On Mon, Oct 15, 2018 at 01:13:51PM -0500, Zebediah Figura wrote:
On 15/10/18 12:39, Zebediah Figura wrote:
Hmm, no, you're right, we do need to free in that case. So I think the condition should be (ServerAllocSize && (!MustFree || IsSimpleRef)).
What confuses me about the whole ordeal is that in theory, ServerAllocSize represents storage space that should exist on the stub's stack. MSDN states this:
"The ServerAllocSize bits are nonzero if the parameter is [out], [in], or [in,out] pointer to pointer, or pointer to enum16, and will be initialized on the server interpreter's stack, rather than using a call to I_RpcAllocate."
and -Os mode stubs back this up — but only in some cases. Namely, a parameter like "[out] mystruct_t *x" will have a server size of 16 bits, and the inline stub will include a generated "MYSTRUCT _xM" which the server function is called with. However, in the case that's causing the crash for me, i.e. where IsSimpleRef is *not* set, e.g. any double pointer, the -Os mode stubs don't allocate stack space for the inner pointer, and just calling the type's freer — i.e. NdrPointerFree() — would incorrectly free that stack space if it were allocated. The effect, then, is that ServerAllocSize seems to have to be entirely ignored if IsSimpleRef isn't also set, which is weird. Am I missing something here?
Actually, never mind, I just did a little more testing and found the problem: MIDL will mark these pointers as on-stack if and only if -Oicf mode is used, so they won't be freed by NdrPointerFree(). widl doesn't do that.
It's still kind of weird that MIDL doesn't allocate inner pointers on the stack in -Os mode. I guess it's just an optimization they never implemented because they want everyone to use -Oicf mode.
Yes, it's annoying that the format string changes across the different modes---I've been bitten by that in the past.
Huw.