[Bug 38764] Improper device request/IRP handling causes heap corruption in wineserver
wine-bugs at winehq.org
wine-bugs at winehq.org
Mon Jun 15 18:15:53 CDT 2015
https://bugs.winehq.org/show_bug.cgi?id=38764
Sebastian Lackner <sebastian at fds-team.de> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |sebastian at fds-team.de
--- Comment #2 from Sebastian Lackner <sebastian at fds-team.de> ---
Created attachment 51699
--> https://bugs.winehq.org/attachment.cgi?id=51699
Proposed patch
The problem occurs because the set_irp_result function assumes, that irp->file
has a refcount greater than 1, which is not always the case.
The call to 'release_object( file );' can destroy the associated file, but
later 'list_remove( &irp->dev_entry );' is executed which assumes that the file
still exists.
After ensuring that the patch doesn't have any unintentional side effects I'll
send it to wine-patches.
--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.
More information about the wine-bugs
mailing list