Maarten Lankhorst wrote:
@@ -665,7 +665,8 @@ static inline void safe_copy_from_buffer(MIDL_STUB_MESSAGE *pStubMsg, void *p, U if ((pStubMsg->Buffer + size < pStubMsg->Buffer) || /* integer overflow of pStubMsg->Buffer */ (pStubMsg->Buffer + size > pStubMsg->BufferEnd)) RpcRaiseException(RPC_X_BAD_STUB_DATA);
- memcpy(p, pStubMsg->Buffer, size);
- if (p != pStubMsg->Buffer)
pStubMsg->Buffer += size;memcpy(p, pStubMsg->Buffer, size);
}
@@ -890,8 +891,7 @@ unsigned char *WINAPI NdrConformantStringUnmarshall( PMIDL_STUB_MESSAGE pStubMsg *ppMemory = NdrAllocate(pStubMsg, memsize); }
- if (*ppMemory != pStubMsg->Buffer)
- safe_copy_from_buffer(pStubMsg, *ppMemory, bufsize);
safe_copy_from_buffer(pStubMsg, *ppMemory, bufsize);
if (*pFormat == RPC_FC_C_CSTRING) { TRACE("string=%s\n", debugstr_a((char*)*ppMemory));
Good work in spotting and fixing the mistake I made, but I think I'd prefer to fix it by making the caller of safe_copy_from_buffer do the incrementing of the buffer. This is to avoid confusion with the name of the function and to avoid the possibility that the buffer is incremented twice.