[Bug 27991] New: LsaLookupNames2 implementation leads to leak of returned buffer data
wine-bugs at winehq.org
wine-bugs at winehq.org
Sat Aug 6 05:13:15 CDT 2011
http://bugs.winehq.org/show_bug.cgi?id=27991
Summary: LsaLookupNames2 implementation leads to leak of
returned buffer data
Product: Wine
Version: 1.3.26
Platform: x86
OS/Version: Linux
Status: NEW
Severity: minor
Priority: P2
Component: advapi32
AssignedTo: wine-bugs at winehq.org
ReportedBy: bunglehead at gmail.com
Just in case I forget about this.
LsaLookupNames2() returns domains data in LSA_REFERENCED_DOMAIN_LIST structure,
that contains pointer to domain data array. We currently allocate all of this
separately - first LSA_REFERENCED_DOMAIN_LIST itself then a linked array, and
finally setting a pointer from one to another.
This is wrong and leads to allocations that can't be freed with
LsaFreeMemory(), what should be done is to incrementally calculate all
components buffer sizes and then allocate a single buffer that holds everything
at once. With properly adjusted pointers of course, that act as offsets in it.
After that all related leaks will be fixed.
P.S. simple testing shows that native does something like that, at least
HeapSize() for domains pointer returns large number and array pointer points 12
bytes from the buffer first byte.
--
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.
More information about the wine-bugs
mailing list