12 Jun
2023
12 Jun
'23
12:02 p.m.
Piotr Caban (@piotr) commented about programs/services/services.c:
service->status.dwCurrentState = SERVICE_STOPPED; service->process = NULL; if (!--process->use_count) process_terminate(process); - release_process(process);
I don't see use after free error here. process_entry reference is stored in 2 places - in process variable and in service->process. Since The code is setting service->process to NULL it needs to decrease the reference counter. Later we're freeing process variable so another release_process call is needed. I guess the tool doesn't know that process == service->process. -- https://gitlab.winehq.org/wine/wine/-/merge_requests/3040#note_35441