From 9e1fda187adf14484407838169833240797d8312 Mon Sep 17 00:00:00 2001
From: Alexandre Julliard <julliard@winehq.org>
Date: Sun, 3 Dec 2000 03:19:45 +0000
Subject: [PATCH] Fixed WINPROC_GetPtr() to always pass the start of the block
 to HeapValidate().

---
 windows/winproc.c | 34 ++++++++++++++++------------------
 1 file changed, 16 insertions(+), 18 deletions(-)

diff --git a/windows/winproc.c b/windows/winproc.c
index 88cb6f0e0e8..6d85498f694 100644
--- a/windows/winproc.c
+++ b/windows/winproc.c
@@ -260,32 +260,30 @@ static WINDOWPROC *WINPROC_GetPtr( WNDPROC16 handle )
     BYTE *ptr;
     WINDOWPROC *proc;
 
+    /* ptr cannot be < 64K */
+    if (!HIWORD(handle)) return NULL;
+
     /* Check for a linear pointer */
 
-    if (handle && HeapValidate( WinProcHeap, 0, (LPVOID)handle ))
-    {
-        ptr = (BYTE *)handle;
-        /* First check if it is the jmp address */
-        if (*ptr == 0xe9 /* jmp */) ptr -= (int)&((WINDOWPROC *)0)->jmp -
-                                           (int)&((WINDOWPROC *)0)->thunk;
-        /* Now it must be the thunk address */
-        if (*ptr == 0x58 /* popl eax */) ptr -= (int)&((WINDOWPROC *)0)->thunk;
-        /* Now we have a pointer to the WINDOWPROC struct */
-        if (((WINDOWPROC *)ptr)->magic == WINPROC_MAGIC)
-            return (WINDOWPROC *)ptr;
-    }
+    ptr = (BYTE *)handle;
+    /* First check if it is the jmp address */
+    proc = (WINDOWPROC *)(ptr - (int)&((WINDOWPROC *)0)->jmp);
+    if (HeapValidate( WinProcHeap, 0, proc ) && (proc->magic == WINPROC_MAGIC))
+        return proc;
+    /* Now it must be the thunk address */
+    proc = (WINDOWPROC *)(ptr - (int)&((WINDOWPROC *)0)->thunk);
+    if (HeapValidate( WinProcHeap, 0, proc ) && (proc->magic == WINPROC_MAGIC))
+        return proc;
 
     /* Check for a segmented pointer */
 
-    if (!IsBadReadPtr16((SEGPTR)handle,sizeof(WINDOWPROC)-sizeof(proc->thunk)))
+    if (!IsBadReadPtr16( (SEGPTR)handle, sizeof(proc->thunk) ))
     {
         ptr = (BYTE *)PTR_SEG_TO_LIN(handle);
-        if (!HeapValidate( WinProcHeap, 0, ptr )) return NULL;
         /* It must be the thunk address */
-        if (*ptr == 0x58 /* popl eax */) ptr -= (int)&((WINDOWPROC *)0)->thunk;
-        /* Now we have a pointer to the WINDOWPROC struct */
-        if (((WINDOWPROC *)ptr)->magic == WINPROC_MAGIC)
-            return (WINDOWPROC *)ptr;
+        proc = (WINDOWPROC *)(ptr - (int)&((WINDOWPROC *)0)->thunk);
+        if (HeapValidate( WinProcHeap, 0, proc ) && (proc->magic == WINPROC_MAGIC))
+            return proc;
     }
 
     return NULL;