[PATCH] gdiplus: Handle NULL elementdata.combine.left/right in delete_element
Wine-Bug: https://bugs.winehq.org/show_bug.cgi?id=52423 Signed-off-by: Konstantin Romanov <incubusrk(a)gmail.com> --- dlls/gdiplus/gdiplus.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/dlls/gdiplus/gdiplus.c b/dlls/gdiplus/gdiplus.c index 7c4c68f162f..7b0592c184c 100644 --- a/dlls/gdiplus/gdiplus.c +++ b/dlls/gdiplus/gdiplus.c @@ -473,10 +473,14 @@ void delete_element(region_element* element) case RegionDataInfiniteRect: break; default: - delete_element(element->elementdata.combine.left); - delete_element(element->elementdata.combine.right); - heap_free(element->elementdata.combine.left); - heap_free(element->elementdata.combine.right); + if(element->elementdata.combine.left){ + delete_element(element->elementdata.combine.left); + heap_free(element->elementdata.combine.left); + } + if(element->elementdata.combine.right){ + delete_element(element->elementdata.combine.right); + heap_free(element->elementdata.combine.right); + } break; } } -- 2.33.0.windows.1
Please add a test case for this, that replicates crashing call sequence.
It looks to me like the error path of clone_element could cause this, but that's not something we can really test. On Thu, Jan 20, 2022 at 5:05 AM Nikolay Sivov <nsivov(a)codeweavers.com> wrote:
Please add a test case for this, that replicates crashing call sequence.
participants (3)
-
Esme Povirk (she/they) -
Konstantin Romanov -
Nikolay Sivov