comctl32: realloc or free and alloc

Nikolay Sivov bunglehead at gmail.com
Sun May 1 12:55:43 CDT 2011


On 5/1/2011 21:49, Alexey Fisher wrote:
> On So, 2011-05-01 at 19:11 +0400, Nikolay Sivov wrote:
>> On 5/1/2011 13:07, Alexey Fisher wrote:
>>> There is a new patch in the attachment.
>>>    BOOL Str_SetPtrAtoW (LPWSTR *lppDest, LPCSTR lpSrc)
>>>    {
>>> -    TRACE("(%p %s)\n", lppDest, lpSrc);
>>> +    TRACE("(%p, %s)\n", *lppDest, debugstr_a(lpSrc));
>>> +
>>> +    if (*lppDest) {
>>> +        ERR("lppDest should be NULL!");
>>> +        return FALSE;
>>> +    }
>> It's an internal call, so it's better to require a caller to pass valid
>> parameters. That's why ERR is too much here, cause you completely
>> control passed parameters in a first place.
> The problem is, this function return FALSE if some thing going wrong,
> but caller never check it. So if we pass fresh not NULL, not Alloc'd
> pointer. We have some garbage in pointers target before the call. After
> ReAlloc and Str_SetPtrAtoW failed, caller continues to use old pointers
> target, also old garbage. The App get garbage instead of the string and
> will crash in some conditions. This all make it hard to find the cause
> of the crash.
I'll try to explain again.

Str_SetPtrAtoW() is not a public API call, so it's not accessible directly from outside
comctl32. My request to you was to provide a simple test application that uses some comctl32 controls
presumably and indirectly makes use of this call (and fails for some reason you'll trying to find).

>> Please open a bug with a test C application so we can look at initial
>> problem.
> Das Not ReAllocing not Alloc'd memory is bug? or it is future?
It depends.
> Here is part of man realloc:
>
>> realloc() changes the size of the memory block pointed  to  by  ptr  to
>>         size  bytes.   The contents will be unchanged to the minimum of the old
>>         and new sizes; newly allocated memory will be uninitialized.  If ptr is
>>         NULL,  then  the  call is equivalent to malloc(size), for all values of
>>         size; if size is equal to zero, and ptr is not NULL, then the  call  is
>>         equivalent  to  free(ptr).   Unless  ptr  is  NULL,  it  must have been
>>         returned by an earlier call to malloc(), calloc() or realloc().  If the
>>         area pointed to was moved, a free(ptr) is done.
> This is irrelevant here.




More information about the wine-devel mailing list