wined3d: Fix double free in geometry_shader_init.
Sebastian Lackner
sebastian at fds-team.de
Wed Apr 19 11:55:32 CDT 2017
Signed-off-by: Sebastian Lackner <sebastian at fds-team.de>
---
wined3d_shader_destroy_object also calls HeapFree, so it cannot
be used here. Also, we would need some kind of synchronization
(like what we are doing for textures).
dlls/wined3d/shader.c | 18 ++++++++++--------
1 file changed, 10 insertions(+), 8 deletions(-)
diff --git a/dlls/wined3d/shader.c b/dlls/wined3d/shader.c
index 3681a8d621..7dc276f575 100644
--- a/dlls/wined3d/shader.c
+++ b/dlls/wined3d/shader.c
@@ -3433,21 +3433,23 @@ static HRESULT geometry_shader_init(struct wined3d_shader *shader, struct wined3
const struct wined3d_shader_desc *desc, const struct wined3d_stream_output_desc *so_desc,
void *parent, const struct wined3d_parent_ops *parent_ops)
{
+ struct wined3d_stream_output_element *elements = NULL;
HRESULT hr;
+ if (so_desc && !(elements = wined3d_calloc(so_desc->element_count, sizeof(*elements))))
+ return E_OUTOFMEMORY;
+
if (FAILED(hr = shader_init(shader, device, desc, 0, WINED3D_SHADER_TYPE_GEOMETRY, parent, parent_ops)))
+ {
+ HeapFree(GetProcessHeap(), 0, elements);
return hr;
+ }
if (so_desc)
{
- struct wined3d_stream_output_desc *d = &shader->u.gs.so_desc;
- *d = *so_desc;
- if (!(d->elements = wined3d_calloc(so_desc->element_count, sizeof(*d->elements))))
- {
- wined3d_cs_destroy_object(shader->device->cs, wined3d_shader_destroy_object, shader);
- return E_OUTOFMEMORY;
- }
- memcpy(d->elements, so_desc->elements, so_desc->element_count * sizeof(*d->elements));
+ shader->u.gs.so_desc = *so_desc;
+ shader->u.gs.so_desc.elements = elements;
+ memcpy(elements, so_desc->elements, so_desc->element_count * sizeof(*elements));
}
return WINED3D_OK;
--
2.12.2
More information about the wine-patches
mailing list