[PATCH 0/1] MR10802: windows.ui.core.textinput: Move Release below check_interface.
Followup to 3594073f1b. This is to avoid accessing already freed memory. CC: @alesliehughes, Do you see any problem in moving the release that way? [Test pattern page](https://test.winehq.org/data/patterns.html#windows.ui.core.textinput:textinp...) <details> <summary>ASan details [gitlab run](https://gitlab.winehq.org/bernhardu/wine/-/jobs/261890#L2498) </summary> ``` ==windows.ui.core.textinput_test.exe==1836==ERROR: AddressSanitizer: heap-use-after-free on address 0x1005401201b0 at pc 0x000140003395 bp 0x7ffffe20f9a0 sp 0x7ffffe20f9e8 READ of size 8 at 0x1005401201b0 thread T0 #0 0x000140003394 in _check_interface /builds/bernhardu/wine/build64/../dlls/windows.ui.core.textinput/tests/textinput.c:45:10 #1 0x000140001f9e in test_CoreTextServicesManager /builds/bernhardu/wine/build64/../dlls/windows.ui.core.textinput/tests/textinput.c:162:5 #2 0x000140001068 in func_textinput /builds/bernhardu/wine/build64/../dlls/windows.ui.core.textinput/tests/textinput.c:183:5 #3 0x000140005bd2 in run_test /builds/bernhardu/wine/build64/../include/wine/test.h:780:5 #4 0x00014000564c in main /builds/bernhardu/wine/build64/../include/wine/test.h 0x1005401201b0 is located 0 bytes inside of 16-byte region [0x1005401201b0,0x1005401201c0) freed by thread T0 here: #0 0x6ffffe81da11 in free /home/runner/work/llvm-mingw/llvm-mingw/llvm-project/compiler-rt/lib/asan/asan_malloc_win.cpp:78:3 #1 0x6ffffba254cc in core_text_services_manager_Release /builds/bernhardu/wine/build64/../dlls/windows.ui.core.textinput/services.c:168:9 #2 0x000140004446 in __x_ABI_CWindows_CUI_CText_CCore_CICoreTextServicesManager_Release /builds/bernhardu/wine/build64/include/windows.ui.text.core.h:4311:12 #3 0x000140001f7c in test_CoreTextServicesManager /builds/bernhardu/wine/build64/../dlls/windows.ui.core.textinput/tests/textinput.c:160:5 #4 0x000140001068 in func_textinput /builds/bernhardu/wine/build64/../dlls/windows.ui.core.textinput/tests/textinput.c:183:5 #5 0x000140005bd2 in run_test /builds/bernhardu/wine/build64/../include/wine/test.h:780:5 #6 0x00014000564c in main /builds/bernhardu/wine/build64/../include/wine/test.h previously allocated by thread T0 here: #0 0x6ffffe81dc36 in calloc /home/runner/work/llvm-mingw/llvm-mingw/llvm-project/compiler-rt/lib/asan/asan_malloc_win.cpp:98:3 #1 0x6ffffba24ff2 in core_text_services_manager_statics_GetForCurrentView /builds/bernhardu/wine/build64/../dlls/windows.ui.core.textinput/services.c:239:21 #2 0x0001400043e7 in __x_ABI_CWindows_CUI_CText_CCore_CICoreTextServicesManagerStatics_GetForCurrentView /builds/bernhardu/wine/build64/include/windows.ui.text.core.h:1526:12 #3 0x000140001f1b in test_CoreTextServicesManager /builds/bernhardu/wine/build64/../dlls/windows.ui.core.textinput/tests/textinput.c:158:10 #4 0x000140001068 in func_textinput /builds/bernhardu/wine/build64/../dlls/windows.ui.core.textinput/tests/textinput.c:183:5 #5 0x000140005bd2 in run_test /builds/bernhardu/wine/build64/../include/wine/test.h:780:5 #6 0x00014000564c in main /builds/bernhardu/wine/build64/../include/wine/test.h SUMMARY: AddressSanitizer: heap-use-after-free /builds/bernhardu/wine/build64/../dlls/windows.ui.core.textinput/tests/textinput.c:45:10 in _check_interface ``` </details> -- https://gitlab.winehq.org/wine/wine/-/merge_requests/10802
From: Bernhard Übelacker <bernhardu@mailbox.org> Followup to 3594073f1b. Found by ASan. --- dlls/windows.ui.core.textinput/tests/textinput.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dlls/windows.ui.core.textinput/tests/textinput.c b/dlls/windows.ui.core.textinput/tests/textinput.c index 1cc38f236c9..29b7496d1bb 100644 --- a/dlls/windows.ui.core.textinput/tests/textinput.c +++ b/dlls/windows.ui.core.textinput/tests/textinput.c @@ -157,7 +157,6 @@ static void test_CoreTextServicesManager(void) hr = ICoreTextServicesManagerStatics_GetForCurrentView(core_text_manager_stat, &core_text_manager); ok(hr == S_OK, "Got unexpected hr %#lx.\n", hr); - ICoreTextServicesManager_Release(core_text_manager); check_interface(core_text_manager, &IID_IUnknown, TRUE); check_interface(core_text_manager, &IID_IInspectable, TRUE); @@ -165,6 +164,7 @@ static void test_CoreTextServicesManager(void) check_interface(core_text_manager, &IID_ICoreTextServicesManagerStatics, FALSE); check_interface(core_text_manager, &IID_ICoreTextServicesManager, TRUE); + ICoreTextServicesManager_Release(core_text_manager); ref = ICoreTextServicesManagerStatics_Release(core_text_manager_stat); ok(ref == 2, "Got unexpected refcount %ld.\n", ref); ref = IActivationFactory_Release(factory); -- GitLab https://gitlab.winehq.org/wine/wine/-/merge_requests/10802
It was an over site by me. Thanks. -- https://gitlab.winehq.org/wine/wine/-/merge_requests/10802#note_138632
This merge request was approved by Alistair Leslie-Hughes. -- https://gitlab.winehq.org/wine/wine/-/merge_requests/10802
participants (3)
-
Alistair Leslie-Hughes (@alesliehughes) -
Bernhard Übelacker
-
Bernhard Übelacker (@bernhardu)