Fix an incorrect decref in the winebth.sys DBus code leading to memory corruption, and a potential HANDLE leak in bluetoothapis.
From: Vibhav Pant vibhavp@gmail.com
--- dlls/winebth.sys/dbus.c | 1 - 1 file changed, 1 deletion(-)
diff --git a/dlls/winebth.sys/dbus.c b/dlls/winebth.sys/dbus.c index 3c0c21460fd..8b24ea25605 100644 --- a/dlls/winebth.sys/dbus.c +++ b/dlls/winebth.sys/dbus.c @@ -1295,7 +1295,6 @@ static void bluez_device_pair_callback( DBusPendingCall *pending, void *param ) bluez_event_list_queue_new_event( &data->watcher_ctx->event_list, BLUETOOTH_WATCHER_EVENT_TYPE_PAIRING_FINISHED, event ); p_dbus_message_unref( reply ); - p_dbus_pending_call_unref( pending ); }
NTSTATUS bluez_device_start_pairing( void *connection, void *watcher_ctx, struct unix_name *device, IRP *irp )
From: Vibhav Pant vibhavp@gmail.com
--- dlls/bluetoothapis/main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/dlls/bluetoothapis/main.c b/dlls/bluetoothapis/main.c index d18306d1f58..a77f1a688e4 100644 --- a/dlls/bluetoothapis/main.c +++ b/dlls/bluetoothapis/main.c @@ -1151,8 +1151,8 @@ DWORD WINAPI BluetoothAuthenticateDeviceEx( HWND parent, HANDLE handle_radio, BL ret = GetLastError(); if (ret == ERROR_IO_PENDING) ret = GetOverlappedResult( handle_radio, &ovl, &bytes, TRUE ); - CloseHandle( ovl.hEvent ); } + CloseHandle( ovl.hEvent );
return ret; }
Jinoh Kang (@iamahuman) commented about dlls/bluetoothapis/main.c:
if (ret) { ReleaseSRWLockExclusive( &bluetooth_auth_lock ); return ret;
You're missing CloseHandle(ovl.hEvent) here.
Jinoh Kang (@iamahuman) commented about dlls/bluetoothapis/main.c:
if (!listener) { ReleaseSRWLockExclusive( &bluetooth_auth_lock ); return ERROR_OUTOFMEMORY;
Ditto
-
Jinoh Kang (@iamahuman) -
Vibhav Pant
-
Vibhav Pant (@vibhavp)