From bc2e37ba44dd8ac312352c20f3af7380bd99c988 Mon Sep 17 00:00:00 2001
From: Hans Leidekker <hans@it.vu.nl>
Date: Sun, 12 Nov 2006 16:17:48 +0100
Subject: [PATCH] shlwapi: UrlEscapeA should fail with E_POINTER when querying
 the buffer size.

---
 dlls/shlwapi/tests/path.c | 6 ++++++
 dlls/shlwapi/url.c        | 6 +++---
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/dlls/shlwapi/tests/path.c b/dlls/shlwapi/tests/path.c
index f7a2c4a19dc..9746fbca48f 100644
--- a/dlls/shlwapi/tests/path.c
+++ b/dlls/shlwapi/tests/path.c
@@ -476,7 +476,13 @@ static void test_url_canonicalize(const char *szUrl, DWORD dwFlags, HRESULT dwEx
 
 static void test_UrlEscape(void)
 {
+    DWORD size;
+    HRESULT ret;
     unsigned int i;
+
+    ret = UrlEscapeA("/woningplan/woonkamer basis.swf", NULL, &size, URL_ESCAPE_SPACES_ONLY);
+    ok(ret == E_POINTER, "got %x, expected %x\n", ret, E_POINTER);
+
     for(i=0; i<sizeof(TEST_ESCAPE)/sizeof(TEST_ESCAPE[0]); i++) {
         test_url_escape(TEST_ESCAPE[i].url, TEST_ESCAPE[i].flags,
                               TEST_ESCAPE[i].expectret, TEST_ESCAPE[i].expecturl);
diff --git a/dlls/shlwapi/url.c b/dlls/shlwapi/url.c
index 40dba6275c5..df8a96ff980 100644
--- a/dlls/shlwapi/url.c
+++ b/dlls/shlwapi/url.c
@@ -838,7 +838,7 @@ HRESULT WINAPI UrlEscapeA(
     }
     if(ret == S_OK) {
         RtlUnicodeToMultiByteSize(&lenA, escapedW, lenW * sizeof(WCHAR));
-        if(*pcchEscaped > lenA) {
+        if(pszEscaped && *pcchEscaped > lenA) {
             RtlUnicodeToMultiByteN(pszEscaped, *pcchEscaped - 1, &lenA, escapedW, lenW * sizeof(WCHAR));
             pszEscaped[lenA] = 0;
             *pcchEscaped = lenA;
@@ -967,8 +967,8 @@ HRESULT WINAPI UrlEscapeW(
     TRACE("(%s %p %p 0x%08x)\n", debugstr_w(pszUrl), pszEscaped,
 	  pcchEscaped, dwFlags);
 
-    if(!pszUrl || !pszEscaped || !pcchEscaped)
-	return E_INVALIDARG;
+    if(!pszUrl || !pcchEscaped)
+        return E_INVALIDARG;
 
     if(dwFlags & ~(URL_ESCAPE_SPACES_ONLY |
 		   URL_ESCAPE_SEGMENT_ONLY |