Re: urlmon: Prevent possible use of freed memory
Troy Rollo wrote:
This fixes Bugzilla bug 2969 <http://bugs.winehq.org/show_bug.cgi?id=2969>
ChangeLog: Prevent a URLMonikerImpl from being freed before its work in BindToStorage is done.
------------------------------------------------------------------------
Index: dlls/urlmon/umon.c =================================================================== RCS file: /home/wine/wine/dlls/urlmon/umon.c,v retrieving revision 1.52 diff -u -r1.52 umon.c --- dlls/urlmon/umon.c 5 May 2005 09:50:46 -0000 1.52 +++ dlls/urlmon/umon.c 21 May 2005 23:57:36 -0000 @@ -456,6 +456,13 @@ *ppvObject = (void *) This->pstrCache; IStream_AddRef((IStream *) This->pstrCache);
+ /* We are about to start calling back into the application. It is + * possible that the application will release its reference to us in + * these callbacks, so we need to add a reference to This to make sure the + * URLMonikerImpl is not freed before we reach the end of this method. + */
The right solution is separating IBinding and IMoniker interfaces. They shouldn't be implemented in the same object. I'll send the patch. Jacek
On Sun, 22 May 2005 20:24, Jacek Caban wrote:
The right solution is separating IBinding and IMoniker interfaces. They shouldn't be implemented in the same object. I'll send the patch.
There is potential for the problem to re-occur when asynchronous binding is implemented. A comment warning of the potential issue would be helpful in there somewhere.
participants (2)
-
Jacek Caban -
Troy Rollo