[PATCH 09/11] d3d11: Avoid potential double free in d3d11_device_CreateRasterizerState().
Józef Kucia
jkucia at codeweavers.com
Thu Apr 27 05:02:52 CDT 2017
The parent is owned by the wined3d_rasterizer_state object and it is
destroyed in the wined3d_object_destroyed() callback.
Signed-off-by: Józef Kucia <jkucia at codeweavers.com>
---
dlls/d3d11/state.c | 21 ++++++++++++---------
1 file changed, 12 insertions(+), 9 deletions(-)
diff --git a/dlls/d3d11/state.c b/dlls/d3d11/state.c
index f10e713..2b5a2c0 100644
--- a/dlls/d3d11/state.c
+++ b/dlls/d3d11/state.c
@@ -882,23 +882,26 @@ HRESULT d3d_rasterizer_state_init(struct d3d_rasterizer_state *state, struct d3d
wined3d_private_store_init(&state->private_store);
state->desc = *desc;
- wined3d_desc.front_ccw = desc->FrontCounterClockwise;
- if (FAILED(hr = wined3d_rasterizer_state_create(device->wined3d_device, &wined3d_desc,
- state, &d3d_rasterizer_state_wined3d_parent_ops, &state->wined3d_state)))
+ if (wine_rb_put(&device->rasterizer_states, desc, &state->entry) == -1)
{
- WARN("Failed to create wined3d rasterizer state, hr %#x.\n", hr);
+ ERR("Failed to insert rasterizer state entry.\n");
wined3d_private_store_cleanup(&state->private_store);
wined3d_mutex_unlock();
- return hr;
+ return E_FAIL;
}
- if (wine_rb_put(&device->rasterizer_states, desc, &state->entry) == -1)
+ wined3d_desc.front_ccw = desc->FrontCounterClockwise;
+
+ /* We cannot fail after creating a wined3d_rasterizer_state object. It
+ * would lead to double free. */
+ if (FAILED(hr = wined3d_rasterizer_state_create(device->wined3d_device, &wined3d_desc,
+ state, &d3d_rasterizer_state_wined3d_parent_ops, &state->wined3d_state)))
{
- ERR("Failed to insert rasterizer state entry.\n");
+ WARN("Failed to create wined3d rasterizer state, hr %#x.\n", hr);
wined3d_private_store_cleanup(&state->private_store);
- wined3d_rasterizer_state_decref(state->wined3d_state);
+ wine_rb_remove(&device->rasterizer_states, &state->entry);
wined3d_mutex_unlock();
- return E_FAIL;
+ return hr;
}
wined3d_mutex_unlock();
--
2.10.2
More information about the wine-patches
mailing list