Skip to content

W
wine-cw
Commit 13f9c719 authored by Rob Shearman's avatar Rob Shearman Committed by Alexandre Julliard
Browse files
Options

widl: Make the offset of conformant string types point to the start of the…

widl: Make the offset of conformant string types point to the start of the conformant string format chars, not the pointer type. Otherwise, writing a type at top-level could cause the pointer format string to be used in non-top-level places which may cause memory corruption during freeing.
parent c8b3dc40
Hide whitespace changes
Inline Side-by-side
Showing with 7 additions and 5 deletions
tools/widl/typegen.c
View file @ 13f9c719
...@@ -1472,11 +1472,9 @@ static size_t write_string_tfs(FILE *file, const attr_list_t *attrs, ...@@ -1472,11 +1472,9 @@ static size_t write_string_tfs(FILE *file, const attr_list_t *attrs,
const char *name, unsigned int *typestring_offset, const char *name, unsigned int *typestring_offset,
int toplevel) int toplevel)
{ {
size_t start_offset = *typestring_offset; size_t start_offset;
unsigned char rtype; unsigned char rtype;
update_tfsoff(type, start_offset, file);
if (toplevel && is_declptr(type)) if (toplevel && is_declptr(type))
{ {
unsigned char flag = is_conformant_array(type) ? 0 : RPC_FC_P_SIMPLEPOINTER; unsigned char flag = is_conformant_array(type) ? 0 : RPC_FC_P_SIMPLEPOINTER;
...@@ -1494,6 +1492,9 @@ static size_t write_string_tfs(FILE *file, const attr_list_t *attrs, ...@@ -1494,6 +1492,9 @@ static size_t write_string_tfs(FILE *file, const attr_list_t *attrs,
} }
} }
start_offset = *typestring_offset;
update_tfsoff(type, start_offset, file);
rtype = type->ref->type; rtype = type->ref->type;
if ((rtype != RPC_FC_BYTE) && (rtype != RPC_FC_CHAR) && (rtype != RPC_FC_WCHAR)) if ((rtype != RPC_FC_BYTE) && (rtype != RPC_FC_CHAR) && (rtype != RPC_FC_WCHAR))
...@@ -2743,10 +2744,11 @@ static void write_remoting_arg(FILE *file, int indent, const func_t *func, ...@@ -2743,10 +2744,11 @@ static void write_remoting_arg(FILE *file, int indent, const func_t *func,
} }
if ((phase == PHASE_FREE) || (pointer_type == RPC_FC_UP)) if ((phase == PHASE_FREE) || (pointer_type == RPC_FC_UP))
print_phase_function(file, indent, "Pointer", phase, var, start_offset); print_phase_function(file, indent, "Pointer", phase, var,
start_offset - (type->size_is ? 4 : 2));
else else
print_phase_function(file, indent, "ConformantString", phase, var, print_phase_function(file, indent, "ConformantString", phase, var,
start_offset + (type->size_is ? 4 : 2)); start_offset);
} }
} }
else if (is_array(type)) else if (is_array(type))
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment