d3d11: Avoid potential double free in d3d11_device_CreateRasterizerState().

dlls/d3d11/state.c

@@ -882,23 +882,26 @@ HRESULT d3d_rasterizer_state_init(struct d3d_rasterizer_state *state, struct d3d
     wined3d_private_store_init(&state->private_store);
     state->desc = *desc;
 
-    wined3d_desc.front_ccw = desc->FrontCounterClockwise;
-    if (FAILED(hr = wined3d_rasterizer_state_create(device->wined3d_device, &wined3d_desc,
-            state, &d3d_rasterizer_state_wined3d_parent_ops, &state->wined3d_state)))
+    if (wine_rb_put(&device->rasterizer_states, desc, &state->entry) == -1)
     {
-        WARN("Failed to create wined3d rasterizer state, hr %#x.\n", hr);
+        ERR("Failed to insert rasterizer state entry.\n");
         wined3d_private_store_cleanup(&state->private_store);
         wined3d_mutex_unlock();
-        return hr;
+        return E_FAIL;
     }
 
-    if (wine_rb_put(&device->rasterizer_states, desc, &state->entry) == -1)
+    wined3d_desc.front_ccw = desc->FrontCounterClockwise;
+
+    /* We cannot fail after creating a wined3d_rasterizer_state object. It
+     * would lead to double free. */
+    if (FAILED(hr = wined3d_rasterizer_state_create(device->wined3d_device, &wined3d_desc,
+            state, &d3d_rasterizer_state_wined3d_parent_ops, &state->wined3d_state)))
     {
-        ERR("Failed to insert rasterizer state entry.\n");
+        WARN("Failed to create wined3d rasterizer state, hr %#x.\n", hr);
         wined3d_private_store_cleanup(&state->private_store);
-        wined3d_rasterizer_state_decref(state->wined3d_state);
+        wine_rb_remove(&device->rasterizer_states, &state->entry);
         wined3d_mutex_unlock();
-        return E_FAIL;
+        return hr;
     }
     wined3d_mutex_unlock();