From: Dmitry Timoshkov <dmitry@baikal.ru> A buggy application does something like this: PCCERT_CONTEXT cert, prev = NULL; while ((cert = CertEnumCertificatesInStore(store, prev))) { do_something_with_cert(cert); CertFreeCertificateContext(cert); prev = cert; } CertCloseStore(store); <= assert(!cert->ref) beacuse cert->ref == -1 which leads to a crash because of an assert(). Similar code works under Windows, however it's not clear how this could be properly added as a test case because of potential use after free. Also, adding a 'prev->ref' check to Context_Release() doesn't seem to be correct since Context_Release() is used outside of the lock in other callers. Signed-off-by: Dmitry Timoshkov <dmitry@baikal.ru> --- dlls/crypt32/store.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dlls/crypt32/store.c b/dlls/crypt32/store.c index 54b16ab8fa1..bca4dfd2986 100644 --- a/dlls/crypt32/store.c +++ b/dlls/crypt32/store.c @@ -219,7 +219,7 @@ static context_t *MemStore_enumContext(WINE_MEMSTORE *store, struct list *list, EnterCriticalSection(&store->cs); if (prev) { next = list_next(list, &prev->u.entry); - Context_Release(prev); + if (prev->ref) Context_Release(prev); }else { next = list_head(list); } -- GitLab https://gitlab.winehq.org/wine/wine/-/merge_requests/10439