wine/wine-staging
0
0
Fork 0
mirror of https://gitlab.winehq.org/wine/wine-staging.git synced 2024-09-13 09:17:20 -07:00
Code Issues Packages Projects Releases Wiki Activity

riched20-IText_Interface: Added patch to fix invalid memory access when parent object was destroyed before child object.

Browse Source
This commit is contained in:
Sebastian Lackner 2014-09-13 17:27:01 +02:00
parent 6aecd5a407
commit c5f802363f
2 changed files with 64 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
patches/Makefile
View File

@ -740,6 +740,7 @@ riched20-IText_Interface.ok:
$(call APPLY_FILE,riched20-IText_Interface/0011-riched20-Implement-ITextRange-IsEqual.patch)
$(call APPLY_FILE,riched20-IText_Interface/0012-riched20-Implement-ITextRange-GetStoryLength.patch)
$(call APPLY_FILE,riched20-IText_Interface/0013-riched20-Implement-ITextSelection-GetStoryLength.patch)
$(call APPLY_FILE,riched20-IText_Interface/0014-riched20-Fix-invalid-memory-access-when-parent-objec.patch)
@( \
echo '+ { "riched20-IText_Interface", "Jactry Zeng", "Implement Stubs for ITextRange interface. [rev 3]" },'; \
echo '+ { "riched20-IText_Interface", "Jactry Zeng", "Implement Stubs for ITextFont interface. [rev 2]" },'; \

63
patches/riched20-IText_Interface/0014-riched20-Fix-invalid-memory-access-when-parent-objec.patch Normal file
View File

@ -0,0 +1,63 @@
From ed3dbf533bbfdbb7bfb05135f60ea6ef214c7f3a Mon Sep 17 00:00:00 2001
From: Sebastian Lackner <sebastian@fds-team.de>
Date: Sat, 13 Sep 2014 17:21:31 +0200
Subject: riched20: Fix invalid memory access when parent object was destroyed
earlier than child object.
---
dlls/riched20/richole.c | 21 +++++++++++++++------
1 file changed, 15 insertions(+), 6 deletions(-)
diff --git a/dlls/riched20/richole.c b/dlls/riched20/richole.c
index 8c64492..b9ff71f 100644
--- a/dlls/riched20/richole.c
+++ b/dlls/riched20/richole.c
@@ -528,10 +528,13 @@ static ULONG WINAPI ITextPara_fnRelease(ITextPara *me)
ITextRange_Release(&This->txtRge->ITextRange_iface);
else
ITextSelection_Release(&This->txtSel->ITextSelection_iface);
- This->reOle = NULL;
This->txtRge = NULL;
This->txtSel = NULL;
- list_remove(&This->entry);
+ if (This->reOle)
+ {
+ list_remove(&This->entry);
+ This->reOle = NULL;
+ }
heap_free(This);
}
return ref;
@@ -1163,10 +1166,13 @@ static ULONG WINAPI ITextFont_fnRelease(ITextFont *me)
ITextRange_Release(&This->txtRge->ITextRange_iface);
else
ITextSelection_Release(&This->txtSel->ITextSelection_iface);
- This->reOle = NULL;
This->txtRge = NULL;
This->txtSel = NULL;
- list_remove(&This->entry);
+ if (This->reOle)
+ {
+ list_remove(&This->entry);
+ This->reOle = NULL;
+ }
heap_free(This);
}
return ref;
@@ -1897,8 +1903,11 @@ static ULONG WINAPI ITextRange_fnRelease(ITextRange *me)
TRACE ("%p ref=%u\n", This, ref);
if (ref == 0)
{
- This->reOle = NULL;
- list_remove(&This->entry);
+ if (This->reOle)
+ {
+ list_remove(&This->entry);
+ This->reOle = NULL;
+ }
heap_free(This);
}
return ref;
--
2.1.0