riched20: Avoid releasing a non-existent interface.
Jactry Zeng
jactry92 at gmail.com
Thu Apr 17 02:59:10 CDT 2014
2014-04-17 11:54 GMT+08:00 Nikolay Sivov <bunglehead at gmail.com>:
>
> What you're doing is a violation of refcount handling. The rule is to
release what you got, without relying on internals like that. In this case
GetSelection() returns interface pointer and you're responsible in exactly
one Release() on it.
>
> Interesting thing to test would be to check if GetSelection() returns new
instance every time it's called. If this is a case it will justify some
code changes to support this, right now patch is wrong.
>
> If it actually returns same interface pointer you can't protect from
use-after-free because I can grab multiple references with several
GetSelection() calls, and when I'll try to release them it will be freed
already by a loop like that.
Yes, you are right. GetSelection() will not return a new pointer every time
it's called, I have checked it by some tests on Windows.
I will try some other ways to fix this bug.
Thanks again!
--
Regards,
Jactry Zeng
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.winehq.org/pipermail/wine-devel/attachments/20140417/becb0395/attachment.html>
More information about the wine-devel
mailing list