[PATCH 0/1] MR3097: sane: Fix use after free in create_item (scan-build). - Wine-gitlab - list.winehq.org

newer
[PATCH 0/1] MR3104: win32u: Add...

[PATCH 0/1] MR3097: sane: Fix use after free in create_item (scan-build).

older
[PATCH 0/1] MR3093: gdiplus: Allow...

Alex Henrie (＠alexhenrie)

19 Jun 2023 19 Jun '23

4 a.m.

realloc may free lead_static. -- https://gitlab.winehq.org/wine/wine/-/merge_requests/3097

Reply

Sign in to reply online Use email software

Show replies by date

Alex Henrie

19 Jun 19 Jun

4 a.m.

New subject: [PATCH 1/1] sane: Fix use after free in create_item (scan-build).

From: Alex Henrie <alexhenrie24(a)gmail.com> realloc may free lead_static. --- dlls/sane.ds/ui.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dlls/sane.ds/ui.c b/dlls/sane.ds/ui.c index e66526a088e..6d67f35d389 100644 --- a/dlls/sane.ds/ui.c +++ b/dlls/sane.ds/ui.c @@ -257,7 +257,7 @@ static int create_item(HDC hdc, const struct option_descriptor *opt, tpl->style=styles; tpl->dwExtendedStyle = 0; if (lead_static) - tpl->x = lead_static->x + lead_static->cx + 1; + tpl->x = rc->x + rc->cx + 1; else if (opt->type == TYPE_GROUP) tpl->x = 2; else -- GitLab https://gitlab.winehq.org/wine/wine/-/merge_requests/3097

Reply

Sign in to reply online Use email software

Esme Povirk (＠madewokherd)

5:54 p.m.

lead_static is used again just a few lines later, I assume it's still invalid. -- https://gitlab.winehq.org/wine/wine/-/merge_requests/3097#note_36137

Reply

Sign in to reply online Use email software

915

Age (days ago)

915

Last active (days ago)

Download

2 comments

3 participants

tags

participants (3)

Alex Henrie
Alex Henrie (＠alexhenrie)
Esme Povirk (＠madewokherd)