system/wine
system/wine
1
0
Fork 0
mirror of git://source.winehq.org/git/wine.git synced 2024-10-01 18:18:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

services: Use a separate allocation for NotifyParamsArray[0].params.

Browse source 
The pointer might be freed by RPC NdrPointerFree, which will try to use
a dedicated free call for the array elements, and fail.
This commit is contained in:
Rémi Bernon 2023-01-24 15:13:41 +01:00 committed by Alexandre Julliard
parent bea9ef83cc
commit 03aa9e13e7
1 changed files with 8 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
programs/services/rpc.c
View file

@ -102,6 +102,8 @@ static void sc_notify_release(struct sc_notify_handle *notify)
if (r == 0)
{
CloseHandle(notify->event);
if (notify->params_list)
free(notify->params_list->NotifyParamsArray[0].params);
free(notify->params_list);
free(notify);
}
@ -841,11 +843,14 @@ static void fill_notify(struct sc_notify_handle *notify, struct service_entry *s
SC_RPC_NOTIFY_PARAMS_LIST *list;
SERVICE_NOTIFY_STATUS_CHANGE_PARAMS_2 *cparams;
list = calloc(1, sizeof(SC_RPC_NOTIFY_PARAMS_LIST) + sizeof(SERVICE_NOTIFY_STATUS_CHANGE_PARAMS_2));
list = calloc(1, sizeof(SC_RPC_NOTIFY_PARAMS_LIST));
if (!list)
return;
cparams = (SERVICE_NOTIFY_STATUS_CHANGE_PARAMS_2 *)(list + 1);
if (!(cparams = calloc(1, sizeof(SERVICE_NOTIFY_STATUS_CHANGE_PARAMS_2))))
{
free(list);
return;
}
cparams->dwNotifyMask = notify->notify_mask;
fill_status_process(&cparams->ServiceStatus, service);