From: Hermès Bélusca-Maïto <hermes.belusca-maito@reactos.org>
Date: Sat, 8 Jun 2019 17:43:02 +0000 (+0200)
Subject: [SHELL32] Fix some NULL-pointers validation.
X-Git-Tag: 0.4.14-dev~842
X-Git-Url: https://git.reactos.org/?p=reactos.git;a=commitdiff_plain;h=ae2a85d003da762e4bcb232b15f1180333e5917a

[SHELL32] Fix some NULL-pointers validation.

- In the exported SHCreateDefaultContextMenu() and
  IDataObject_Constructor() functions (called amongst others by
  the exported CIDLData_CreateFromIDArray() function).

- In the exported SHCreateShellFolderView() function.

- In CDefView::GetItemObject(), where data was written to *ppvOut before
  ppvOut was being checked for NULL.
---

diff --git a/dll/win32/shell32/CDefView.cpp b/dll/win32/shell32/CDefView.cpp
index 334e0b36131..8541e56fa71 100644
--- a/dll/win32/shell32/CDefView.cpp
+++ b/dll/win32/shell32/CDefView.cpp
@@ -2419,6 +2419,9 @@ HRESULT WINAPI CDefView::GetItemObject(UINT uItem, REFIID riid, LPVOID *ppvOut)
 
     TRACE("(%p)->(uItem=0x%08x,\n\tIID=%s, ppv=%p)\n", this, uItem, debugstr_guid(&riid), ppvOut);
 
+    if (!ppvOut)
+        return E_INVALIDARG;
+
     *ppvOut = NULL;
 
     switch (uItem)
@@ -2426,9 +2429,6 @@ HRESULT WINAPI CDefView::GetItemObject(UINT uItem, REFIID riid, LPVOID *ppvOut)
         case SVGIO_BACKGROUND:
             if (IsEqualIID(riid, IID_IContextMenu))
             {
-                if (!ppvOut)
-                    hr = E_OUTOFMEMORY;
-
                 hr = CDefViewBckgrndMenu_CreateInstance(m_pSF2Parent, riid, ppvOut);
                 if (FAILED_UNEXPECTEDLY(hr))
                     return hr;
@@ -3449,13 +3449,14 @@ HRESULT WINAPI SHCreateShellFolderView(const SFV_CREATE *pcsfv,
     CComPtr<IShellView> psv;
     HRESULT hRes;
 
-    *ppsv = NULL;
-    if (!pcsfv || pcsfv->cbSize != sizeof(*pcsfv))
+    if (!ppsv || !pcsfv || pcsfv->cbSize != sizeof(*pcsfv))
         return E_INVALIDARG;
 
     TRACE("sf=%p outer=%p callback=%p\n",
       pcsfv->pshf, pcsfv->psvOuter, pcsfv->psfvcb);
 
+    *ppsv = NULL;
+
     hRes = CDefView_CreateInstance(pcsfv->pshf, IID_PPV_ARG(IShellView, &psv));
     if (FAILED(hRes))
         return hRes;
diff --git a/dll/win32/shell32/CDefaultContextMenu.cpp b/dll/win32/shell32/CDefaultContextMenu.cpp
index 93ce54c9843..a65e5a05ab3 100644
--- a/dll/win32/shell32/CDefaultContextMenu.cpp
+++ b/dll/win32/shell32/CDefaultContextMenu.cpp
@@ -1472,7 +1472,12 @@ HRESULT
 WINAPI
 SHCreateDefaultContextMenu(const DEFCONTEXTMENU *pdcm, REFIID riid, void **ppv)
 {
-    HRESULT hr = CDefaultContextMenu_CreateInstance(pdcm, NULL, riid, ppv);
+    HRESULT hr;
+
+    if (!ppv)
+        return E_INVALIDARG;
+
+    hr = CDefaultContextMenu_CreateInstance(pdcm, NULL, riid, ppv);
     if (FAILED_UNEXPECTEDLY(hr))
         return hr;
 
diff --git a/dll/win32/shell32/CIDLDataObj.cpp b/dll/win32/shell32/CIDLDataObj.cpp
index a446adaf7bd..a28aed1718e 100644
--- a/dll/win32/shell32/CIDLDataObj.cpp
+++ b/dll/win32/shell32/CIDLDataObj.cpp
@@ -410,6 +410,8 @@ HRESULT WINAPI CIDLDataObj::EndOperation(HRESULT hResult, IBindCtx *pbcReserved,
 */
 HRESULT IDataObject_Constructor(HWND hwndOwner, PCIDLIST_ABSOLUTE pMyPidl, PCUIDLIST_RELATIVE_ARRAY apidl, UINT cidl, IDataObject **dataObject)
 {
+    if (!dataObject)
+        return E_INVALIDARG;
     return ShellObjectCreatorInit<CIDLDataObj>(hwndOwner, pMyPidl, apidl, cidl, IID_PPV_ARG(IDataObject, dataObject));
 }