Brendan McGrath : d2d1: Fix double free bug when d2d_geometry_sink_Close fails. - wine-commits

26 Jan 2024

Module: wine
Branch: master
Commit: 1e79217fb0c63fc53cf021fb203e282b1bae3b04
URL:    https://gitlab.winehq.org/wine/wine/-/commit/1e79217fb0c63fc53cf021fb203e282...
Author: Brendan McGrath bmcgrath@codeweavers.com
Date:   Thu Jan 11 15:48:52 2024 +1100
d2d1: Fix double free bug when d2d_geometry_sink_Close fails.
geometry->fill.bezier_vertices was being freed on the failed path in
d2d_geometry_sink_Close and then again when the path geometry was
released (in d2d_geometry_cleanup).
By setting it to NULL after freeing it initially, all other calls
to free it are a no-op.
---
dlls/d2d1/geometry.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/dlls/d2d1/geometry.c b/dlls/d2d1/geometry.c
index 9b0b7844739..3da3ad2e65b 100644
--- a/dlls/d2d1/geometry.c
+++ b/dlls/d2d1/geometry.c
@@ -3247,6 +3247,7 @@ done:
     if (FAILED(hr))
     {
         free(geometry->fill.bezier_vertices);
+        geometry->fill.bezier_vertices = NULL;
         geometry->fill.bezier_vertex_count = 0;
         d2d_path_geometry_free_figures(geometry);
         geometry->u.path.state = D2D_GEOMETRY_STATE_ERROR;

    