rpcrt4: Use safe_copy_from_buffer instead of direct memory copy in NdrBaseTypeUnmarshall.

This makes the code check that the buffer is big enough to read from before copying the data from it. The safe_buffer_increment call is still needed for the case where we point the memory to the buffer, so move the call there.

rpcrt4: Use safe_copy_from_buffer instead of direct memory copy in NdrBaseTypeUnmarshall.
8e08b1dd · Rob Shearman · Alexandre Julliard · c871d9a8 · 8e08b1dd
Commit 8e08b1dd authored Apr 28, 2008 by Rob Shearman Committed by Alexandre Julliard Apr 28, 2008
Show whitespace changes
Inline Side-by-side

Showing with 3 additions and 3 deletions

ndr_marshall.c dlls/rpcrt4/ndr_marshall.c +3 -3

No files found.
--- a/dlls/rpcrt4/ndr_marshall.c
+++ b/dlls/rpcrt4/ndr_marshall.c
@@ -6051,15 +6051,15 @@ static unsigned char *WINAPI NdrBaseTypeUnmarshall(
        { \
            *ppMemory = pStubMsg->Buffer; \
            TRACE("*ppMemory: %p\n", *ppMemory); \
+            safe_buffer_increment(pStubMsg, sizeof(type)); \
        } \
        else \
        {  \
            if (fMustAlloc) \
                *ppMemory = NdrAllocate(pStubMsg, sizeof(type)); \
            TRACE("*ppMemory: %p\n", *ppMemory); \
-            **(type **)ppMemory = *(type *)pStubMsg->Buffer; \
-        } \
-	safe_buffer_increment(pStubMsg, sizeof(type));
+            safe_copy_from_buffer(pStubMsg, *ppMemory, sizeof(type)); \
+        }

    switch(*pFormat)
    {