From af4009d2fd264887ad6acc6e15e968c85155d730 Mon Sep 17 00:00:00 2001
From: Felix Nawothnig <felix.nawothnig@t-online.de>
Date: Mon, 11 Jul 2005 10:22:33 +0000
Subject: [PATCH] Check structure size and fix return values in
 EM_GETCHARFORMAT.

---
 dlls/riched20/editor.c | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/dlls/riched20/editor.c b/dlls/riched20/editor.c
index 7f29b1b810a..ab15df0b106 100644
--- a/dlls/riched20/editor.c
+++ b/dlls/riched20/editor.c
@@ -1076,14 +1076,19 @@ LRESULT WINAPI RichEditANSIWndProc(HWND hWnd, UINT msg, WPARAM wParam, LPARAM lP
   }
   case EM_GETCHARFORMAT:
   {
-    CHARFORMAT2W tmp;
+    CHARFORMAT2W tmp, *dst = (CHARFORMAT2W *)lParam;
+    if (dst->cbSize != sizeof(CHARFORMATA) &&
+        dst->cbSize != sizeof(CHARFORMATW) &&
+        dst->cbSize != sizeof(CHARFORMAT2A) &&
+        dst->cbSize != sizeof(CHARFORMAT2W))
+      return 0;
     tmp.cbSize = sizeof(tmp);
     if (!wParam)
       ME_GetDefaultCharFormat(editor, &tmp);
     else
       ME_GetSelectionCharFormat(editor, &tmp);
-    ME_CopyToCFAny((CHARFORMAT2W *)lParam, &tmp);
-    return 0;
+    ME_CopyToCFAny(dst, &tmp);
+    return tmp.dwMask;
   }
   case EM_SETPARAFORMAT:
     ME_SetSelectionParaFormat(editor, (PARAFORMAT2 *)lParam);