File emfdc.c, function get_bitmap_info: Memory leaks in get_bitmap_info via return before calling DeleteDC and DeleteObject.
From: AlexeyLushnikov lexa_64@mail.ru
--- dlls/gdi32/emfdc.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/dlls/gdi32/emfdc.c b/dlls/gdi32/emfdc.c index d81374a073e..434a642b342 100644 --- a/dlls/gdi32/emfdc.c +++ b/dlls/gdi32/emfdc.c @@ -160,6 +160,7 @@ static UINT get_bitmap_info( HDC *hdc, HBITMAP *bitmap, BITMAPINFO *info ) HDC blit_dc; UINT info_size, bpp; DIBSECTION dib; + UINT bitmap_info_size = 0;
if (!(info_size = GetObjectW( *bitmap, sizeof(dib), &dib ))) return 0;
@@ -220,16 +221,16 @@ static UINT get_bitmap_info( HDC *hdc, HBITMAP *bitmap, BITMAPINFO *info )
bpp = info->bmiHeader.biBitCount; if (bpp <= 8) - return sizeof(BITMAPINFOHEADER) + (1 << bpp) * sizeof(RGBQUAD); + bitmap_info_size = sizeof(BITMAPINFOHEADER) + (1 << bpp) * sizeof(RGBQUAD); else if (bpp == 16 || bpp == 32) - return sizeof(BITMAPINFOHEADER) + 3 * sizeof(RGBQUAD); - - return sizeof(BITMAPINFOHEADER); + bitmap_info_size = sizeof(BITMAPINFOHEADER) + 3 * sizeof(RGBQUAD); + else + bitmap_info_size = sizeof(BITMAPINFOHEADER);
err: if (blit_dc && blit_dc != *hdc) DeleteDC( blit_dc ); if (blit_bitmap && blit_bitmap != *bitmap) DeleteObject( blit_bitmap ); - return 0; + return bitmap_info_size; }
/*******************************************************************************************
The intention here would appear to be to return any new `blit_dc` and `blit_bitmap`. @jacek ?
Yes, the caller is supposed to free them.
On Mon Sep 9 10:22:06 2024 +0000, Jacek Caban wrote:
Yes, the caller is supposed to free them.
But we create new dc and bitmap in local variables blit_dc and blt_bitmap. The caller doesn't know anything about them and can't free them.
Please correct me if I'm wrong.
On Mon Sep 9 10:22:06 2024 +0000, AlexeyLushnikov wrote:
But we create new dc and bitmap in local variables blit_dc and blt_bitmap. The caller doesn't know anything about them and can't free them. Please correct me if I'm wrong.
Yes, the bug is that we're missing assignments to `*hdc` and `*bitmap`, probably at the end of the big `else` block.
-
AlexeyLushnikov -
AlexeyLushnikov (@AlexeyLushnikov)
-
Huw Davies (@huw)
-
Jacek Caban (@jacek)