[PATCH 0/1] MR4233: winmm: Fix pszSound allocation in PlaySound_Alloc().
In general, ucrtbase allocation are used here (and later ucrtbase.free for freeing memory). RtlCreateUnicodeStringFromAsciiz() is using RtlAllocateHeap(GetProcessHeap(),...) for allocation. Using ucrtbase.free() may results in freeing from a different heap which leaks the string as best or aborts the program when heap validation is enabled. -- https://gitlab.winehq.org/wine/wine/-/merge_requests/4233
From: Paul Gofman <pgofman(a)codeweavers.com> --- dlls/winmm/playsound.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/dlls/winmm/playsound.c b/dlls/winmm/playsound.c index 2ba2ad1e8dc..1183a72aa7c 100644 --- a/dlls/winmm/playsound.c +++ b/dlls/winmm/playsound.c @@ -231,8 +231,9 @@ static WINE_PLAYSOUND* PlaySound_Alloc(const void* pszSound, HMODULE hmod, else { UNICODE_STRING usBuffer; - RtlCreateUnicodeStringFromAsciiz(&usBuffer, pszSound); - wps->pszSound = usBuffer.Buffer; + if (!RtlCreateUnicodeStringFromAsciiz(&usBuffer, pszSound)) goto oom_error; + wps->pszSound = wcsdup(usBuffer.Buffer); + HeapFree(GetProcessHeap(), 0, usBuffer.Buffer); if (!wps->pszSound) goto oom_error; wps->bAlloc = TRUE; } -- GitLab https://gitlab.winehq.org/wine/wine/-/merge_requests/4233
participants (2)
-
Paul Gofman -
Paul Gofman (@gofman)