memory corruption in dlls/oleaut32/olepicture.c?
marcus at jet.franken.de
Tue Jan 9 01:17:13 CST 2007
On Tue, Jan 09, 2007 at 08:40:08AM +0200, Damjan Jovanovic wrote:
> In dlls/oleaut32/olepicture.c, there are several places where memory
> is allocated and then used immediately, without checking whether
> allocation succeeded. For example:
> 1479 xbuf = HeapAlloc (GetProcessHeap(), HEAP_ZERO_MEMORY, origsize);
> 1480 if (headerisdata)
> 1481 memcpy (xbuf, &header, 8);
> Is there something I'm missing, or does that sort of code lead to
> memory corruption / segmentation faults when allocating memory fails?
memory corruption - no.
segfaults due to NULL ptr dereference - yes.
> >From what I see on
> http://people.redhat.com/mstefani/wine/smatch/bugs_all.html, smatch
> doesn't detect this as an error. What should we do?
Feel free to add error handling.
I originally did not add this, since the code is ugly already :(
More information about the wine-devel