[Bug 2848] New: possible memory leak in dlls/user/user16.c, function DragObject16 - wine-bugs

4 Apr 2005


      http://bugs.winehq.org/show_bug.cgi?id=2848
Summary: possible memory leak in dlls/user/user16.c, function
                    DragObject16
           Product: Wine
           Version: 20050310
          Platform: PC
        OS/Version: Linux
            Status: UNCONFIRMED
          Severity: minor
          Priority: P2
         Component: wine-gui
        AssignedTo: wine-bugs@winehq.org
        ReportedBy: kremenek@cs.stanford.edu
I am a research with the Stanford Checking group.
I am running some experiments on Wine using our static checking framework.  Here
is a possible bug we found with our tool:
In file dlls/user/user16.c:
LINE 1162:
--> hBummer is assigned a pointer return from LoadCursorA.  Because it
--> transitively loads an icon with the LR_SHARED flag, it returns an object
--> that has a reference count.
if (!(hBummer = LoadCursorA(0, MAKEINTRESOURCEA(OCR_NO))))
    {
        GlobalFree16(hDragInfo);
        return 0L;
    }
...
LINE: 1189
    /* update DRAGINFO struct */
    if( DRAG_QueryUpdate16(WIN_Handle32(hwndScope), spDragInfo) > 0 )
        hCurrentCursor = HCURSOR_32(hCursor);
    else
        {
--> Here hBummer is assigned to hCurrentCursor.  On the other branch, however,
--> it is not assigned and the value is never used assigned later.
hCurrentCursor = hBummer;
            lpDragInfo->hScope = 0;
    }
    if( hCurrentCursor )
        SetCursor(hCurrentCursor);
COMMENT: This appears to result in a memory leak, since a reference count
is incremented, even if the address in hBummer is never later stored.  It
could be possible this is allocated from an arena; I cannot tell.  I am
not very familiar with the Wine codebase.
-- 
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.