[PATCH 6/7] ntdll/loader: Prevent user after free (Coverity)
Fabian Maurer
dark.shadow4 at web.de
Sat Apr 23 13:17:28 CDT 2022
When tmp is freed, dos_name is freed as well.
We can't later use it to print a message.
Signed-off-by: Fabian Maurer <dark.shadow4 at web.de>
---
dlls/ntdll/unix/loader.c | 15 ++++++++++-----
1 file changed, 10 insertions(+), 5 deletions(-)
diff --git a/dlls/ntdll/unix/loader.c b/dlls/ntdll/unix/loader.c
index d1c42ddc0f3..e577afdb14b 100644
--- a/dlls/ntdll/unix/loader.c
+++ b/dlls/ntdll/unix/loader.c
@@ -1826,27 +1826,32 @@ NTSTATUS load_main_exe( const WCHAR *dos_name, const char *unix_name, const WCHA
(dos_name[0] && dos_name[1] == ':'));
if ((status = get_full_path( dos_name, curdir, image ))) goto failed;
- free( tmp );
init_unicode_string( &nt_name, *image );
if (loadorder == LO_INVALID) loadorder = get_load_order( &nt_name );
status = open_main_image( *image, module, &main_image_info, loadorder );
- if (status != STATUS_DLL_NOT_FOUND) return status;
+ if (status != STATUS_DLL_NOT_FOUND) goto end;
/* if path is in system dir, we can load the builtin even if the file itself doesn't exist */
if (loadorder != LO_NATIVE && is_builtin_path( &nt_name, &machine ))
{
status = find_builtin_dll( &nt_name, module, &size, &main_image_info, machine, FALSE );
- if (status != STATUS_DLL_NOT_FOUND) return status;
+ if (status != STATUS_DLL_NOT_FOUND) goto end;
+ }
+ if (!contains_path)
+ {
+ status = STATUS_DLL_NOT_FOUND;
+ goto end;
}
- if (!contains_path) return STATUS_DLL_NOT_FOUND;
failed:
MESSAGE( "wine: failed to open %s: %x\n",
unix_name ? debugstr_a(unix_name) : debugstr_w(dos_name), status );
NtTerminateProcess( GetCurrentProcess(), status );
- return status; /* unreached */
+end:
+ free(tmp);
+ return status;
}
--
2.36.0
More information about the wine-devel
mailing list