Rob Shearman : oleaut32: Fix invalid free of import library entry name with SLTG typelibs.

[Alexandre Julliard]

Module: wine
Branch: master
Commit: fc269433cefbddc1d727e508b3079c8c8015f752
URL:    http://source.winehq.org/git/wine.git/?a=commit;h=fc269433cefbddc1d727e508b3079c8c8015f752

Author: Rob Shearman <robertshearman at gmail.com>
Date:   Thu Aug 14 18:50:57 2008 +0100

oleaut32: Fix invalid free of import library entry name with SLTG typelibs.

Use TLB_MultiByteToBSTR to allocate import library entry name in
ITypeLib2_Constructor_MSFT as BSTR instead of a normal block of memory
to make the allocator the same as for SLTG typelibs. Free the name
with SysFreeString instead of TLB_Free.

---

 dlls/oleaut32/typelib.c |   32 ++++++++++++++------------------
 1 files changed, 14 insertions(+), 18 deletions(-)

diff --git a/dlls/oleaut32/typelib.c b/dlls/oleaut32/typelib.c
index b058dc5..d7139d2 100644
--- a/dlls/oleaut32/typelib.c
+++ b/dlls/oleaut32/typelib.c
@@ -1436,6 +1436,18 @@ static inline void TLB_FreeCustData(TLBCustData *pCustData)
     }
 }
 
+static BSTR TLB_MultiByteToBSTR(const char *ptr)
+{
+    DWORD len;
+    BSTR ret;
+
+    len = MultiByteToWideChar(CP_ACP, 0, ptr, -1, NULL, 0);
+    ret = SysAllocStringLen(NULL, len - 1);
+    if (!ret) return ret;
+    MultiByteToWideChar(CP_ACP, 0, ptr, -1, ret, len);
+    return ret;
+}
+
 /**********************************************************************
  *
  *  Functions for reading MSFT typelibs (those created by CreateTypeLib2)
@@ -2699,7 +2711,6 @@ static ITypeLib2* ITypeLib2_Constructor_MSFT(LPVOID pLib, DWORD dwTLBLength)
         while(offset < tlbSegDir.pImpFiles.offset +tlbSegDir.pImpFiles.length)
 	{
             char *name;
-            DWORD len;
 
             *ppImpLib = TLB_Alloc(sizeof(TLBImpLib));
             (*ppImpLib)->offset = offset - tlbSegDir.pImpFiles.offset;
@@ -2713,10 +2724,7 @@ static ITypeLib2* ITypeLib2_Constructor_MSFT(LPVOID pLib, DWORD dwTLBLength)
             size >>= 2;
             name = TLB_Alloc(size+1);
             MSFT_Read(name, size, &cx, DO_NOT_SEEK);
-            len = MultiByteToWideChar(CP_ACP, 0, name, -1, NULL, 0 );
-            (*ppImpLib)->name = TLB_Alloc(len * sizeof(WCHAR));
-            MultiByteToWideChar(CP_ACP, 0, name, -1, (*ppImpLib)->name, len );
-            TLB_Free(name);
+            (*ppImpLib)->name = TLB_MultiByteToBSTR(name);
 
             MSFT_ReadGuid(&(*ppImpLib)->guid, oGuid, &cx);
             offset = (offset + sizeof(INT) + sizeof(DWORD) + sizeof(LCID) + sizeof(UINT16) + size + 3) & ~3;
@@ -2750,18 +2758,6 @@ static ITypeLib2* ITypeLib2_Constructor_MSFT(LPVOID pLib, DWORD dwTLBLength)
 }
 
 
-static BSTR TLB_MultiByteToBSTR(const char *ptr)
-{
-    DWORD len;
-    BSTR ret;
-
-    len = MultiByteToWideChar(CP_ACP, 0, ptr, -1, NULL, 0);
-    ret = SysAllocStringLen(NULL, len - 1);
-    if (!ret) return ret;
-    MultiByteToWideChar(CP_ACP, 0, ptr, -1, ret, len);
-    return ret;
-}
-
 static BOOL TLB_GUIDFromString(const char *str, GUID *guid)
 {
   char b[3];
@@ -3875,7 +3871,7 @@ static ULONG WINAPI ITypeLib2_fnRelease( ITypeLib2 *iface)
       {
           if (pImpLib->pImpTypeLib)
               ITypeLib_Release((ITypeLib *)pImpLib->pImpTypeLib);
-          TLB_Free(pImpLib->name);
+          SysFreeString(pImpLib->name);
 
           pImpLibNext = pImpLib->next;
           TLB_Free(pImpLib);