richedit: Fixed Valgrind error related to undoing

Dylan Smith dylan.ah.smith at
Sun Jul 6 14:27:40 CDT 2008

The error was a memory access of a freed object.  In ME_AddUndoItem I
checked the top of the undo stack to end a coalescing undo transaction,
assuming that this should be either a valid undo item, or NULL, instead
it was already freed.

The undo item being added was actually being added to the redo stack by
ME_Undo, and before this was done the top of the undo stack was
destroyed by not set to NULL, thus causing the valgrind error.

I fixed this in two places. First of all I moved my code to
conditionally turn a coalescing end transaction into an actual end
transaction, since it doesn't need to be done when adding to the redo
stack.  Second of all, I made sure the undo and redo stack are in
valid states for ME_Undo and ME_Redo before calling ME_AddUndoItem or
ME_PlayItem since I could see someone else making the same assumption.
This should fix the error and make it harder for a regression to occur.
 dlls/riched20/undo.c |   37 +++++++++++++++++++------------------
 1 files changed, 19 insertions(+), 18 deletions(-)
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: 0001-richedit-Fixed-Valgrind-error-related-to-undoing.diff.txt

More information about the wine-patches mailing list