From be650befc9af221dd8b85940e6919c3ef97bc13b Mon Sep 17 00:00:00 2001 From: George Hazan Date: Thu, 22 Apr 2021 11:58:32 +0300 Subject: Variables: if the service being called doesn't exist, passing CALLSERVICE_NOTFOUND to mir_free() causes heavy memory corruption --- plugins/Variables/src/tokenregister.cpp | 10 ++++++++-- plugins/Variables/src/version.h | 2 +- 2 files changed, 9 insertions(+), 3 deletions(-) (limited to 'plugins') diff --git a/plugins/Variables/src/tokenregister.cpp b/plugins/Variables/src/tokenregister.cpp index 8a197815eb..327df5f475 100644 --- a/plugins/Variables/src/tokenregister.cpp +++ b/plugins/Variables/src/tokenregister.cpp @@ -177,8 +177,11 @@ wchar_t *parseFromRegister(ARGUMENTSINFO *ai) if (thisVr->flags & TRF_PARSEFUNC) callRes = (INT_PTR)thisVr->parseFunction(&cAi); - else if (thisVr->szService != nullptr) + else if (thisVr->szService != nullptr) { callRes = CallService(thisVr->szService, 0, (LPARAM)&cAi); + if (callRes == CALLSERVICE_NOTFOUND) + callRes = 0; + } for (unsigned j = 0; j < cAi.argc; j++) mir_free(cAi.argv.a[j]); @@ -190,8 +193,11 @@ wchar_t *parseFromRegister(ARGUMENTSINFO *ai) // unicode variables calls unicode plugin if (thisVr->flags & TRF_PARSEFUNC) callRes = (INT_PTR)thisVr->parseFunctionW(ai); - else if (thisVr->szService != nullptr) + else if (thisVr->szService != nullptr) { callRes = CallService(thisVr->szService, 0, (LPARAM)ai); + if (callRes == CALLSERVICE_NOTFOUND) + callRes = 0; + } if ((wchar_t*)callRes != nullptr) res = mir_wstrdup((wchar_t*)callRes); diff --git a/plugins/Variables/src/version.h b/plugins/Variables/src/version.h index a002618d9a..192c5c8387 100644 --- a/plugins/Variables/src/version.h +++ b/plugins/Variables/src/version.h @@ -1,7 +1,7 @@ #define __MAJOR_VERSION 0 #define __MINOR_VERSION 2 #define __RELEASE_NUM 3 -#define __BUILD_NUM 11 +#define __BUILD_NUM 12 #include -- cgit v1.2.3