comctl32: Avoid use-after-free in DPA_Merge (DPH).
Thomas Faber
thomas.faber at reactos.org
Sat Apr 18 05:21:13 CDT 2015
DPA_InsertPtr and DPA_DeletePtr can call HeapReAlloc and change the
location of the ptrs array. Thus the pWork pointers must be refreshed
after such a call (or simply on every iteration).
Fixes a crash when running comctl32_test with Windows's Debug Page Heap,
which will relocate your heap block even if the size is unchanged.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0023-comctl32-Avoid-use-after-free-in-DPA_Merge-DPH.patch
Type: text/x-diff
Size: 1842 bytes
Desc: not available
URL: <http://www.winehq.org/pipermail/wine-patches/attachments/20150418/3dc89507/attachment.patch>
More information about the wine-patches
mailing list