Zhiyi Zhang : atl: Avoid NULL pointer reference in AtlComModuleGetClassObject().

7 Jul 2022

Module: wine
Branch: master
Commit: 5739db59d4c9c379776257d99a3e447f078e43bf
URL:    https://source.winehq.org/git/wine.git/?a=commit;h=5739db59d4c9c379776257d99...
Author: Zhiyi Zhang zzhang@codeweavers.com
Date:   Tue Jun 28 11:57:28 2022 +0800
atl: Avoid NULL pointer reference in AtlComModuleGetClassObject().
Signed-off-by: Zhiyi Zhang zzhang@codeweavers.com
---
configure                     |  1 +
 configure.ac                  |  1 +
 dlls/atl/atl.c                |  4 +--
 dlls/atl100/tests/atl.c       | 27 ++++++++++++++++++
 dlls/atl110/tests/Makefile.in |  6 ++++
 dlls/atl110/tests/atl.c       | 65 +++++++++++++++++++++++++++++++++++++++++++
 6 files changed, 102 insertions(+), 2 deletions(-)

diff --git a/configure b/configure
index e563a2f9502..d60418ff60a 100755
--- a/configure
+++ b/configure
@@ -21227,6 +21227,7 @@ wine_fn_config_makefile dlls/atl/tests enable_tests
 wine_fn_config_makefile dlls/atl100 enable_atl100
 wine_fn_config_makefile dlls/atl100/tests enable_tests
 wine_fn_config_makefile dlls/atl110 enable_atl110
+wine_fn_config_makefile dlls/atl110/tests enable_tests
 wine_fn_config_makefile dlls/atl80 enable_atl80
 wine_fn_config_makefile dlls/atl80/tests enable_tests
 wine_fn_config_makefile dlls/atl90 enable_atl90
diff --git a/configure.ac b/configure.ac
index d5791bab7b1..5ea0d9120f0 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2394,6 +2394,7 @@ WINE_CONFIG_MAKEFILE(dlls/atl/tests)
 WINE_CONFIG_MAKEFILE(dlls/atl100)
 WINE_CONFIG_MAKEFILE(dlls/atl100/tests)
 WINE_CONFIG_MAKEFILE(dlls/atl110)
+WINE_CONFIG_MAKEFILE(dlls/atl110/tests)
 WINE_CONFIG_MAKEFILE(dlls/atl80)
 WINE_CONFIG_MAKEFILE(dlls/atl80/tests)
 WINE_CONFIG_MAKEFILE(dlls/atl90)
diff --git a/dlls/atl/atl.c b/dlls/atl/atl.c
index 87a24e33ed7..d501e7a6d76 100644
--- a/dlls/atl/atl.c
+++ b/dlls/atl/atl.c
@@ -482,7 +482,7 @@ HRESULT WINAPI AtlComModuleGetClassObject(_ATL_COM_MODULE *pm, REFCLSID rclsid,
         return E_INVALIDARG;
for(iter = pm->m_ppAutoObjMapFirst; iter < pm->m_ppAutoObjMapLast; iter++) {
-        if(IsEqualCLSID((*iter)->pclsid, rclsid) && (*iter)->pfnGetClassObject) {
+        if(*iter && IsEqualCLSID((*iter)->pclsid, rclsid) && (*iter)->pfnGetClassObject) {
             if(!(*iter)->pCF)
                 hres = (*iter)->pfnGetClassObject((*iter)->pfnCreateInstance, &IID_IUnknown, (void**)&(*iter)->pCF);
             if((*iter)->pCF)
@@ -507,7 +507,7 @@ HRESULT WINAPI AtlComModuleGetClassObject(_ATL_COM_MODULE *pm, REFCLSID rclsid,
         return E_INVALIDARG;
for(iter = pm->m_ppAutoObjMapFirst; iter < pm->m_ppAutoObjMapLast; iter++) {
-        if(IsEqualCLSID((*iter)->pclsid, rclsid) && (*iter)->pfnGetClassObject) {
+        if(*iter && IsEqualCLSID((*iter)->pclsid, rclsid) && (*iter)->pfnGetClassObject) {
             if(!(*iter)->pCache->pCF)
                 hres = (*iter)->pfnGetClassObject((*iter)->pfnCreateInstance, &IID_IUnknown, (void**)&(*iter)->pCache->pCF);
             if((*iter)->pCache->pCF)
diff --git a/dlls/atl100/tests/atl.c b/dlls/atl100/tests/atl.c
index e161878f8ea..e002af0d24c 100644
--- a/dlls/atl100/tests/atl.c
+++ b/dlls/atl100/tests/atl.c
@@ -1062,6 +1062,32 @@ static void test_AtlAxCreateControl(void)
     DestroyWindow(hwnd);
 }
