http://bugs.winehq.org/show_bug.cgi?id=28697
Bug #: 28697 Summary: ieframe/tests/ie.ok: Use-after-free (after ImageList_ReplaceIcon) Product: Wine Version: 1.3.30 Platform: x86 OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: -unknown AssignedTo: wine-bugs@winehq.org ReportedBy: dank@kegel.com Classification: Unclassified
In ieframe/tests, while doing 'make ie.ok', valgrind complained:
Invalid read of size 4 at memcpy (mc_replace_strmem.c:635) by xbuf_add (tmarshal.c:107) by serialize_param (tmarshal.c:688) by serialize_param (tmarshal.c:793) by TMStubImpl_Invoke (tmarshal.c:2112) by RPC_ExecuteCall (rpc.c:1417) by apartment_wndproc (compobj.c:1007) by ??? (in dlls/user32/user32.dll.so) by call_window_proc (winproc.c:242) by WINPROC_call_window (winproc.c:899) by DispatchMessageW (message.c:3809) by IEWinMain (iexplore.c:1051) by WinMain (main.c:81) by main (exe_main.c:48) Address 0x7f041418 is 64 bytes inside a block of size 168 free'd at RtlFreeHeap (heap.c:262) by X11DRV_DeleteDC (init.c:200) by free_dc_ptr (dc.c:186) by DeleteDC (dc.c:801) by nulldrv_StretchDIBits (dib.c:446) by StretchDIBits (dib.c:474) by add_with_alpha (imagelist.c:225) by ImageList_ReplaceIcon (imagelist.c:2508) by SIC_IconAppend (iconcache.c:284) by SIC_Initialize (iconcache.c:428) by DllMain (shell32_main.c:1200) by __wine_spec_dll_entry (dll_entry.c:40) by ??? (in dlls/ntdll/ntdll.dll.so) by MODULE_InitDLL (loader.c:978) by process_attach (loader.c:1067)