Fix heap corruption in quartz server registration
Christian Costa
titan.costa at wanadoo.fr
Fri Jan 21 03:43:12 CST 2005
Hi Mike,
Mike Hearn wrote:
>On Thu, 2005-01-20 at 20:32 +0100, Paul Vriens wrote:
>
>
>>Sorry, didn't help.
>>
>>I'm going to try Rob's suggestions now.
>>
>>
>
>This patch fixes it for me.
>
Thanks! :-)
>
>Mike Hearn <mh at codeweavers.com>
>Fix heap corruption in quartz server registration, add
>some whitespace, break out of loop if out of memory
>
>--- dlls/quartz/regsvr.c (revision 109)
>+++ dlls/quartz/regsvr.c (local)
>@@ -577,7 +577,6 @@ static HRESULT register_filters(struct r
> IFilterMapper2* pFM2 = NULL;
>
> CoInitialize(NULL);
>-
> hr = CoCreateInstance(&CLSID_FilterMapper2, NULL, CLSCTX_INPROC_SERVER, &IID_IFilterMapper2, (LPVOID*)&pFM2);
>
> if (SUCCEEDED(hr)) {
>@@ -585,6 +584,7 @@ static HRESULT register_filters(struct r
> REGFILTER2 rf2;
> REGFILTERPINS2* prfp2;
> int i;
>+
> for (i = 0; list->pins[i].flags != 0xFFFFFFFF; i++) ;
> rf2.dwVersion = 2;
> rf2.dwMerit = list->merit;
>@@ -598,6 +598,7 @@ static HRESULT register_filters(struct r
> REGPINTYPES* lpMediatype;
> CLSID* lpClsid;
> int j, nbmt;
>+
> for (nbmt = 0; list->pins[i].mediatypes[nbmt].majortype; nbmt++) ;
> /* Allocate a single buffer for regpintypes struct and clsids */
> lpMediatype = (REGPINTYPES*) CoTaskMemAlloc(nbmt*(sizeof(REGPINTYPES) + 2*sizeof(CLSID)));
>@@ -627,10 +628,17 @@ static HRESULT register_filters(struct r
> prfp2[i].clsPinCategory = NULL;
> }
>
>+ if (FAILED(hr)) {
>+ ERR("failed to register with hresult 0x%lx\n", hr);
>+ break;
>+ }
>+
>
You should free memory pointed by prfp2 in that case.
> hr = IFilterMapper2_RegisterFilter(pFM2, list->clsid, list->name, NULL, list->category, NULL, &rf2);
>
>- while (i--)
>+ while (i) {
> CoTaskMemFree((REGPINTYPES*)prfp2[i-1].lpMediaType);
>+ i--;
>+ }
>
Good catch!
> CoTaskMemFree(prfp2);
> }
> }
>
>
>
>
Bye,
Christian
More information about the wine-devel
mailing list