ndr_marshall.c 228 KB
Newer Older
1 2 3 4
/*
 * NDR data marshalling
 *
 * Copyright 2002 Greg Turner
5
 * Copyright 2003-2006 CodeWeavers
6 7 8 9 10 11 12 13 14 15 16 17 18
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
 * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this library; if not, write to the Free Software
19
 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
20 21
 *
 * TODO:
22 23 24 25 26
 *  - String structs
 *  - Byte count pointers
 *  - transmit_as/represent as
 *  - Multi-dimensional arrays
 *  - Conversion functions (NdrConvert)
27
 *  - Checks for integer addition overflow in user marshall functions
28 29
 */

30
#include <assert.h>
31
#include <stdarg.h>
32 33
#include <stdio.h>
#include <string.h>
34
#include <limits.h>
35

36
#define NONAMELESSUNION
37 38 39 40
#include "windef.h"
#include "winbase.h"
#include "winerror.h"

41
#include "ndr_misc.h"
42
#include "rpcndr.h"
43
#include "ndrtypes.h"
44

45
#include "wine/unicode.h"
46
#include "wine/rpcfc.h"
47 48 49 50 51

#include "wine/debug.h"

WINE_DEFAULT_DEBUG_CHANNEL(ole);

52
#if defined(__i386__)
53
# define LITTLE_ENDIAN_UINT32_WRITE(pchar, uint32) \
54
    (*((UINT32 *)(pchar)) = (uint32))
55

56
# define LITTLE_ENDIAN_UINT32_READ(pchar) \
57 58 59
    (*((UINT32 *)(pchar)))
#else
  /* these would work for i386 too, but less efficient */
60
# define LITTLE_ENDIAN_UINT32_WRITE(pchar, uint32) \
61 62 63
    (*(pchar)     = LOBYTE(LOWORD(uint32)), \
     *((pchar)+1) = HIBYTE(LOWORD(uint32)), \
     *((pchar)+2) = LOBYTE(HIWORD(uint32)), \
64
     *((pchar)+3) = HIBYTE(HIWORD(uint32)))
65

66
# define LITTLE_ENDIAN_UINT32_READ(pchar) \
67
    (MAKELONG( \
68 69
      MAKEWORD(*(pchar), *((pchar)+1)), \
      MAKEWORD(*((pchar)+2), *((pchar)+3))))
70 71
#endif

72 73 74 75
#define BIG_ENDIAN_UINT32_WRITE(pchar, uint32) \
  (*((pchar)+3) = LOBYTE(LOWORD(uint32)), \
   *((pchar)+2) = HIBYTE(LOWORD(uint32)), \
   *((pchar)+1) = LOBYTE(HIWORD(uint32)), \
76
   *(pchar)     = HIBYTE(HIWORD(uint32)))
77 78 79

#define BIG_ENDIAN_UINT32_READ(pchar) \
  (MAKELONG( \
80
    MAKEWORD(*((pchar)+3), *((pchar)+2)), \
81 82 83
    MAKEWORD(*((pchar)+1), *(pchar))))

#ifdef NDR_LOCAL_IS_BIG_ENDIAN
84
# define NDR_LOCAL_UINT32_WRITE(pchar, uint32) \
85
    BIG_ENDIAN_UINT32_WRITE(pchar, uint32)
86
# define NDR_LOCAL_UINT32_READ(pchar) \
87 88
    BIG_ENDIAN_UINT32_READ(pchar)
#else
89
# define NDR_LOCAL_UINT32_WRITE(pchar, uint32) \
90
    LITTLE_ENDIAN_UINT32_WRITE(pchar, uint32)
91
# define NDR_LOCAL_UINT32_READ(pchar) \
92 93 94
    LITTLE_ENDIAN_UINT32_READ(pchar)
#endif

95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111
static inline void align_length( ULONG *len, unsigned int align )
{
    *len = (*len + align - 1) & ~(align - 1);
}

static inline void align_pointer( unsigned char **ptr, unsigned int align )
{
    ULONG_PTR mask = align - 1;
    *ptr = (unsigned char *)(((ULONG_PTR)*ptr + mask) & ~mask);
}

static inline void align_pointer_clear( unsigned char **ptr, unsigned int align )
{
    ULONG_PTR mask = align - 1;
    memset( *ptr, 0, (align - (ULONG_PTR)*ptr) & mask );
    *ptr = (unsigned char *)(((ULONG_PTR)*ptr + mask) & ~mask);
}
112

