On 10/03/12 14:57, Marcus Meissner wrote: > On Tue, Oct 02, 2012 at 01:19:37PM +0200, Jacek Caban wrote: >> Hi Marcus, >> >> On 10/01/12 23:00, Marcus Meissner wrote: >>> Hi, >>> >>> Various coverity issues complain about user-after-free scenarios, >>> all involving this code path. >>> >>> I strongly think if call_ret signals error, we also need to return >>> an error condition to avoid the callers from proceeding as if nothing >>> happened. >>> >>> Second reiteration with Jaceks comment applied >> Sorry for not catching this later, I was concentrated on your comment >> instead of the code, but the important thing is that true call_ret means >> success (and wininet doing request asynchronously is signalled as an >> error). It means that in this case we want to return RPC_S_OK. What is >> the exact problem? > Ok, my fix was likely bad. > > Coverity is spotting use-after-free scenarios. > > CID 715805
I restored my login in Coverity and looked at the report. It seems to be false positive. async_data is reference counted structure and we'll never free it in mentioned wait_async_request because we still store the reference in caller. Cheers, Jacek
