rpcrt4: Improve PointerFree to not free buffer memory.

dlls/rpcrt4/ndr_marshall.c

@@ -1187,28 +1187,13 @@ static void PointerFree(PMIDL_STUB_MESSAGE pStubMsg,
   m = NdrFreer[*desc & NDR_TABLE_MASK];
   if (m) m(pStubMsg, Pointer, desc);
 
-  /* hmm... is this sensible?
-   * perhaps we should check if the memory comes from NdrAllocate,
+  /* we should check if the memory comes from NdrAllocate,
    * and deallocate only if so - checking if the pointer is between
-   * BufferStart and BufferEnd is probably no good since the buffer
+   * BufferStart and BufferEnd will not always work since the buffer
    * may be reallocated when the server wants to marshal the reply */
-  switch (*desc) {
-  case RPC_FC_BOGUS_STRUCT:
-  case RPC_FC_BOGUS_ARRAY:
-  case RPC_FC_USER_MARSHAL:
-  case RPC_FC_CARRAY:
-  case RPC_FC_CVARRAY:
-    break;
-  default:
-    FIXME("unhandled data type=%02x\n", *desc);
-    break;
-  case RPC_FC_C_CSTRING:
-  case RPC_FC_C_WSTRING:
-    if (pStubMsg->ReuseBuffer) goto notfree;
-    break;
-  case RPC_FC_IP:
+  if (Pointer >= (unsigned char *)pStubMsg->RpcMsg->Buffer ||
+      Pointer <= (unsigned char *)pStubMsg->RpcMsg->Buffer + pStubMsg->BufferLength)
       goto notfree;
-  }
 
   if (attr & RPC_FC_P_ONSTACK) {
     TRACE("not freeing stack ptr %p\n", Pointer);

dlls/rpcrt4/tests/ndr_marshall.c

@@ -1167,7 +1167,9 @@ todo_wine {
     my_free_called = 0;
     StubMsg.Buffer = StubMsg.BufferStart;
     NdrPointerFree( &StubMsg, mem, fmtstr_conf_str );
+todo_wine {
     ok(my_free_called == 1, "free called %d\n", my_free_called);
+}
 
     /* Server */
     my_alloc_called = 0;