Ove Kaaven's avatar
Ove Kaaven committed
113
#define STD_OVERFLOW_CHECK(_Msg) do { \
114
    TRACE("buffer=%d/%d\n", (ULONG)(_Msg->Buffer - (unsigned char *)_Msg->RpcMsg->Buffer), _Msg->BufferLength); \
115
    if (_Msg->Buffer > (unsigned char *)_Msg->RpcMsg->Buffer + _Msg->BufferLength) \
116
        ERR("buffer overflow %d bytes\n", (ULONG)(_Msg->Buffer - ((unsigned char *)_Msg->RpcMsg->Buffer + _Msg->BufferLength))); \
Ove Kaaven's avatar
Ove Kaaven committed
117 118
  } while (0)

119 120
#define NDR_POINTER_ID_BASE 0x20000
#define NDR_POINTER_ID(pStubMsg) (NDR_POINTER_ID_BASE + ((pStubMsg)->UniquePtrCount++) * 4)
121 122 123
#define NDR_TABLE_SIZE 128
#define NDR_TABLE_MASK 127

124 125
#define NDRSContextFromValue(user_context) (NDR_SCONTEXT)((char *)(user_context) - (char *)NDRSContextValue((NDR_SCONTEXT)NULL))

126 127 128 129
static unsigned char *WINAPI NdrBaseTypeMarshall(PMIDL_STUB_MESSAGE, unsigned char *, PFORMAT_STRING);
static unsigned char *WINAPI NdrBaseTypeUnmarshall(PMIDL_STUB_MESSAGE, unsigned char **, PFORMAT_STRING, unsigned char);
static void WINAPI NdrBaseTypeBufferSize(PMIDL_STUB_MESSAGE, unsigned char *, PFORMAT_STRING);
static void WINAPI NdrBaseTypeFree(PMIDL_STUB_MESSAGE, unsigned char *, PFORMAT_STRING);
130
static ULONG WINAPI NdrBaseTypeMemorySize(PMIDL_STUB_MESSAGE, PFORMAT_STRING);
131

132 133 134 135
static unsigned char *WINAPI NdrContextHandleMarshall(PMIDL_STUB_MESSAGE, unsigned char *, PFORMAT_STRING);
static void WINAPI NdrContextHandleBufferSize(PMIDL_STUB_MESSAGE, unsigned char *, PFORMAT_STRING);
static unsigned char *WINAPI NdrContextHandleUnmarshall(PMIDL_STUB_MESSAGE, unsigned char **, PFORMAT_STRING, unsigned char);

136 137 138 139 140 141 142
static unsigned char *WINAPI NdrRangeMarshall(PMIDL_STUB_MESSAGE,unsigned char *, PFORMAT_STRING);
static void WINAPI NdrRangeBufferSize(PMIDL_STUB_MESSAGE, unsigned char *, PFORMAT_STRING);
static ULONG WINAPI NdrRangeMemorySize(PMIDL_STUB_MESSAGE, PFORMAT_STRING);
static void WINAPI NdrRangeFree(PMIDL_STUB_MESSAGE, unsigned char *, PFORMAT_STRING);

static ULONG WINAPI NdrByteCountPointerMemorySize(PMIDL_STUB_MESSAGE, PFORMAT_STRING);

143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163
static unsigned char * ComplexBufferSize(PMIDL_STUB_MESSAGE pStubMsg,
                                         unsigned char *pMemory,
                                         PFORMAT_STRING pFormat,
                                         PFORMAT_STRING pPointer);
static unsigned char * ComplexMarshall(PMIDL_STUB_MESSAGE pStubMsg,
                                       unsigned char *pMemory,
                                       PFORMAT_STRING pFormat,
                                       PFORMAT_STRING pPointer);
static unsigned char * ComplexUnmarshall(PMIDL_STUB_MESSAGE pStubMsg,
                                         unsigned char *pMemory,
                                         PFORMAT_STRING pFormat,
                                         PFORMAT_STRING pPointer,
                                         unsigned char fMustAlloc);
static ULONG ComplexStructMemorySize(PMIDL_STUB_MESSAGE pStubMsg,
                                     PFORMAT_STRING pFormat,
                                     PFORMAT_STRING pPointer);
static unsigned char * ComplexFree(PMIDL_STUB_MESSAGE pStubMsg,
                                   unsigned char *pMemory,
                                   PFORMAT_STRING pFormat,
                                   PFORMAT_STRING pPointer);

