From 9e72a0994675e0f7c972dc85fab7f3d1503ec3f8 Mon Sep 17 00:00:00 2001
From: Lee Jeonghun <jeonghun@outlook.com>
Date: Mon, 26 Aug 2019 16:30:52 +0900
Subject: [PATCH] Fix a crash when DialogBoxIndirectParamA is called

---
 user/dialog.c  | 10 +++++++---
 user/message.c | 10 +++++++---
 2 files changed, 14 insertions(+), 6 deletions(-)

diff --git a/user/dialog.c b/user/dialog.c
index 4b304bc6239..1a2bc3d044f 100644
--- a/user/dialog.c
+++ b/user/dialog.c
@@ -401,6 +401,7 @@ static BOOL DIALOG_CreateControls16Ex(HWND hwnd, LPCSTR template,
 	INT items = dlgTemplate->nbItems;
 	dlgItemTemplate32 = (BYTE*) (((DWORD)dlgItemTemplate32 + 3) & ~((DWORD)3));
 	WORD *dlgItemTemplatew;
+	BOOL rscIdWorkaround;
 	TRACE(" BEGIN\n");
 	while (items--)
 	{
@@ -416,13 +417,16 @@ static BOOL DIALOG_CreateControls16Ex(HWND hwnd, LPCSTR template,
 		dlgItemTemplatew = (WORD*)(dlgItemTemplate32 + 1);
         info.className = win32classname(hInst, info.className);
 		copy_widestr(info.className, &dlgItemTemplatew);
+        rscIdWorkaround = FALSE;
         if (!HIWORD(info.windowName))
         {
             char buffer[512];
             if (((dlgItemTemplate32->style & 0xF) == SS_ICON || (dlgItemTemplate32->style & 0xF) == SS_BITMAP) && stricmp(info.className, "STATIC") == 0)
             {
-                sprintf(buffer, "#%d", (int)info.windowName);
-                copy_widestr(buffer, &dlgItemTemplatew);
+                rscIdWorkaround = TRUE;
+                *dlgItemTemplatew++ = 0x0000;
+                *dlgItemTemplatew++ = sizeof(WORD) * 2;
+                *dlgItemTemplatew++ = LOWORD(info.windowName);
             }
             else
             {
@@ -444,7 +448,7 @@ static BOOL DIALOG_CreateControls16Ex(HWND hwnd, LPCSTR template,
             *((LPCVOID*)dlgItemTemplatew) = MAKESEGPTR(SELECTOROF(base16), OFFSETOF(base16) + (WORD)((SIZE_T)info.data - base32));
 			dlgItemTemplatew += 2;
 		}
-		else
+		else if (!rscIdWorkaround)
 		{
 			*dlgItemTemplatew++ = 0;
 		}
diff --git a/user/message.c b/user/message.c
index 0efb6478b79..b0cfbdb8676 100644
--- a/user/message.c
+++ b/user/message.c
@@ -4388,17 +4388,21 @@ LRESULT CALLBACK WndProcRetHook(int code, WPARAM wParam, LPARAM lParam)
                     {
                     case SS_ICON:
                     {
+                        char rsc_id[32];
+                        sprintf(rsc_id, "#%d", (int)cs->lpCreateParams);
                         SetWindowTextA(hwnd, "");
-                        HICON16 icon = LoadIcon16(HINSTANCE_16(cs->hInstance), cs->lpszName);
-                        if (!icon) icon = LoadCursor16(HINSTANCE_16(cs->hInstance), cs->lpszName);
+                        HICON16 icon = LoadIcon16(HINSTANCE_16(cs->hInstance), rsc_id);
+                        if (!icon) icon = LoadCursor16(HINSTANCE_16(cs->hInstance), rsc_id);
                         if (icon) wow_handlers32.static_proc(hwnd, STM_SETIMAGE, IMAGE_ICON,
                             (LPARAM)get_icon_32(icon), FALSE);
                         break;
                     }
                     case SS_BITMAP:
                     {
+                        char rsc_id[32];
+                        sprintf(rsc_id, "#%d", (int)cs->lpCreateParams);
                         SetWindowTextA(hwnd, "");
-                        HBITMAP16 bitmap = LoadBitmap16(HINSTANCE_16(cs->hInstance), cs->lpszName);
+                        HBITMAP16 bitmap = LoadBitmap16(HINSTANCE_16(cs->hInstance), rsc_id);
                         if (bitmap) wow_handlers32.static_proc(hwnd, STM_SETIMAGE, IMAGE_BITMAP,
                             (LPARAM)HBITMAP_32(bitmap), FALSE);
                         break;