+static void test_AtlComModuleGetClassObject(void)
+{
+    _ATL_OBJMAP_ENTRY *null_entry = NULL;
+    _ATL_COM_MODULE module;
+    HRESULT hr;
+    void *ret;
+
+    /* Test NULL module */
+    hr = AtlComModuleGetClassObject(NULL, &GUID_NULL, &IID_NULL, &ret);
+    ok(hr == E_INVALIDARG, "Unexpected hr %#lx.\n", hr);
+
+    /* Test NULL m_ppAutoObjMapFirst and m_ppAutoObjMapLast */
+    module.cbSize = sizeof(module);
+    module.m_ppAutoObjMapFirst = NULL;
+    module.m_ppAutoObjMapLast = NULL;
+    hr = AtlComModuleGetClassObject(&module, &GUID_NULL, &IID_NULL, &ret);
+    ok(hr == CLASS_E_CLASSNOTAVAILABLE, "Unexpected hr %#lx.\n", hr);
+
+    /* Test m_ppAutoObjMapFirst and m_ppAutoObjMapLast both pointing to a NULL entry */
+    module.cbSize = sizeof(module);
+    module.m_ppAutoObjMapFirst = &null_entry;
+    module.m_ppAutoObjMapLast = &null_entry;
+    hr = AtlComModuleGetClassObject(&module, &GUID_NULL, &IID_NULL, &ret);
+    ok(hr == CLASS_E_CLASSNOTAVAILABLE, "Unexpected hr %#lx.\n", hr);
+}
+
 START_TEST(atl)
 {
     if (!register_class())
@@ -1077,6 +1103,7 @@ START_TEST(atl)
     test_ax_win();
     test_AtlAxAttachControl();
     test_AtlAxCreateControl();
+    test_AtlComModuleGetClassObject();
CoUninitialize();
 }
diff --git a/dlls/atl110/tests/Makefile.in b/dlls/atl110/tests/Makefile.in
new file mode 100644
index 00000000000..6374117e1be
--- /dev/null
+++ b/dlls/atl110/tests/Makefile.in
@@ -0,0 +1,6 @@
+TESTDLL   = atl110.dll
+IMPORTS   = uuid ole32 atl110
+EXTRADEFS = -D_ATL_VER=_ATL_VER_110
+
+C_SRCS = \
+	atl.c
diff --git a/dlls/atl110/tests/atl.c b/dlls/atl110/tests/atl.c
new file mode 100644
index 00000000000..cb8f667596b
--- /dev/null
+++ b/dlls/atl110/tests/atl.c
@@ -0,0 +1,65 @@
+/*
+ * Copyright 2022 Zhiyi Zhang for CodeWeavers
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+#include <stdarg.h>
+#include <stdio.h>
+
+#define COBJMACROS
+#define CONST_VTABLE
+
+#include <windef.h>
+#include <winbase.h>
+#include <winuser.h>
+#include <atlbase.h>
+
+#include <wine/test.h>
+
+static void test_AtlComModuleGetClassObject(void)
+{
+    _ATL_OBJMAP_ENTRY_EX *null_entry = NULL;
+    _ATL_COM_MODULE module;
+    HRESULT hr;
+    void *ret;
+
+    /* Test NULL module */
+    hr = AtlComModuleGetClassObject(NULL, &GUID_NULL, &IID_NULL, &ret);
+    ok(hr == E_INVALIDARG, "Unexpected hr %#lx.\n", hr);
+
+    /* Test NULL m_ppAutoObjMapFirst and m_ppAutoObjMapLast */
+    module.cbSize = sizeof(module);
+    module.m_ppAutoObjMapFirst = NULL;
+    module.m_ppAutoObjMapLast = NULL;
+    hr = AtlComModuleGetClassObject(&module, &GUID_NULL, &IID_NULL, &ret);
+    ok(hr == CLASS_E_CLASSNOTAVAILABLE, "Unexpected hr %#lx.\n", hr);
+
+    /* Test m_ppAutoObjMapFirst and m_ppAutoObjMapLast both pointing to a NULL entry */
+    module.cbSize = sizeof(module);
+    module.m_ppAutoObjMapFirst = &null_entry;
+    module.m_ppAutoObjMapLast = &null_entry;
+    hr = AtlComModuleGetClassObject(&module, &GUID_NULL, &IID_NULL, &ret);
+    ok(hr == CLASS_E_CLASSNOTAVAILABLE, "Unexpected hr %#lx.\n", hr);
+}
+
+START_TEST(atl)
+{
+    CoInitialize(NULL);
+
+    test_AtlComModuleGetClassObject();
+
+    CoUninitialize();
+}

    

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

Zhiyi Zhang : atl: Avoid NULL pointer reference in AtlComModuleGetClassObject().