New subject: [Bug 28632] dlls/winealsa.drv/mmdevdrv.c!AUDDRV_GetAudioEndpoint:use-after-free on error exit path

9 Oct 2011


      http://bugs.winehq.org/show_bug.cgi?id=28632
Bug #: 28632
           Summary: dlls/winealsa.drv/mmdevdrv.c!AUDDRV_GetAudioEndpoint:u
                    se-after-free on error exit path
           Product: Wine
           Version: 1.3.29
          Platform: x86
        OS/Version: Linux
            Status: UNCONFIRMED
          Severity: trivial
          Priority: P3
         Component: winealsa.drv
        AssignedTo: wine-bugs@winehq.org
        ReportedBy: wine.8eaf7cd8e5128d8191fe@spamgourmet.com
    Classification: Unclassified
In dlls/winealsa.drv/mmdevdrv.c!AUDDRV_GetAudioEndpoint, the error exit path
for failure to allocate This->hw_params frees This, then calls snd_pcm_close on
This->pcm_handle.  This is lines 625-626 in commit
c9a8d3bd8906932130cd98b667574031895f83f0, the value of master at the time of
this writing.  This is unlikely to cause problems in regular usage, since it
only occurs on failure to HeapAlloc hw_params and accesses the freed memory
immediately after freeing it.  However, as a use-after-free, it is worth fixing
on principle.
This was found accidentally via code inspection while trying (unsuccessfully)
to understand why Wine 1.3.28's ALSA code acquires exclusive access to the
output device.  However, the use-after-free is still present in master.
-- 
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.

[Bug 28632] New: dlls/winealsa.drv/mmdevdrv.c!AUDDRV_GetAudioEndpoint:use-after-free on error exit path