2
Vote

Incorrect cleanup of STGMEDIUM

description

In function DirectoryObjectPickerDialog::ProcessSelections STGMEDIUM stg is freed incorrectly.
As a result sporadic crashes might happen due to heap corruption.
 
the call to Marshal.DestroyStructure(current, typeof(DS_SELECTION));
 
should be deleted and ReleaseStgMedium should be added in the finally block
 
        finally
        {
            NativeMethods.GlobalUnlock(dssl);
            NativeMethods.ReleaseStgMedium(ref stg);
        }
 
...
    [DllImport("ole32.dll")]
    internal static extern void ReleaseStgMedium([In] ref STGMEDIUM pmedium);

comments