Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2024-12-28 01:55:19 +00:00
Code Issues Projects Releases Packages Wiki Activity

[WIN32K] Fix 'use after free' in NtGdiStretchDIBitsInternal (#4122)

Browse source 
CORE-17861
This commit is contained in:
Doug Lyons 2021-11-21 19:57:36 -06:00 committed by GitHub
parent f766ca5e42
commit b538b9abb8
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
win32ss/gdi/ntgdi/dibobj.c
View file

@ -1489,7 +1489,6 @@ NtGdiStretchDIBitsInternal(
if (pdc) DC_UnlockDc(pdc); if (pdc) DC_UnlockDc(pdc);
} }
if (pbmiSafe) ExFreePoolWithTag(pbmiSafe, 'imBG');
if (pvBits) ExFreePoolWithTag(pvBits, TAG_DIB); if (pvBits) ExFreePoolWithTag(pvBits, TAG_DIB);
/* This is not what MSDN says is returned from this function, but it /* This is not what MSDN says is returned from this function, but it
@ -1504,6 +1503,8 @@ NtGdiStretchDIBitsInternal(
LinesCopied = pbmiSafe->bmiHeader.biHeight; LinesCopied = pbmiSafe->bmiHeader.biHeight;
} }
ExFreePoolWithTag(pbmiSafe, 'imBG');
return LinesCopied; return LinesCopied;
} }