Nikolay Sivov : dwrite: Fix cache entry use-after-free (Valgrind). - wine-commits

20 Jul 2017

Module: wine
Branch: master
Commit: addd8e69ff09e8620aa3c9c2120d2161df478ac2
URL:    http://source.winehq.org/git/wine.git/?a=commit;h=addd8e69ff09e8620aa3c9c212...
Author: Nikolay Sivov nsivov@codeweavers.com
Date:   Thu Jul 20 19:47:33 2017 +0300
dwrite: Fix cache entry use-after-free (Valgrind).
Signed-off-by: Nikolay Sivov nsivov@codeweavers.com
Signed-off-by: Alexandre Julliard julliard@winehq.org
---
dlls/dwrite/dwrite_private.h | 1 +
 dlls/dwrite/font.c           | 6 ++++++
 dlls/dwrite/main.c           | 1 +
 3 files changed, 8 insertions(+)

diff --git a/dlls/dwrite/dwrite_private.h b/dlls/dwrite/dwrite_private.h
index 9530399..57731a9 100644
--- a/dlls/dwrite/dwrite_private.h
+++ b/dlls/dwrite/dwrite_private.h
@@ -198,6 +198,7 @@ extern void factory_release_cached_fontface(struct fontfacecached*) DECLSPEC_HID
 extern void    get_logfont_from_font(IDWriteFont*,LOGFONTW*) DECLSPEC_HIDDEN;
 extern void    get_logfont_from_fontface(IDWriteFontFace*,LOGFONTW*) DECLSPEC_HIDDEN;
 extern HRESULT create_gdiinterop(IDWriteFactory5*,IDWriteGdiInterop1**) DECLSPEC_HIDDEN;
+extern void fontface_detach_from_cache(IDWriteFontFace4*) DECLSPEC_HIDDEN;
/* Opentype font table functions */
 struct dwrite_font_props {
diff --git a/dlls/dwrite/font.c b/dlls/dwrite/font.c
index 6862d7b..be0131a 100644
--- a/dlls/dwrite/font.c
+++ b/dlls/dwrite/font.c
@@ -443,6 +443,12 @@ static void release_fontfamily_data(struct dwrite_fontfamily_data *data)
     heap_free(data);
 }
+void fontface_detach_from_cache(IDWriteFontFace4 *iface)
+{
+    struct dwrite_fontface *fontface = impl_from_IDWriteFontFace4(iface);
+    fontface->cached = NULL;
+}
+
 static HRESULT WINAPI dwritefontface_QueryInterface(IDWriteFontFace4 *iface, REFIID riid, void **obj)
 {
     struct dwrite_fontface *This = impl_from_IDWriteFontFace4(iface);
diff --git a/dlls/dwrite/main.c b/dlls/dwrite/main.c
index c822781..36d8613 100644
--- a/dlls/dwrite/main.c
+++ b/dlls/dwrite/main.c
@@ -566,6 +566,7 @@ static void release_fontface_cache(struct list *fontfaces)
LIST_FOR_EACH_ENTRY_SAFE(fontface, fontface2, fontfaces, struct fontfacecached, entry) {
         list_remove(&fontface->entry);
+        fontface_detach_from_cache(fontface->fontface);
         heap_free(fontface);
     }
 }

    