realloc may free lead_static.
-- v2: sane: Fix use after free in create_item (scan-build).
From: Alex Henrie alexhenrie24@gmail.com
realloc may free lead_static. --- dlls/sane.ds/ui.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/dlls/sane.ds/ui.c b/dlls/sane.ds/ui.c index e66526a088e..f5ce43c086f 100644 --- a/dlls/sane.ds/ui.c +++ b/dlls/sane.ds/ui.c @@ -257,7 +257,7 @@ static int create_item(HDC hdc, const struct option_descriptor *opt, tpl->style=styles; tpl->dwExtendedStyle = 0; if (lead_static) - tpl->x = lead_static->x + lead_static->cx + 1; + tpl->x = rc->x + rc->cx + 1; else if (opt->type == TYPE_GROUP) tpl->x = 2; else @@ -274,7 +274,7 @@ static int create_item(HDC hdc, const struct option_descriptor *opt, else { if (lead_static) - tpl->cy = lead_static->cy; + tpl->cy = rc->cy; else tpl->cy = 15;
On Tue Jun 20 02:56:31 2023 +0000, Esme Povirk wrote:
lead_static is used again just a few lines later, I assume it's still invalid.
Yes it is. Good catch!
This merge request was approved by Esme Povirk.
-
Alex Henrie -
Alex Henrie (@alexhenrie)
-
Esme Povirk (@madewokherd)