Module: wine Branch: refs/heads/master Commit: 4c4fc14fe90de4af295eefe2906258cfcb51981c URL: http://source.winehq.org/git/?p=wine.git;a=commit;h=4c4fc14fe90de4af295eefe2...
Author: Robert Shearman rob@codeweavers.com Date: Mon Jul 24 11:45:15 2006 +0100
rpcrt4: Allocate memory based on MaxCount, not ActualCount in NdrConformantStringUnmarshall.
---
dlls/rpcrt4/ndr_marshall.c | 17 +++++++++-------- 1 files changed, 9 insertions(+), 8 deletions(-)
diff --git a/dlls/rpcrt4/ndr_marshall.c b/dlls/rpcrt4/ndr_marshall.c index 1d751ac..fe4a248 100644 --- a/dlls/rpcrt4/ndr_marshall.c +++ b/dlls/rpcrt4/ndr_marshall.c @@ -650,7 +650,7 @@ unsigned long WINAPI NdrConformantString { unsigned long rslt = 0;
- TRACE("(pStubMsg == ^%p, pFormat == ^%p)\n", pStubMsg, pFormat); + FIXME("(pStubMsg == ^%p, pFormat == ^%p)\n", pStubMsg, pFormat);
assert(pStubMsg && pFormat);
@@ -679,7 +679,7 @@ unsigned long WINAPI NdrConformantString unsigned char *WINAPI NdrConformantStringUnmarshall( PMIDL_STUB_MESSAGE pStubMsg, unsigned char** ppMemory, PFORMAT_STRING pFormat, unsigned char fMustAlloc ) { - ULONG size, esize, i; + ULONG bufsize, memsize, esize, i;
TRACE("(pStubMsg == ^%p, *pMemory == ^%p, pFormat == ^%p, fMustAlloc == %u)\n", pStubMsg, *ppMemory, pFormat, fMustAlloc); @@ -697,16 +697,17 @@ unsigned char *WINAPI NdrConformantStrin esize = 0; }
- size = safe_multiply(esize, pStubMsg->ActualCount); + memsize = safe_multiply(esize, pStubMsg->MaxCount); + bufsize = safe_multiply(esize, pStubMsg->ActualCount);
/* strings must always have null terminating bytes */ - if (size < esize) + if (bufsize < esize) { ERR("invalid string length of %ld\n", pStubMsg->ActualCount); RpcRaiseException(RPC_S_INVALID_BOUND); return NULL; } - for (i = size - esize; i < size; i++) + for (i = bufsize - esize; i < bufsize; i++) if (pStubMsg->Buffer[i] != 0) { ERR("string not null-terminated at byte position %ld, data is 0x%x\n", @@ -716,11 +717,11 @@ unsigned char *WINAPI NdrConformantStrin }
if (fMustAlloc || !*ppMemory) - *ppMemory = NdrAllocate(pStubMsg, size); + *ppMemory = NdrAllocate(pStubMsg, memsize);
- memcpy(*ppMemory, pStubMsg->Buffer, size); + memcpy(*ppMemory, pStubMsg->Buffer, bufsize);
- pStubMsg->Buffer += size; + pStubMsg->Buffer += bufsize;
if (*pFormat == RPC_FC_C_CSTRING) { TRACE("string=%s\n", debugstr_a((char*)*ppMemory));