msxml3: Fix a couple of memory leaks.
Hans Leidekker
hans at codeweavers.com
Thu Apr 17 02:42:45 CDT 2014
---
dlls/msxml3/msxml_private.h | 5 +++++
dlls/msxml3/saxreader.c | 52 +++++++++++++++++++++++++++++++++++++++------
2 files changed, 50 insertions(+), 7 deletions(-)
diff --git a/dlls/msxml3/msxml_private.h b/dlls/msxml3/msxml_private.h
index be37e17..167e74f 100644
--- a/dlls/msxml3/msxml_private.h
+++ b/dlls/msxml3/msxml_private.h
@@ -179,6 +179,11 @@ static inline void *heap_realloc(void *mem, size_t len)
return HeapReAlloc(GetProcessHeap(), 0, mem, len);
}
+static inline void *heap_realloc_zero(void *mem, size_t len)
+{
+ return HeapReAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, mem, len);
+}
+
static inline BOOL heap_free(void *mem)
{
return HeapFree(GetProcessHeap(), 0, mem);
diff --git a/dlls/msxml3/saxreader.c b/dlls/msxml3/saxreader.c
index 7a9e410..15c39e5 100644
--- a/dlls/msxml3/saxreader.c
+++ b/dlls/msxml3/saxreader.c
@@ -1419,6 +1419,26 @@ static BSTR saxreader_get_unescaped_value(const xmlChar *buf, int len)
return bstr;
}
+static void free_attribute_values(saxlocator *locator)
+{
+ int i;
+
+ for (i = 0; i < locator->nb_attributes; i++)
+ {
+ SysFreeString(locator->attributes[i].szURI);
+ locator->attributes[i].szURI = NULL;
+
+ SysFreeString(locator->attributes[i].szLocalname);
+ locator->attributes[i].szLocalname = NULL;
+
+ SysFreeString(locator->attributes[i].szValue);
+ locator->attributes[i].szValue = NULL;
+
+ SysFreeString(locator->attributes[i].szQName);
+ locator->attributes[i].szQName = NULL;
+ }
+}
+
static HRESULT SAXAttributes_populate(saxlocator *locator,
int nb_namespaces, const xmlChar **xmlNamespaces,
int nb_attributes, const xmlChar **xmlAttributes)
@@ -1436,13 +1456,16 @@ static HRESULT SAXAttributes_populate(saxlocator *locator,
locator->nb_attributes = nb_namespaces + nb_attributes;
if(locator->nb_attributes > locator->attributesSize)
{
- attrs = heap_realloc(locator->attributes, sizeof(struct _attributes)*locator->nb_attributes*2);
+ int new_size = locator->attributesSize * 2;
+ attrs = heap_realloc_zero(locator->attributes, new_size * sizeof(struct _attributes));
if(!attrs)
{
+ free_attribute_values(locator);
locator->nb_attributes = 0;
return E_OUTOFMEMORY;
}
locator->attributes = attrs;
+ locator->attributesSize = new_size;
}
else
{
@@ -1451,9 +1474,16 @@ static HRESULT SAXAttributes_populate(saxlocator *locator,
for (i = 0; i < nb_namespaces; i++)
{
+ SysFreeString(attrs[nb_attributes+i].szLocalname);
attrs[nb_attributes+i].szLocalname = SysAllocStringLen(NULL, 0);
- attrs[nb_attributes+i].szURI = locator->namespaceUri;
+
+ SysFreeString(attrs[nb_attributes+i].szURI);
+ attrs[nb_attributes+i].szURI = SysAllocString(locator->namespaceUri);
+
+ SysFreeString(attrs[nb_attributes+i].szValue);
attrs[nb_attributes+i].szValue = bstr_from_xmlChar(xmlNamespaces[2*i+1]);
+
+ SysFreeString(attrs[nb_attributes+i].szQName);
if(!xmlNamespaces[2*i])
attrs[nb_attributes+i].szQName = SysAllocString(xmlnsW);
else
@@ -1464,16 +1494,21 @@ static HRESULT SAXAttributes_populate(saxlocator *locator,
{
static const xmlChar xmlA[] = "xml";
+ SysFreeString(attrs[i].szURI);
if (xmlStrEqual(xmlAttributes[i*5+1], xmlA))
attrs[i].szURI = bstr_from_xmlChar(xmlAttributes[i*5+2]);
else
/* that's an important feature to keep same uri pointer for every reported attribute */
- attrs[i].szURI = find_element_uri(locator, xmlAttributes[i*5+2]);
+ attrs[i].szURI = SysAllocString(find_element_uri(locator, xmlAttributes[i*5+2]));
+ SysFreeString(attrs[i].szLocalname);
attrs[i].szLocalname = bstr_from_xmlChar(xmlAttributes[i*5]);
+
+ SysFreeString(attrs[i].szValue);
attrs[i].szValue = saxreader_get_unescaped_value(xmlAttributes[i*5+3], xmlAttributes[i*5+4]-xmlAttributes[i*5+3]);
- attrs[i].szQName = QName_from_xmlChar(xmlAttributes[i*5+1],
- xmlAttributes[i*5]);
+
+ SysFreeString(attrs[i].szQName);
+ attrs[i].szQName = QName_from_xmlChar(xmlAttributes[i*5+1], xmlAttributes[i*5]);
}
return S_OK;
@@ -1675,6 +1710,7 @@ static void libxmlEndElementNS(
if (!saxreader_has_handler(This, SAXContentHandler))
{
+ free_attribute_values(This);
This->nb_attributes = 0;
free_element_entry(element);
return;
@@ -1696,6 +1732,7 @@ static void libxmlEndElementNS(
local, SysStringLen(local),
element->qname, SysStringLen(element->qname));
+ free_attribute_values(This);
This->nb_attributes = 0;
if (sax_callback_failed(This, hr))
@@ -2294,8 +2331,9 @@ static ULONG WINAPI isaxlocator_Release(
SysFreeString(This->systemId);
SysFreeString(This->namespaceUri);
- for(index=0; index<This->nb_attributes; index++)
+ for(index=0; index<This->attributesSize; index++)
{
+ SysFreeString(This->attributes[index].szURI);
SysFreeString(This->attributes[index].szLocalname);
SysFreeString(This->attributes[index].szValue);
SysFreeString(This->attributes[index].szQName);
@@ -2432,7 +2470,7 @@ static HRESULT SAXLocator_create(saxreader *reader, saxlocator **ppsaxlocator, B
locator->attributesSize = 8;
locator->nb_attributes = 0;
- locator->attributes = heap_alloc(sizeof(struct _attributes)*locator->attributesSize);
+ locator->attributes = heap_alloc_zero(sizeof(struct _attributes)*locator->attributesSize);
if(!locator->attributes)
{
ISAXXMLReader_Release(&reader->ISAXXMLReader_iface);
--
1.9.1
More information about the wine-patches
mailing list