From 8e90c6099eb2db2f7fc2aded317d76888cf1f4dc Mon Sep 17 00:00:00 2001
From: James Hawkins <truiken@gmail.com>
Date: Thu, 20 Sep 2007 01:49:26 -0500
Subject: [PATCH] kernel32: Don't crash accessing an invalid handle in
 GlobalSize.

---
 dlls/kernel32/heap.c       | 6 +++++-
 dlls/kernel32/tests/heap.c | 7 +++++++
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/dlls/kernel32/heap.c b/dlls/kernel32/heap.c
index b526af05960..9375a2ef8a8 100644
--- a/dlls/kernel32/heap.c
+++ b/dlls/kernel32/heap.c
@@ -807,7 +807,11 @@ SIZE_T WINAPI GlobalSize(HGLOBAL hmem)
    DWORD                retval;
    PGLOBAL32_INTERN     pintern;
 
-   if (!hmem) return 0;
+   if (!((ULONG_PTR)hmem >> 16))
+   {
+       SetLastError(ERROR_INVALID_HANDLE);
+       return 0;
+   }
 
    if(ISPOINTER(hmem))
    {
diff --git a/dlls/kernel32/tests/heap.c b/dlls/kernel32/tests/heap.c
index 34393e856a2..29398622709 100644
--- a/dlls/kernel32/tests/heap.c
+++ b/dlls/kernel32/tests/heap.c
@@ -197,6 +197,13 @@ START_TEST(heap)
     res = GlobalUnlock(gbl);
     ok(res == 1, "Expected 1, got %d\n", res);
 
+    /* GlobalSize on an invalid handle */
+    SetLastError(MAGIC_DEAD);
+    size = GlobalSize((HGLOBAL)0xc042);
+    ok(size == 0, "Expected 0, got %ld\n", size);
+    ok(GetLastError() == ERROR_INVALID_HANDLE,
+       "Expected ERROR_INVALID_HANDLE, got %d\n", GetLastError());
+
     /* ####################################### */
     /* Local*() functions */
     gbl = LocalAlloc(LMEM_MOVEABLE, 0);