164
const NDR_MARSHALL NdrMarshaller[NDR_TABLE_SIZE] = {
165
  0,
166 167 168 169 170 171
  NdrBaseTypeMarshall, NdrBaseTypeMarshall, NdrBaseTypeMarshall,
  NdrBaseTypeMarshall, NdrBaseTypeMarshall, NdrBaseTypeMarshall, NdrBaseTypeMarshall,
  NdrBaseTypeMarshall, NdrBaseTypeMarshall, NdrBaseTypeMarshall, NdrBaseTypeMarshall,
  NdrBaseTypeMarshall, NdrBaseTypeMarshall, NdrBaseTypeMarshall, NdrBaseTypeMarshall,
  /* 0x10 */
  NdrBaseTypeMarshall,
172 173 174 175 176
  /* 0x11 */
  NdrPointerMarshall, NdrPointerMarshall,
  NdrPointerMarshall, NdrPointerMarshall,
  /* 0x15 */
  NdrSimpleStructMarshall, NdrSimpleStructMarshall,
177 178
  NdrConformantStructMarshall, NdrConformantStructMarshall,
  NdrConformantVaryingStructMarshall,
179 180
  NdrComplexStructMarshall,
  /* 0x1b */
181 182 183 184
  NdrConformantArrayMarshall, 
  NdrConformantVaryingArrayMarshall,
  NdrFixedArrayMarshall, NdrFixedArrayMarshall,
  NdrVaryingArrayMarshall, NdrVaryingArrayMarshall,
185 186 187
  NdrComplexArrayMarshall,
  /* 0x22 */
  NdrConformantStringMarshall, 0, 0,
188 189
  NdrConformantStringMarshall,
  NdrNonConformantStringMarshall, 0, 0, 0,
190
  /* 0x2a */
191 192
  NdrEncapsulatedUnionMarshall,
  NdrNonEncapsulatedUnionMarshall,
193
  NdrByteCountPointerMarshall,
194
  NdrXmitOrRepAsMarshall, NdrXmitOrRepAsMarshall,
195 196
  /* 0x2f */
  NdrInterfacePointerMarshall,
197
  /* 0x30 */
198
  NdrContextHandleMarshall,
199 200 201 202 203 204
  /* 0xb1 */
  0, 0, 0,
  NdrUserMarshalMarshall,
  0, 0,
  /* 0xb7 */
  NdrRangeMarshall
205
};
206
const NDR_UNMARSHALL NdrUnmarshaller[NDR_TABLE_SIZE] = {
207
  0,
208 209 210 211 212 213
  NdrBaseTypeUnmarshall, NdrBaseTypeUnmarshall, NdrBaseTypeUnmarshall,
  NdrBaseTypeUnmarshall, NdrBaseTypeUnmarshall, NdrBaseTypeUnmarshall, NdrBaseTypeUnmarshall,
  NdrBaseTypeUnmarshall, NdrBaseTypeUnmarshall, NdrBaseTypeUnmarshall, NdrBaseTypeUnmarshall,
  NdrBaseTypeUnmarshall, NdrBaseTypeUnmarshall, NdrBaseTypeUnmarshall, NdrBaseTypeUnmarshall,
  /* 0x10 */
  NdrBaseTypeUnmarshall,
214 215 216 217 218
  /* 0x11 */
  NdrPointerUnmarshall, NdrPointerUnmarshall,
  NdrPointerUnmarshall, NdrPointerUnmarshall,
  /* 0x15 */
  NdrSimpleStructUnmarshall, NdrSimpleStructUnmarshall,
219 220
  NdrConformantStructUnmarshall, NdrConformantStructUnmarshall,
  NdrConformantVaryingStructUnmarshall,
221 222
  NdrComplexStructUnmarshall,
  /* 0x1b */
223 224 225 226
  NdrConformantArrayUnmarshall, 
  NdrConformantVaryingArrayUnmarshall,
  NdrFixedArrayUnmarshall, NdrFixedArrayUnmarshall,
  NdrVaryingArrayUnmarshall, NdrVaryingArrayUnmarshall,
