[Bug 33961] New: RPC: server crashes during procedure call that return variable size array as out parameter

5 Jul 2013


      http://bugs.winehq.org/show_bug.cgi?id=33961
Bug #: 33961
           Summary: RPC: server crashes during procedure call that return
                    variable size array as out parameter
           Product: Wine
           Version: 1.6-rc2
          Platform: x86
        OS/Version: Linux
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: rpc
        AssignedTo: wine-bugs@winehq.org
        ReportedBy: to_egor@hotmail.com
    Classification: Unclassified
RPC server implements an interface that has the following function prototype:
void GetPersons( [out] unsigned long *persons_size,
                 [out, size_is(,*persons_size)] Person_info_t **persons);
When a function of mentioned prototype is called application crashes when Wine
freeing its internal data used for marshalling.
The core of the bug is because of Wine frees memory used for persons_size
whereas persons_size must be alive and available at the moment of freeing
persons.
-- 
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

[Bug 33961] New: RPC: server crashes during procedure call that return variable size array as out parameter