[PATCH 6/6] d3dx9: Secure against unsafe iface to COM object transitions

[Paul Gofman]

On 3/22/19 16:37, Chip Davis wrote:
> March 22, 2019 2:49 AM, "Michael Stefaniuc" <mstefani at winehq.org> wrote:
>
>> @@ -6162,7 +6164,7 @@ static HRESULT d3dx9_effect_init(struct d3dx_effect *effect, struct IDirect3DDev
>>       if (pool)
>>       {
>>           pool->lpVtbl->AddRef(pool);
>> -        effect->pool = impl_from_ID3DXEffectPool(pool);
>> +        effect->pool = unsafe_impl_from_ID3DXEffectPool(pool);
>>       }
> Now you are leaking 'pool' in case it's not one of ours.
>
> Chip
>
>
This can't really work if the pool is not one of ours. Pool does not 
have a public interface to work with from the effect's side. We don't 
have any tests showing what native d3dx9 will do in such a case: crash 
(I would put my bet on this before testing), return an error or act if 
no pool is provided, or even use the pool pointer just like a hash value 
and work fine with any object claimed to be a pool??. IMO unless we want 
to add some tests for this case having NULL from 
unsafe_impl_from_ID3DXEffectPool() deserves a FIXME at the first place. 
Is silently acting as if there is no pool better than crashing or 
leaking something pretending to be a pool object, unless we are sure 
this is a right thing to do?