[PATCH 2/2] secur32: Use indices to link the free handles.

[Florian Köberle]

Pointers can get invalid when the table gets moved in memory.
This can happen when the table grows.
---
 dlls/secur32/schannel.c |   25 +++++++++++++++----------
 1 files changed, 15 insertions(+), 10 deletions(-)

diff --git a/dlls/secur32/schannel.c b/dlls/secur32/schannel.c
index d08eda7..bf41031 100644
--- a/dlls/secur32/schannel.c
+++ b/dlls/secur32/schannel.c
@@ -115,28 +115,32 @@ struct schan_transport
 };
 
 static struct schan_handle *schan_handle_table;
-static struct schan_handle *schan_free_handles;
+static ULONG_PTR schan_first_free_handle;
 static SIZE_T schan_handle_table_size;
 static SIZE_T schan_handle_count;
+static SIZE_T schan_free_handle_count = 0;
 
 static ULONG_PTR schan_alloc_handle(void *object, enum schan_handle_type type)
 {
     struct schan_handle *handle;
+    ULONG_PTR result;
 
-    if (schan_free_handles)
+    if (schan_free_handle_count > 0)
     {
         /* Use a free handle */
-        handle = schan_free_handles;
+        result = schan_first_free_handle;
+        handle = &schan_handle_table[result];
         if (handle->type != SCHAN_HANDLE_FREE)
         {
             ERR("Handle %d(%p) is in the free list, but has type %#x.\n", (handle-schan_handle_table), handle, handle->type);
             return SCHAN_INVALID_HANDLE;
         }
-        schan_free_handles = handle->object;
+        schan_first_free_handle = (int) handle->object;
+        schan_free_handle_count--;
         handle->object = object;
         handle->type = type;
 
-        return handle - schan_handle_table;
+        return result;
     }
     if (!(schan_handle_count < schan_handle_table_size))
     {
@@ -151,12 +155,12 @@ static ULONG_PTR schan_alloc_handle(void *object, enum schan_handle_type type)
         schan_handle_table = new_table;
         schan_handle_table_size = new_size;
     }
-
-    handle = &schan_handle_table[schan_handle_count++];
+    result = schan_handle_count++;
+    handle = &schan_handle_table[result];
     handle->object = object;
     handle->type = type;
 
-    return handle - schan_handle_table;
+    return result;
 }
 
 static void *schan_free_handle(ULONG_PTR handle_idx, enum schan_handle_type type)
@@ -179,9 +183,10 @@ static void *schan_free_handle(ULONG_PTR handle_idx, enum schan_handle_type type
     }
 
     object = handle->object;
-    handle->object = schan_free_handles;
+    handle->object = (void *) schan_first_free_handle;
     handle->type = SCHAN_HANDLE_FREE;
-    schan_free_handles = handle;
+    schan_first_free_handle = handle_idx;
+    schan_free_handle_count++;
 
     return object;
 }
-- 
1.5.4.3