[PATCH] oleaut32: Don't store non-heap-allocated strings in the BSTR cache

[Andrew Eikum]

An application was passing a static string to SysFreeString.
SysFreeString would store the pointer in the BSTR cache. Eventually
the pointer would be re-used by SysAllocString and crash the program.

The approach I took to fix this was to determine if the pointer
belongs to a module. If so, then it can't be on the heap, and so we
didn't allocate it and we shouldn't try to free it or store it in the
cache.

Signed-off-by: Andrew Eikum <aeikum at codeweavers.com>
---
 dlls/oleaut32/oleaut.c        | 8 ++++++++
 dlls/oleaut32/tests/vartype.c | 3 +++
 2 files changed, 11 insertions(+)

diff --git a/dlls/oleaut32/oleaut.c b/dlls/oleaut32/oleaut.c
index 0352215..7a2768e 100644
--- a/dlls/oleaut32/oleaut.c
+++ b/dlls/oleaut32/oleaut.c
@@ -251,12 +251,20 @@ BSTR WINAPI SysAllocString(LPCOLESTR str)
  */
 void WINAPI SysFreeString(BSTR str)
 {
+    HMODULE module = NULL;
     bstr_cache_entry_t *cache_entry;
     bstr_t *bstr;
 
     if(!str)
         return;
 
+    GetModuleHandleExW(GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS | GET_MODULE_HANDLE_EX_FLAG_UNCHANGED_REFCOUNT,
+            str, &module);
+    if(module) {
+        WARN("freed string %p is not allocated on the heap, but owned by module %p\n", str, module);
+        return;
+    }
+
     bstr = bstr_from_str(str);
     cache_entry = get_cache_entry(bstr->size+sizeof(WCHAR));
     if(cache_entry) {
diff --git a/dlls/oleaut32/tests/vartype.c b/dlls/oleaut32/tests/vartype.c
index 7cbb059..0669ef0 100644
--- a/dlls/oleaut32/tests/vartype.c
+++ b/dlls/oleaut32/tests/vartype.c
@@ -6324,6 +6324,9 @@ static void test_bstr_cache(void)
         return;
     }
 
+    /* this should not crash the tests */
+    SysFreeString((BSTR)testW);
+
     str = SysAllocString(testW);
     /* This should put the string into cache */
     SysFreeString(str);
-- 
2.6.4