[PATCH v2 0/1] MR3097: sane: Fix use after free in create_item (scan-build).
realloc may free lead_static. -- v2: sane: Fix use after free in create_item (scan-build). https://gitlab.winehq.org/wine/wine/-/merge_requests/3097
From: Alex Henrie <alexhenrie24(a)gmail.com> realloc may free lead_static. --- dlls/sane.ds/ui.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dlls/sane.ds/ui.c b/dlls/sane.ds/ui.c index e66526a088e..f5ce43c086f 100644 --- a/dlls/sane.ds/ui.c +++ b/dlls/sane.ds/ui.c @@ -257,7 +257,7 @@ static int create_item(HDC hdc, const struct option_descriptor *opt, tpl->style=styles; tpl->dwExtendedStyle = 0; if (lead_static) - tpl->x = lead_static->x + lead_static->cx + 1; + tpl->x = rc->x + rc->cx + 1; else if (opt->type == TYPE_GROUP) tpl->x = 2; else @@ -274,7 +274,7 @@ static int create_item(HDC hdc, const struct option_descriptor *opt, else { if (lead_static) - tpl->cy = lead_static->cy; + tpl->cy = rc->cy; else tpl->cy = 15; -- GitLab https://gitlab.winehq.org/wine/wine/-/merge_requests/3097
On Tue Jun 20 02:56:31 2023 +0000, Esme Povirk wrote:
lead_static is used again just a few lines later, I assume it's still invalid. Yes it is. Good catch!
-- https://gitlab.winehq.org/wine/wine/-/merge_requests/3097#note_36204
This merge request was approved by Esme Povirk. -- https://gitlab.winehq.org/wine/wine/-/merge_requests/3097
participants (3)
-
Alex Henrie -
Alex Henrie (@alexhenrie)
-
Esme Povirk (@madewokherd)