msacm32: fix buffer double free
Pierre Schweitzer
pierre at reactos.org
Tue Dec 6 16:29:39 CST 2011
-------------- next part --------------
>From 0804dc40b58ffb2c8a96012e43ca9644fe8adac6 Mon Sep 17 00:00:00 2001
From: Pierre Schweitzer <pierre at reactos.org>
Date: Tue, 6 Dec 2011 21:52:51 +0100
Subject: Fix pointer double free
---
dlls/msacm32/internal.c | 12 ++++++++++--
1 files changed, 10 insertions(+), 2 deletions(-)
diff --git a/dlls/msacm32/internal.c b/dlls/msacm32/internal.c
index 239f4d3..b3f6bf3 100644
--- a/dlls/msacm32/internal.c
+++ b/dlls/msacm32/internal.c
@@ -1016,6 +1016,9 @@ PWINE_ACMLOCALDRIVERINST MSACM_OpenLocalDriver(PWINE_ACMLOCALDRIVER paldrv, LPAR
PWINE_ACMLOCALDRIVERINST pDrvInst;
pDrvInst = HeapAlloc(MSACM_hHeap, 0, sizeof(WINE_ACMLOCALDRIVERINST));
+ if (!pDrvInst)
+ return NULL;
+
pDrvInst->pLocalDriver = paldrv;
pDrvInst->dwDriverID = 0;
pDrvInst->pNextACMInst = NULL;
@@ -1037,9 +1040,14 @@ PWINE_ACMLOCALDRIVERINST MSACM_OpenLocalDriver(PWINE_ACMLOCALDRIVER paldrv, LPAR
ret = MSACM_OpenLocalDriver(paldrv, lParam2);
if (!ret)
{
- MSACM_CloseLocalDriver(pDrvInst);
ERR("load1 failed\n");
- goto exit;
+ /* If MSACM_CloseLocalDriver returns TRUE,
+ * then pDrvInst has been freed
+ */
+ if (!MSACM_CloseLocalDriver(pDrvInst))
+ goto exit;
+
+ return NULL;
}
pDrvInst->bSession = TRUE;
return ret;
--
1.7.4.1
More information about the wine-patches
mailing list