From: Yuxuan Shui yshui@codeweavers.com
During the INITOUT phrase, client_do_args will go through the parameter list, and for out parameters that are returned via pointers, it will reads those pointers and initialize the memories they point to.
The problem is, for *_Proxy functions, the TypeFormatString generated by widl includes an extra return value parameter, that does not have a stack location, therefore client_do_args should not try to read it. Since the return value is not returned via pointer, we can fix this by reordering the checks. --- dlls/rpcrt4/ndr_stubless.c | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-)
diff --git a/dlls/rpcrt4/ndr_stubless.c b/dlls/rpcrt4/ndr_stubless.c index 8cb051443ae..ec09fefc0d7 100644 --- a/dlls/rpcrt4/ndr_stubless.c +++ b/dlls/rpcrt4/ndr_stubless.c @@ -508,13 +508,10 @@ void client_do_args( PMIDL_STUB_MESSAGE pStubMsg, PFORMAT_STRING pFormat, enum s switch (phase) { case STUBLESS_INITOUT: - if (*(unsigned char **)pArg) - { - if (param_needs_alloc(params[i].attr)) - memset( *(unsigned char **)pArg, 0, calc_arg_size( pStubMsg, pTypeFormat )); - else if (param_is_out_basetype(params[i].attr)) - memset( *(unsigned char **)pArg, 0, basetype_arg_size( params[i].u.type_format_char )); - } + if (param_needs_alloc(params[i].attr) && *(unsigned char **)pArg) + memset( *(unsigned char **)pArg, 0, calc_arg_size( pStubMsg, pTypeFormat )); + else if (param_is_out_basetype(params[i].attr) && *(unsigned char **)pArg) + memset( *(unsigned char **)pArg, 0, basetype_arg_size( params[i].u.type_format_char )); break; case STUBLESS_CALCSIZE: if (params[i].attr.IsSimpleRef && !*(unsigned char **)pArg)