https://bugs.winehq.org/show_bug.cgi?id=57929 Bug ID: 57929 Summary: Illegal pointer may be dereferenced Product: Wine Version: unspecified Hardware: x86-64 OS: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: win32u Assignee: wine-bugs(a)winehq.org Reporter: 1367173408(a)qq.com Distribution: --- Created attachment 78182 --> https://bugs.winehq.org/attachment.cgi?id=78182 execution trace I have found a risk that an illegal pointer may be dereferenced. At line 119 in file `dlls/win32u/ntgdi_private.h`, the function `pop_dc_driver` may return NULL. At line 750 in file `dlls/win32u/path.c`, the return value of `pop_dc_driver`, which may be NULL, is used as a real argument of call for `pDeleteDC` (`pathdrv_DeleteDC`). Then, as shown by step 3 and 4 in the attached image, a illegal address may be returned by function `get_path_physdev`, because `dev` is NULL value (0) and `offsetof(type, field)` is subtracted from it. Finally, as shown by step 5, the illegal pointer may be dereferenced, which may cause unexpected application behavior or crashes. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.