From 4f07e4f014587d016ea159c16052d30f0ea72a43 Mon Sep 17 00:00:00 2001
From: Sven Baars <sven.wine@gmail.com>
Date: Mon, 21 Oct 2019 11:22:06 +0200
Subject: [PATCH] webservices: Fix some leaks on error paths (Coverity).

Signed-off-by: Sven Baars <sven.wine@gmail.com>
Signed-off-by: Hans Leidekker <hans@codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
---
 dlls/webservices/msg.c | 20 +++++++++++++-------
 1 file changed, 13 insertions(+), 7 deletions(-)

diff --git a/dlls/webservices/msg.c b/dlls/webservices/msg.c
index a006841be67..6922224a055 100644
--- a/dlls/webservices/msg.c
+++ b/dlls/webservices/msg.c
@@ -1552,12 +1552,12 @@ HRESULT WINAPI WsRemoveMappedHeader( WS_MESSAGE *handle, const WS_XML_STRING *na
     return hr;
 }
 
-static HRESULT xmlstring_to_wsz( const WS_XML_STRING *str, WS_HEAP *heap, WCHAR **ret )
+static HRESULT xmlstring_to_wsz( const WS_XML_STRING *str, WS_HEAP *heap, WCHAR **ret, int *len )
 {
-    int len = MultiByteToWideChar( CP_UTF8, 0, (char *)str->bytes, str->length, NULL, 0 );
-    if (!(*ret = ws_alloc( heap, (len + 1) * sizeof(WCHAR) ))) return WS_E_QUOTA_EXCEEDED;
-    MultiByteToWideChar( CP_UTF8, 0, (char *)str->bytes, str->length, *ret, len );
-    (*ret)[len] = 0;
+    *len = MultiByteToWideChar( CP_UTF8, 0, (char *)str->bytes, str->length, NULL, 0 );
+    if (!(*ret = ws_alloc( heap, (*len + 1) * sizeof(WCHAR) ))) return WS_E_QUOTA_EXCEEDED;
+    MultiByteToWideChar( CP_UTF8, 0, (char *)str->bytes, str->length, *ret, *len );
+    (*ret)[*len] = 0;
     return S_OK;
 }
 
@@ -1565,9 +1565,10 @@ static HRESULT get_header_value_wsz( struct header *header, WS_READ_OPTION optio
                                      ULONG size )
 {
     WCHAR *str = NULL;
+    int len = 0;
     HRESULT hr;
 
-    if (header && (hr = xmlstring_to_wsz( header->u.text, heap, &str )) != S_OK) return hr;
+    if (header && (hr = xmlstring_to_wsz( header->u.text, heap, &str, &len )) != S_OK) return hr;
 
     switch (option)
     {
@@ -1577,12 +1578,17 @@ static HRESULT get_header_value_wsz( struct header *header, WS_READ_OPTION optio
 
     case WS_READ_OPTIONAL_POINTER:
     case WS_READ_NILLABLE_POINTER:
-        if (size != sizeof(str)) return E_INVALIDARG;
+        if (size != sizeof(str))
+        {
+            ws_free( heap, str, (len + 1) * sizeof(WCHAR) );
+            return E_INVALIDARG;
+        }
         *ret = str;
         break;
 
     default:
         FIXME( "read option %u not supported\n", option );
+        ws_free( heap, str, (len + 1) * sizeof(WCHAR) );
         return E_NOTIMPL;
     }