[2/3] msi: Fix another double free.
Hans Leidekker
hans at codeweavers.com
Mon Apr 20 09:09:12 CDT 2009
parser_alloc() allocates memory and puts it on a list attached the to query object.
EXPR_sval() frees memory allocated via parser_alloc() on error but does not remove
the pointer from the list, which means that when the query destructor is called it
will be freed again.
-Hans
diff --git a/dlls/msi/sql.y b/dlls/msi/sql.y
index 425b584..d71c186 100644
--- a/dlls/msi/sql.y
+++ b/dlls/msi/sql.y
@@ -876,10 +876,7 @@ static struct expr * EXPR_sval( void *info, const struct sql_str *str )
{
e->type = EXPR_SVAL;
if( SQL_getstring( info, str, (LPWSTR *)&e->u.sval ) != ERROR_SUCCESS )
- {
- msi_free( e );
- return NULL;
- }
+ return NULL; /* e will be freed by query destructor */
}
return e;
}
More information about the wine-patches
mailing list