Dustin Navea wrote:
Rob Shearman wrote:
The problem was a heap overrun in quartz. The bug was fixed. I haven't seen any more reports of this problem with cvs Wine.
Ok, thanks. He is having to use the jan copy to regression test. Could you provide me a link to the cvs patch that fixed it so he can download it and apply it to the jan copy, since he is doing a regression test? That way he can have a proper test.
Mike Hearn mh@codeweavers.com Fix heap corruption in quartz server registration, add some whitespace, break out of loop if out of memory
--- dlls/quartz/regsvr.c (revision 109) +++ dlls/quartz/regsvr.c (local) @@ -577,7 +577,6 @@ static HRESULT register_filters(struct r IFilterMapper2* pFM2 = NULL;
CoInitialize(NULL); - hr = CoCreateInstance(&CLSID_FilterMapper2, NULL, CLSCTX_INPROC_SERVER, &IID_IFilterMapper2, (LPVOID*)&pFM2);
if (SUCCEEDED(hr)) { @@ -585,6 +584,7 @@ static HRESULT register_filters(struct r REGFILTER2 rf2; REGFILTERPINS2* prfp2; int i; + for (i = 0; list->pins[i].flags != 0xFFFFFFFF; i++) ; rf2.dwVersion = 2; rf2.dwMerit = list->merit; @@ -598,6 +598,7 @@ static HRESULT register_filters(struct r REGPINTYPES* lpMediatype; CLSID* lpClsid; int j, nbmt; + for (nbmt = 0; list->pins[i].mediatypes[nbmt].majortype; nbmt++) ; /* Allocate a single buffer for regpintypes struct and clsids */ lpMediatype = (REGPINTYPES*) CoTaskMemAlloc(nbmt*(sizeof(REGPINTYPES) + 2*sizeof(CLSID))); @@ -627,10 +628,17 @@ static HRESULT register_filters(struct r prfp2[i].clsPinCategory = NULL; }
+ if (FAILED(hr)) { + ERR("failed to register with hresult 0x%lx\n", hr); + break; + } + hr = IFilterMapper2_RegisterFilter(pFM2, list->clsid, list->name, NULL, list->category, NULL, &rf2);
- while (i--) + while (i) { CoTaskMemFree((REGPINTYPES*)prfp2[i-1].lpMediaType); + i--; + } CoTaskMemFree(prfp2); } }