server: Avoid invalid memory access when create_console_input fails.
Sebastian Lackner
sebastian at fds-team.de
Wed Aug 19 05:44:02 CDT 2015
console_in->event might be NULL in the destructor. To avoid dereferencing console_in->history[i]
in the destructor, explicitly set console_input->history_size to zero when its not safe to access
the array.
---
server/console.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/server/console.c b/server/console.c
index 218831b..79836d4 100644
--- a/server/console.c
+++ b/server/console.c
@@ -330,6 +330,7 @@ static struct object *create_console_input( struct thread* renderer, int fd )
if (!console_input->history || (renderer && !console_input->evt) || !console_input->event)
{
if (fd != -1) close( fd );
+ console_input->history_size = 0;
release_object( console_input );
return NULL;
}
@@ -1110,7 +1111,8 @@ static void console_input_destroy( struct object *obj )
release_object( console_in->evt );
console_in->evt = NULL;
}
- release_object( console_in->event );
+ if (console_in->event)
+ release_object( console_in->event );
if (console_in->fd)
release_object( console_in->fd );
--
2.5.0
More information about the wine-patches
mailing list