Alex Villacís Lasso wrote:
Lately, all VB6 applications crash on exit. This weekend, I found the cause. Apparently the VB6 runtime creates a standard OLEFont object, and then calls IFont::clone() on it to get a second object. At exit, the VB6 runtime disposes of both objects. However, the recent OLEFont changes introduced a bug in which the cloning fails to clone the connection points associated with the object. Therefore the dispose of one of the objects frees the connection points, and the dispose of the second object crashes on attempt to dispose an already-freed object.
Changelog:
- Create new empty connection points on clone of OLEFont
Alex Villacís Lasso
--- wine-0.9.8-cvs/dlls/oleaut32/olefont.c 2006-02-14 10:38:35.000000000 -0500 +++ wine-0.9.8-cvs-patch/dlls/oleaut32/olefont.c 2006-02-18 18:40:01.000000000 -0500 @@ -1113,6 +1113,19 @@ /* The cloned object starts with a reference count of 1 */ newObject->ref = 1;
/* We need to clone the connection points too. */
/* FIXME: should we just add a reference to the (shared) connection points? */
newObject->pPropertyNotifyCP = NULL;
newObject->pFontEventsCP = NULL;
CreateConnectionPoint((IUnknown*)newObject, &IID_IPropertyNotifySink, &newObject->pPropertyNotifyCP);
CreateConnectionPoint((IUnknown*)newObject, &IID_IFontEventsDisp, &newObject->pFontEventsCP);
if (!newObject->pPropertyNotifyCP || !newObject->pFontEventsCP)
{
OLEFontImpl_Destroy(newObject);
return E_OUTOFMEMORY;
}
*ppfont = (IFont*)newObject;
return S_OK;
Is there anything wrong with this patch? Not applied, and nobody has commented on it either.
Alex Villacís Lasso
-
Alex Villacís Lasso