Fixed use after free.

diff --git a/winpr/libwinpr/environment/environment.c b/winpr/libwinpr/environment/environment.c
index 70768be..0fd4e86 100644 (file)
--- a/winpr/libwinpr/environment/environment.c
+++ b/winpr/libwinpr/environment/environment.c
@@ -390,11 +390,17 @@ LPCH MergeEnvironmentStrings(PCSTR original, PCSTR merge)
                                {
                                        while ((offset + mergeLength + 8) > cchEnvironmentBlock)
                                        {
+                                               LPCH tmp;
                                                cchEnvironmentBlock *= 2;
-                                               lpszEnvironmentBlock = (LPCH) realloc(lpszEnvironmentBlock, cchEnvironmentBlock * sizeof(CHAR));
+                                               tmp = (LPCH) realloc(lpszEnvironmentBlock, cchEnvironmentBlock * sizeof(CHAR));
 
-                                               if (!lpszEnvironmentBlock)
+                                               if (!tmp)
+                                               {
+                                                       if (lpszEnvironmentBlock)
+                                                               free(lpszEnvironmentBlock);
                                                        return NULL;
+                                               }
+                                               lpszEnvironmentBlock = tmp;
                                        }
 
                                        foundMerge = 1;