[PATCH 0/1] MR1821: bcrypt: Use volatile type cast to zero magic values before free.
The compiler may optimize out the assignment before free and then second free on the bcrypt handle finds magic values in the freed memory. -- https://gitlab.winehq.org/wine/wine/-/merge_requests/1821
From: Paul Gofman <gofmanp(a)gmail.com> The compiler may optimize out the assignment before free and then second free on the bcrypt handle finds magic values in the freed memory. --- dlls/bcrypt/bcrypt_main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dlls/bcrypt/bcrypt_main.c b/dlls/bcrypt/bcrypt_main.c index 72501faf90e..d23a0328c55 100644 --- a/dlls/bcrypt/bcrypt_main.c +++ b/dlls/bcrypt/bcrypt_main.c @@ -397,7 +397,7 @@ NTSTATUS WINAPI BCryptOpenAlgorithmProvider( BCRYPT_ALG_HANDLE *handle, const WC static void destroy_object( struct object *obj ) { - obj->magic = 0; + *(volatile int *)&obj->magic = 0; free( obj ); } -- GitLab https://gitlab.winehq.org/wine/wine/-/merge_requests/1821
This merge request was approved by Hans Leidekker. -- https://gitlab.winehq.org/wine/wine/-/merge_requests/1821
Maybe something like SecureZeroMemory() would make it more explicit? -- https://gitlab.winehq.org/wine/wine/-/merge_requests/1821#note_19686
participants (4)
-
Alexandre Julliard (@julliard) -
Hans Leidekker (@hans)
-
Paul Gofman
-
Paul Gofman (@gofman)