From: Yuan Yao yaoyuan.0553@bytedance.com
The reference count of host is supposed to go up by one in netconn_create. The missing increment causes error handling paths where netconn_close or release_host is called to prematurely decrement the ref count of host to zero. --- dlls/winhttp/request.c | 3 +++ 1 file changed, 3 insertions(+)
diff --git a/dlls/winhttp/request.c b/dlls/winhttp/request.c index 64f70b61a96..f6f6be38b7f 100644 --- a/dlls/winhttp/request.c +++ b/dlls/winhttp/request.c @@ -1635,6 +1635,9 @@ static DWORD open_connection( struct request *request ) len = lstrlenW( addressW ) + 1; send_callback( &request->hdr, WINHTTP_CALLBACK_STATUS_CONNECTING_TO_SERVER, addressW, len );
+ EnterCriticalSection( &connection_pool_cs ); + ++host->ref; + LeaveCriticalSection( &connection_pool_cs ); if ((ret = netconn_create( host, &connect->sockaddr, request->connect_timeout, &netconn ))) { free( addressW );