Suspicious code in listview.c

Tue, 09 Jan 2001 16:30:34 -0800 



   While debugging an application it turned out that it was passing a
NULL pointer as the text field in some listview. We were doing a strlen
on it and crashed. See my 'listview fixes' patch on wine-patches.
   This got me checking for places where we use a pszText field without
checking for NULL and LPSTR_TEXTCALLBACK first. But I'm not very
familiar with listview.c so there's a couple of places where I can't
decide whether the code's assumptions are correct or not.
    It would be great if an expert could reassure me that the following
places are correct or confirm that something is wrong.

   (provided in the form of a patch as it was simpler for me to maintain
that way)

Index: dlls/comctl32/listview.c
===================================================================
RCS file: /home/wine/wine/dlls/comctl32/listview.c,v
retrieving revision 1.89
diff -u -r1.89 listview.c
--- dlls/comctl32/listview.c    2000/11/29 00:00:11     1.89
+++ dlls/comctl32/listview.c    2001/01/08 23:49:51
@@ -2849,7 +2849,7 @@
   }
 
   ExtTextOutA(hdc, rcItem.left, rcItem.top, textoutOptions, 
-              &rcItem, lvItem.pszText, lstrlenA(lvItem.pszText), NULL);
+              &rcItem, lvItem.pszText, lstrlenA(lvItem.pszText), NULL);
/* FIXME: could we have lvItem.pszText==NULL / LPSTR_TEXTCALLBACKA ? */
 
   if (Selected)
   {
@@ -3024,7 +3024,7 @@
   if (bImage)
     dwTextX += IMAGE_PADDING;
 
-  if (lvItem.pszText)
+  if (lvItem.pszText) /* FIXME: what if
lvItem.pszText==LPSTR_TEXTCALLBACKA ? */
     ExtTextOutA(hdc, dwTextX, rcItem.top, textoutOptions,
                 &rcItem, lvItem.pszText, lstrlenA(lvItem.pszText),
NULL);
 
@@ -5149,9 +5149,9 @@
 
   if (dispInfo.item.mask & LVIF_TEXT)
   {
-    if ((dispInfo.item.mask & LVIF_DI_SETITEM) && (ppszText != NULL))
+    if ((dispInfo.item.mask & LVIF_DI_SETITEM) && (ppszText != NULL))
/* FIXME: what if ppszText==LPSTR_TEXTCALLBACK? */
     {
-      Str_SetPtrA(ppszText, dispInfo.item.pszText);
+      Str_SetPtrA(ppszText, dispInfo.item.pszText); /* FIXME: or maybe
pszText==LPSTR_TEXTCALLBACK here? */
     }
     /* If lpLVItem->pszText==dispInfo.item.pszText a copy is
unnecessary, but */
     /* some apps give a new pointer in ListView_Notify so we can't be
sure.  */


-- 
François Gouget
[EMAIL PROTECTED]

Reply via email to