Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2024-06-21 05:21:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

[WIN32K] Fix 'use after free' in NtGdiStretchDIBitsInternal (#4122)

Browse source 
CORE-17861
This commit is contained in:
Doug Lyons 2021-11-21 19:57:36 -06:00 committed by GitHub
parent f766ca5e42
commit b538b9abb8
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
win32ss/gdi/ntgdi/dibobj.c
View file

@ -1489,7 +1489,6 @@ NtGdiStretchDIBitsInternal(
if (pdc) DC_UnlockDc(pdc);
}
if (pbmiSafe) ExFreePoolWithTag(pbmiSafe, 'imBG');
if (pvBits) ExFreePoolWithTag(pvBits, TAG_DIB);
/* This is not what MSDN says is returned from this function, but it
@ -1504,6 +1503,8 @@ NtGdiStretchDIBitsInternal(
LinesCopied = pbmiSafe->bmiHeader.biHeight;
}
ExFreePoolWithTag(pbmiSafe, 'imBG');
return LinesCopied;
}