[PATCH 6/7] ntdll/loader: Prevent user after free (Coverity)

[Fabian Maurer]

When tmp is freed, dos_name is freed as well.
We can't later use it to print a message.

Signed-off-by: Fabian Maurer <dark.shadow4 at web.de>
---
 dlls/ntdll/unix/loader.c | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/dlls/ntdll/unix/loader.c b/dlls/ntdll/unix/loader.c
index d1c42ddc0f3..e577afdb14b 100644
--- a/dlls/ntdll/unix/loader.c
+++ b/dlls/ntdll/unix/loader.c
@@ -1826,27 +1826,32 @@ NTSTATUS load_main_exe( const WCHAR *dos_name, const char *unix_name, const WCHA
                      (dos_name[0] && dos_name[1] == ':'));

     if ((status = get_full_path( dos_name, curdir, image ))) goto failed;
-    free( tmp );

     init_unicode_string( &nt_name, *image );
     if (loadorder == LO_INVALID) loadorder = get_load_order( &nt_name );

     status = open_main_image( *image, module, &main_image_info, loadorder );
-    if (status != STATUS_DLL_NOT_FOUND) return status;
+    if (status != STATUS_DLL_NOT_FOUND) goto end;

     /* if path is in system dir, we can load the builtin even if the file itself doesn't exist */
     if (loadorder != LO_NATIVE && is_builtin_path( &nt_name, &machine ))
     {
         status = find_builtin_dll( &nt_name, module, &size, &main_image_info, machine, FALSE );
-        if (status != STATUS_DLL_NOT_FOUND) return status;
+        if (status != STATUS_DLL_NOT_FOUND) goto end;
+    }
+    if (!contains_path)
+    {
+        status = STATUS_DLL_NOT_FOUND;
+        goto end;
     }
-    if (!contains_path) return STATUS_DLL_NOT_FOUND;

 failed:
     MESSAGE( "wine: failed to open %s: %x\n",
              unix_name ? debugstr_a(unix_name) : debugstr_w(dos_name), status );
     NtTerminateProcess( GetCurrentProcess(), status );
-    return status;  /* unreached */
+end:
+    free(tmp);
+    return status;
 }


--
2.36.0