[patch] segv on use-after-free in dsound/buffer.c
Hello! One of games rarely crashed with segv in line 86 of dsound/buffer.c: 85: IDirectSoundBuffer_Release((LPDIRECTSOUNDBUFFER)This->dsb); 86: This->dsb->notify = NULL; (sorry, I failed to save actual backtrace at the time). This looks like typical assign-after-free bug. I've applied attached patch (wine-1.1.7, now on 1.1.19), no crashes so far (btw, similar *Secodary*Release method down in code uses proper order - assign-NULL-then-release).
2009/5/23 Yuriy Kaminskiy <yumkam(a)mail.ru>:
Hello! One of games rarely crashed with segv in line 86 of dsound/buffer.c: 85: IDirectSoundBuffer_Release((LPDIRECTSOUNDBUFFER)This->dsb); 86: This->dsb->notify = NULL; (sorry, I failed to save actual backtrace at the time). This looks like typical assign-after-free bug. I've applied attached patch (wine-1.1.7, now on 1.1.19), no crashes so far (btw, similar *Secodary*Release method down in code uses proper order - assign-NULL-then-release).
Please send patches to wine-patches(a)winehq.org Thanks for helping Wine! -- -Austin
participants (2)
-
Austin English -
Yuriy Kaminskiy