From: Michael Stefaniuc Subject: Re: [PATCH] msctf: Remove incorrect dereference of double pointer. Message-Id: <3a215666-0981-34c0-ceb4-176961b507eb@redhat.com> Date: Fri, 9 Dec 2016 17:15:37 +0200 In-Reply-To: <20161209140548.22830-1-twunknown@gmail.com> References: <20161209140548.22830-1-twunknown@gmail.com> On 12/09/2016 04:05 PM, Brock York wrote: > Fixes https://bugs.winehq.org/show_bug.cgi?id=41252 > > ThreadMgr_QueryInterface is expecting ppvOut to be a pointer to a pointer. > When UIElementMgr_QueryInterface calls the ThreadMgr_QueryInterface > function it derefences the void **ppvOut making it a void *ppvOut > when passing it in. When ThreadMgr_QueryInterface attempts to dereference > this pointer to assign a pointer to it, it is instead accessing the value ppvOut > is suppose to be pointing at. When the pointer ppvOut points to is > NULL this causes a null pointer dereference > > Tested on Arch Linux > > Signed-off-by: Brock York Signed-off-by: Michael Stefaniuc > --- > dlls/msctf/threadmgr.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/dlls/msctf/threadmgr.c b/dlls/msctf/threadmgr.c > index e1f56f1..62ddfd2 100644 > --- a/dlls/msctf/threadmgr.c > +++ b/dlls/msctf/threadmgr.c > @@ -1187,7 +1187,7 @@ static HRESULT WINAPI UIElementMgr_QueryInterface(ITfUIElementMgr *iface, REFIID > { > ThreadMgr *This = impl_from_ITfUIElementMgr(iface); > > - return ITfThreadMgrEx_QueryInterface(&This->ITfThreadMgrEx_iface, iid, *ppvOut); > + return ITfThreadMgrEx_QueryInterface(&This->ITfThreadMgrEx_iface, iid, ppvOut); > } > > static ULONG WINAPI UIElementMgr_AddRef(ITfUIElementMgr *iface) >