[PATCH] gdi32: Fix double-free on repeated calls to Delete[Enh]MetaFile.
Jacek Caban
jacek at codeweavers.com
Wed Jul 21 09:13:24 CDT 2021
Hi Daniel,
On 7/21/21 1:53 AM, Daniel Lehman wrote:
> diff --git a/dlls/gdi32/gdiobj.c b/dlls/gdi32/gdiobj.c
> index 9059f817636..f56b8891d84 100644
> --- a/dlls/gdi32/gdiobj.c
> +++ b/dlls/gdi32/gdiobj.c
> @@ -916,6 +916,7 @@ BOOL WINAPI NtGdiDeleteObjectApp( HGDIOBJ obj )
> return TRUE;
> }
>
> + entry->UserPointer = 0;
> obj = entry_to_handle( entry ); /* make it a full handle */
>
> hdcs_head = header->hdcs;
The idea is that NtGdiDeleteClientObj should fail for the second attempt
to delete metafiles. Looking at why it's not failing, I think we should
just call free_gdi_handle there. What do you think about the attached fix?
Thanks,
Jacek
-------------- next part --------------
A non-text attachment was scrubbed...
Name: patch.diff
Type: text/x-patch
Size: 703 bytes
Desc: not available
URL: <http://www.winehq.org/pipermail/wine-devel/attachments/20210721/5f3b1f75/attachment.bin>
More information about the wine-devel
mailing list