msvcrt*: fix double-free and memory leak in type_info destructor
(spotted by toying with the gcc's static analyzer)
Signed-off-by: Eric Pouech eric.pouech@gmail.com
--- dlls/msvcp90/cxx.h | 2 +- dlls/msvcrt/cxx.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/dlls/msvcp90/cxx.h b/dlls/msvcp90/cxx.h index 29854d16bab..701ab02fc05 100644 --- a/dlls/msvcp90/cxx.h +++ b/dlls/msvcp90/cxx.h @@ -457,7 +457,7 @@ void * __thiscall type_info_vector_dtor(type_info * _this, unsigned int flags) \ /* we have an array, with the number of elements stored before the first object */ \ INT_PTR i, *ptr = (INT_PTR *)_this - 1; \ \ - for (i = *ptr - 1; i >= 0; i--) free(_this->name); \ + for (i = *ptr - 1; i >= 0; i--) free(_this[i].name); \ free(ptr); \ } \ else \ diff --git a/dlls/msvcrt/cxx.h b/dlls/msvcrt/cxx.h index 1a5442725ef..cacbb1524b6 100644 --- a/dlls/msvcrt/cxx.h +++ b/dlls/msvcrt/cxx.h @@ -291,7 +291,7 @@ void * __thiscall type_info_vector_dtor(type_info * _this, unsigned int flags) \ /* we have an array, with the number of elements stored before the first object */ \ INT_PTR i, *ptr = (INT_PTR *)_this - 1; \ \ - for (i = *ptr - 1; i >= 0; i--) free(_this->name); \ + for (i = *ptr - 1; i >= 0; i--) free(_this[i].name); \ free(ptr); \ } \ else \
The subject is broken, except of that the patch looks good for me.
Signed-off-by: Piotr Caban piotr@codeweavers.com
On 12/16/21 19:06, Eric Pouech wrote:
msvcrt*: fix double-free and memory leak in type_info destructor
(spotted by toying with the gcc's static analyzer)
Signed-off-by: Eric Pouech eric.pouech@gmail.com
dlls/msvcp90/cxx.h | 2 +- dlls/msvcrt/cxx.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/dlls/msvcp90/cxx.h b/dlls/msvcp90/cxx.h index 29854d16bab..701ab02fc05 100644 --- a/dlls/msvcp90/cxx.h +++ b/dlls/msvcp90/cxx.h @@ -457,7 +457,7 @@ void * __thiscall type_info_vector_dtor(type_info * _this, unsigned int flags) \ /* we have an array, with the number of elements stored before the first object */ \ INT_PTR i, *ptr = (INT_PTR *)_this - 1; \ \
for (i = *ptr - 1; i >= 0; i--) free(_this->name); \
for (i = *ptr - 1; i >= 0; i--) free(_this[i].name); \ free(ptr); \ } \ else \diff --git a/dlls/msvcrt/cxx.h b/dlls/msvcrt/cxx.h index 1a5442725ef..cacbb1524b6 100644 --- a/dlls/msvcrt/cxx.h +++ b/dlls/msvcrt/cxx.h @@ -291,7 +291,7 @@ void * __thiscall type_info_vector_dtor(type_info * _this, unsigned int flags) \ /* we have an array, with the number of elements stored before the first object */ \ INT_PTR i, *ptr = (INT_PTR *)_this - 1; \ \
for (i = *ptr - 1; i >= 0; i--) free(_this->name); \
for (i = *ptr - 1; i >= 0; i--) free(_this[i].name); \ free(ptr); \ } \ else \
-
Eric Pouech -
Piotr Caban