do it + * on the client size so that WM_COPYDATA doesn't crash the application + */ + if (nid->cbSize != NOTIFYICONDATAW_V1_SIZE && + nid->cbSize != NOTIFYICONDATAW_V2_SIZE && + nid->cbSize != NOTIFYICONDATAW_V3_SIZE && + nid->cbSize != sizeof(NOTIFYICONDATAW)) + { + WARN("Invalid size\n"); + return FALSE; + }
Do you have a test case for this? -- Dmitry.
Dmitry Timoshkov wrote:
"Mikolaj Zalewski" <mikolaj(a)zalewski.pl> wrote:
+ /* The validation is also done in explorer. However we must also do it + * on the client size so that WM_COPYDATA doesn't crash the application + */ + if (nid->cbSize != NOTIFYICONDATAW_V1_SIZE && + nid->cbSize != NOTIFYICONDATAW_V2_SIZE && + nid->cbSize != NOTIFYICONDATAW_V3_SIZE && + nid->cbSize != sizeof(NOTIFYICONDATAW)) + { + WARN("Invalid size\n"); + return FALSE; + }
Do you have a test case for this?
I was testing this but now I see my tests failed because the hWnd was invalid. With a valid hWnd this works even for an invalid cbSize, so this patch is wrong. I'll try to check tomorrow how that should be done correctly. Mikolaj Zalewski
participants (2)
-
Dmitry Timoshkov -
Mikołaj Zalewski