From: Andrew Nguyen arethusa26@gmail.com
When ddraw_texture_init needs to clean up on failure, it will call the wined3d_texture_get_sub_resource_parent function on draw_texture in order to retrieve its parent for a IDirectDrawSurface release call. However, if draw_texture is NULL, then the function call will crash due to a null pointer dereference.
Therefore, on failure cleanup, the release operation on the texture parent should only be performed if draw_texture is not NULL.
This fixes a crash in the Virtual Insanity game demo. --- dlls/ddraw/surface.c | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-)
diff --git a/dlls/ddraw/surface.c b/dlls/ddraw/surface.c index d0c4bf67cbc..a096c5d7d8e 100644 --- a/dlls/ddraw/surface.c +++ b/dlls/ddraw/surface.c @@ -6519,15 +6519,17 @@ static HRESULT ddraw_texture_init(struct ddraw_texture *texture, struct ddraw *d
fail: if (draw_texture) + { wined3d_texture_decref(draw_texture);
- parent = wined3d_texture_get_sub_resource_parent(draw_texture, 0); - if (texture->version == 7) - IDirectDrawSurface7_Release(&parent->IDirectDrawSurface7_iface); - else if (texture->version == 4) - IDirectDrawSurface4_Release(&parent->IDirectDrawSurface4_iface); - else - IDirectDrawSurface_Release(&parent->IDirectDrawSurface_iface); + parent = wined3d_texture_get_sub_resource_parent(draw_texture, 0); + if (texture->version == 7) + IDirectDrawSurface7_Release(&parent->IDirectDrawSurface7_iface); + else if (texture->version == 4) + IDirectDrawSurface4_Release(&parent->IDirectDrawSurface4_iface); + else + IDirectDrawSurface_Release(&parent->IDirectDrawSurface_iface); + } return hr; }