Seems like I'm unable to review my code...
+ if(desc->pos + len > desc->size) len = desc->size - desc->pos; It's usually safer to write expressions like that as "if (len > desc->size - desc->pos)" because "desc->pos + len" can wrap around if len is large, while "desc->size - desc->pos" should always be safe. Perhaps the caller is expected to always pass sane values here, but it's a somewhat dangerous construction in the general case in terms of reading/writing past the end of buffers. It can also be simplified to "len = min(len, desc->size - desc->pos);" here.
Sure. Better to go with something like "len = len < (desc->size - desc->pos) ? len : desc->size - desc->pos" or creating a "min" function?
+ if(wpp_output_size + len > wpp_output_capacity) Similar issue as above.
+int wpp_close_output(void) +{ + /* trim buffer to the effective size */ + char *new_wpp_output = HeapReAlloc(GetProcessHeap(), 0, wpp_output, + wpp_output_size + 1); + if(!new_wpp_output) return 0; + wpp_output[wpp_output_size]='\0'; + return 1; +} This doesn't really make sense. The comment is misleading, because you actually grow the buffer if "wpp_output_size == wpp_output_capacity". If you didn't, you wouldn't care about HeapRealloc() failure because the worst thing that could happen was that the buffer was a bit larger than it strictly needed to be. More importantly though, you assume new_wpp_output is the same pointer as wpp_output after a successful HeapReAlloc(), which isn't necessarily true.
Yep, this is clearly broken. Will fix it.
+ current_shader.buffer = HeapAlloc(GetProcessHeap(), 0, data_len + 1); ... + ret = wpp_parse("", NULL); + if(!wpp_close_output()) + ret = 1; + if(ret) + { + TRACE("Error during shader preprocessing\n"); + HeapFree(GetProcessHeap(), 0, current_shader.buffer); I don't think it's very nice to have the HeapAlloc() and HeapFree() on different levels of the code like that. I.e., either have both in wpp_open_mem()/wpp_close_mem() or have both in the caller. The current scheme has the allocation in the caller and the deallocation in wpp_close_mem(), except sometimes when wpp_parse() fails to call wpp_close_mem(). (Can that even happen? Looking at the source of wpp_parse() it's not clear to me how.) Also, does wpp_parse() really need the input to be zero-terminated?
wpp_parse() doesn't call wpp_close_mem() if the call to pp_push_define_state() fails (can fail in out-of-memory conditions), so the extra HeapFree was there for this case. Anyway, as you noticed, there is no need to null-terminate wpp input (while there is this need for the shader parser), so the entire allocation-copy-nulltermination-deallocation is useless...