[Bug 28732] New: use-after-free in MONTHCAL_UpdateSize
wine-bugs at winehq.org
wine-bugs at winehq.org
Sat Oct 15 11:38:32 CDT 2011
http://bugs.winehq.org/show_bug.cgi?id=28732
Bug #: 28732
Summary: use-after-free in MONTHCAL_UpdateSize
Product: Wine
Version: 1.3.30
Platform: x86
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: comctl32
AssignedTo: wine-bugs at winehq.org
ReportedBy: dank at kegel.com
Classification: Unclassified
While running "make monthcal.ok" in comctl32/tests, valgrind complains
Invalid read of size 4
at MONTHCAL_UpdateSize (monthcal.c:2556)
by MONTHCAL_WindowProc (monthcal.c:2739)
by ??? (in /oldhome/dank/wine-git/dlls/user32/user32.dll.so)
by call_window_proc (winproc.c:242)
by WINPROC_CallProcAtoW (winproc.c:404)
by WINPROC_call_window (winproc.c:910)
by call_window_proc (message.c:2211)
by send_message (message.c:3084)
by SendMessageA (message.c:3286)
by WIN_CreateWindowEx (win.c:1448)
by CreateWindowExA (win.c:1550)
by create_monthcal_control (monthcal.c:577)
by func_monthcal (monthcal.c:1524)
Address 0x7f045618 is 8 bytes inside a block of size 112 free'd
at RtlReAllocateHeap (heap.c:262)
by HeapReAlloc (heap.c:277)
by GlobalReAlloc (heap.c:651)
by LocalReAlloc (heap.c:1075)
by ReAlloc (comctl32undoc.c:99)
by MONTHCAL_UpdateSize (monthcal.c:2541)
by MONTHCAL_WindowProc (monthcal.c:2739)
by ??? (in /oldhome/dank/wine-git/dlls/user32/user32.dll.so)
by call_window_proc (winproc.c:242)
by WINPROC_CallProcAtoW (winproc.c:404)
by WINPROC_call_window (winproc.c:910)
by call_window_proc (message.c:2211)
by send_message (message.c:3084)
by SendMessageA (message.c:3286)
by WIN_CreateWindowEx (win.c:1448)
by CreateWindowExA (win.c:1550)
by create_monthcal_control (monthcal.c:577)
by func_monthcal (monthcal.c:1524)
A quick look at the source makes me think that the pointer 'title'
might need to be updated when the realloc is done.
--
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.
More information about the wine-bugs
mailing list