[PATCH 2/3] scrobj: Fix some leaks on error paths (Coverity).
Jacek Caban
jacek at codeweavers.com
Mon Oct 21 06:59:16 CDT 2019
On 21/10/2019 07:50, Sven Baars wrote:
> On 21-10-19 12:14, Jacek Caban wrote:
>> Hi Sven,
>>
>> On 19/10/2019 15:20, Sven Baars wrote:
>>> Signed-off-by: Sven Baars <sven.wine at gmail.com>
>>> ---
>>> dlls/scrobj/scrobj.c | 7 ++++++-
>>> 1 file changed, 6 insertions(+), 1 deletion(-)
>>>
>>> diff --git a/dlls/scrobj/scrobj.c b/dlls/scrobj/scrobj.c
>>> index ce5a3dedd1..8d23c65f55 100644
>>> --- a/dlls/scrobj/scrobj.c
>>> +++ b/dlls/scrobj/scrobj.c
>>> @@ -1491,6 +1491,7 @@ static HRESULT parse_scriptlet_public(struct
>>> scriptlet_factory *factory)
>>> if (!wcsicmp(member_iter->name, member->name))
>>> {
>>> FIXME("Duplicated member %s\n",
>>> debugstr_w(member->name));
>>> + heap_free(member);
>>> return E_FAIL;
>>> }
>>> }
>>> @@ -1532,7 +1533,11 @@ static HRESULT parse_scriptlet_public(struct
>>> scriptlet_factory *factory)
>>> if (!(parameter = heap_alloc(sizeof(*parameter))))
>>> return E_OUTOFMEMORY;
>>> hres = read_xml_value(factory, ¶meter->name);
>>> - if (FAILED(hres)) return hres;
>>> + if (FAILED(hres))
>>> + {
>>> + heap_free(parameter);
>>> + return hres;
>>> + }
>>> list_add_tail(&member->u.parameters,
>>> ¶meter->entry);
>>> if (!empty && FAILED(hres =
>>> expect_end_element(factory))) return hres;
>>> }
>>
>> You could just move list_add_tail() call to be done just after heap_alloc.
>>
>>
>> Thanks,
>>
>> Jacek
>>
> Hi Jacek,
>
> But then you have a "parameter", whose only member is "name", that does
> not have a name, since the name is set by read_xml_value, but that
> method failed, meaning the name has not been set. Therefore I thought it
> was better not to add it to the list.
In this case, we will fail to create the factory, so we will call its
destructor (scriptlet_factory_Release), which should handle it just fine
and free the parameter.
> I actually don't really understand what this code is supposed to do
> anyway. The "parameters" do never seem to be used anywhere. The only
> "scriptlet_member" members that appear to be used are "type" and "name"
> (and maybe "flags" for validation). Is this for a future implementation?
Yes, nothing I've seen used needed it so far. We have to parse the XML
anyway and I guess that we may need it for GetTypeInfo() implementation
at some point.
Thanks,
Jacek
More information about the wine-devel
mailing list