Module: wine Branch: master Commit: 1e79217fb0c63fc53cf021fb203e282b1bae3b04 URL: https://gitlab.winehq.org/wine/wine/-/commit/1e79217fb0c63fc53cf021fb203e282... Author: Brendan McGrath <bmcgrath(a)codeweavers.com> Date: Thu Jan 11 15:48:52 2024 +1100 d2d1: Fix double free bug when d2d_geometry_sink_Close fails. geometry->fill.bezier_vertices was being freed on the failed path in d2d_geometry_sink_Close and then again when the path geometry was released (in d2d_geometry_cleanup). By setting it to NULL after freeing it initially, all other calls to free it are a no-op. --- dlls/d2d1/geometry.c | 1 + 1 file changed, 1 insertion(+) diff --git a/dlls/d2d1/geometry.c b/dlls/d2d1/geometry.c index 9b0b7844739..3da3ad2e65b 100644 --- a/dlls/d2d1/geometry.c +++ b/dlls/d2d1/geometry.c @@ -3247,6 +3247,7 @@ done: if (FAILED(hr)) { free(geometry->fill.bezier_vertices); + geometry->fill.bezier_vertices = NULL; geometry->fill.bezier_vertex_count = 0; d2d_path_geometry_free_figures(geometry); geometry->u.path.state = D2D_GEOMETRY_STATE_ERROR;