[PATCH v3 0/1] MR4233: winmm: Fix pszSound allocation in PlaySound_Alloc().
In general, ucrtbase allocation are used here (and later ucrtbase.free for freeing memory). RtlCreateUnicodeStringFromAsciiz() is using RtlAllocateHeap(GetProcessHeap(),...) for allocation. Using ucrtbase.free() may results in freeing from a different heap which leaks the string as best or aborts the program when heap validation is enabled. -- v3: winmm: Fix pszSound allocation in PlaySound_Alloc(). https://gitlab.winehq.org/wine/wine/-/merge_requests/4233
From: Paul Gofman <pgofman(a)codeweavers.com> --- dlls/winmm/playsound.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/dlls/winmm/playsound.c b/dlls/winmm/playsound.c index 2ba2ad1e8dc..bd26bf481f3 100644 --- a/dlls/winmm/playsound.c +++ b/dlls/winmm/playsound.c @@ -231,8 +231,9 @@ static WINE_PLAYSOUND* PlaySound_Alloc(const void* pszSound, HMODULE hmod, else { UNICODE_STRING usBuffer; - RtlCreateUnicodeStringFromAsciiz(&usBuffer, pszSound); - wps->pszSound = usBuffer.Buffer; + if (!RtlCreateUnicodeStringFromAsciiz(&usBuffer, pszSound)) goto oom_error; + wps->pszSound = wcsdup(usBuffer.Buffer); + RtlFreeUnicodeString(&usBuffer); if (!wps->pszSound) goto oom_error; wps->bAlloc = TRUE; } -- GitLab https://gitlab.winehq.org/wine/wine/-/merge_requests/4233
This merge request was approved by Huw Davies. -- https://gitlab.winehq.org/wine/wine/-/merge_requests/4233
participants (3)
-
Huw Davies (@huw) -
Paul Gofman
-
Paul Gofman (@gofman)