OLEAUT32: Fix regression in OLEFontImpl_Clone

[Alex Villací­s Lasso]

Alex Villací­s Lasso wrote:
> Lately, all VB6 applications crash on exit. This weekend, I found the 
> cause. Apparently the VB6 runtime creates a standard OLEFont object, 
> and then calls IFont::clone() on it to get a second object. At exit, 
> the VB6 runtime disposes of both objects. However, the recent OLEFont 
> changes introduced a bug in which the cloning fails to clone the 
> connection points associated with the object. Therefore the dispose of 
> one of the objects frees the connection points, and the dispose of the 
> second object crashes on attempt to dispose an already-freed object.
>
> Changelog:
>
> * Create new empty connection points on clone of OLEFont
>
> Alex Villacís Lasso
> ------------------------------------------------------------------------
>
> --- wine-0.9.8-cvs/dlls/oleaut32/olefont.c	2006-02-14 10:38:35.000000000 -0500
> +++ wine-0.9.8-cvs-patch/dlls/oleaut32/olefont.c	2006-02-18 18:40:01.000000000 -0500
> @@ -1113,6 +1113,19 @@
>    /* The cloned object starts with a reference count of 1 */
>    newObject->ref          = 1;
>  
> +  /* We need to clone the connection points too. */
> +  /* FIXME: should we just add a reference to the (shared) connection points? */
> +  newObject->pPropertyNotifyCP = NULL;
> +  newObject->pFontEventsCP = NULL;
> +  CreateConnectionPoint((IUnknown*)newObject, &IID_IPropertyNotifySink, &newObject->pPropertyNotifyCP);
> +  CreateConnectionPoint((IUnknown*)newObject, &IID_IFontEventsDisp, &newObject->pFontEventsCP);
> +
> +  if (!newObject->pPropertyNotifyCP || !newObject->pFontEventsCP)
> +  {
> +    OLEFontImpl_Destroy(newObject);
> +    return E_OUTOFMEMORY;
> +  }  
> +
>    *ppfont = (IFont*)newObject;
>  
>    return S_OK;
>   
>   
Is there anything wrong with this patch? Not applied, and nobody has 
commented on it either.

Alex Villacís Lasso