[Bug 38764] Improper device request/IRP handling causes heap corruption in wineserver

15 Jun 2015


      https://bugs.winehq.org/show_bug.cgi?id=38764
Sebastian Lackner sebastian@fds-team.de changed:
What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |sebastian@fds-team.de
--- Comment #2 from Sebastian Lackner sebastian@fds-team.de ---
Created attachment 51699
  --> https://bugs.winehq.org/attachment.cgi?id=51699
Proposed patch
The problem occurs because the set_irp_result function assumes, that irp->file
has a refcount greater than 1, which is not always the case.
The call to 'release_object( file );' can destroy the associated file, but
later 'list_remove( &irp->dev_entry );' is executed which assumes that the file
still exists.
After ensuring that the patch doesn't have any unintentional side effects I'll
send it to wine-patches.
-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

[Bug 38764] Improper device request/IRP handling causes heap corruption in wineserver