227 228 229
  NdrComplexArrayUnmarshall,
  /* 0x22 */
  NdrConformantStringUnmarshall, 0, 0,
230 231
  NdrConformantStringUnmarshall,
  NdrNonConformantStringUnmarshall, 0, 0, 0,
232
  /* 0x2a */
233 234
  NdrEncapsulatedUnionUnmarshall,
  NdrNonEncapsulatedUnionUnmarshall,
235
  NdrByteCountPointerUnmarshall,
236
  NdrXmitOrRepAsUnmarshall, NdrXmitOrRepAsUnmarshall,
237 238
  /* 0x2f */
  NdrInterfacePointerUnmarshall,
239
  /* 0x30 */
240
  NdrContextHandleUnmarshall,
241 242 243 244 245 246
  /* 0xb1 */
  0, 0, 0,
  NdrUserMarshalUnmarshall,
  0, 0,
  /* 0xb7 */
  NdrRangeUnmarshall
247
};
248
const NDR_BUFFERSIZE NdrBufferSizer[NDR_TABLE_SIZE] = {
249
  0,
250 251 252 253 254 255
  NdrBaseTypeBufferSize, NdrBaseTypeBufferSize, NdrBaseTypeBufferSize,
  NdrBaseTypeBufferSize, NdrBaseTypeBufferSize, NdrBaseTypeBufferSize, NdrBaseTypeBufferSize,
  NdrBaseTypeBufferSize, NdrBaseTypeBufferSize, NdrBaseTypeBufferSize, NdrBaseTypeBufferSize,
  NdrBaseTypeBufferSize, NdrBaseTypeBufferSize, NdrBaseTypeBufferSize, NdrBaseTypeBufferSize,
  /* 0x10 */
  NdrBaseTypeBufferSize,
256 257 258 259 260
  /* 0x11 */
  NdrPointerBufferSize, NdrPointerBufferSize,
  NdrPointerBufferSize, NdrPointerBufferSize,
  /* 0x15 */
  NdrSimpleStructBufferSize, NdrSimpleStructBufferSize,
261 262
  NdrConformantStructBufferSize, NdrConformantStructBufferSize,
  NdrConformantVaryingStructBufferSize,
263 264
  NdrComplexStructBufferSize,
  /* 0x1b */
265 266 267 268
  NdrConformantArrayBufferSize, 
  NdrConformantVaryingArrayBufferSize,
  NdrFixedArrayBufferSize, NdrFixedArrayBufferSize,
  NdrVaryingArrayBufferSize, NdrVaryingArrayBufferSize,
269 270 271
  NdrComplexArrayBufferSize,
  /* 0x22 */
  NdrConformantStringBufferSize, 0, 0,
272 273
  NdrConformantStringBufferSize,
  NdrNonConformantStringBufferSize, 0, 0, 0,
274
  /* 0x2a */
275 276
  NdrEncapsulatedUnionBufferSize,
  NdrNonEncapsulatedUnionBufferSize,
277
  NdrByteCountPointerBufferSize,
278
  NdrXmitOrRepAsBufferSize, NdrXmitOrRepAsBufferSize,
279 280
  /* 0x2f */
  NdrInterfacePointerBufferSize,
281
  /* 0x30 */
282
  NdrContextHandleBufferSize,
283 284 285 286 287 288
  /* 0xb1 */
  0, 0, 0,
  NdrUserMarshalBufferSize,
  0, 0,
  /* 0xb7 */
  NdrRangeBufferSize
289
};
290
const NDR_MEMORYSIZE NdrMemorySizer[NDR_TABLE_SIZE] = {
291
  0,
292 293 294 295 296 297
  NdrBaseTypeMemorySize, NdrBaseTypeMemorySize, NdrBaseTypeMemorySize,
  NdrBaseTypeMemorySize, NdrBaseTypeMemorySize, NdrBaseTypeMemorySize, NdrBaseTypeMemorySize,
  NdrBaseTypeMemorySize, NdrBaseTypeMemorySize, NdrBaseTypeMemorySize, NdrBaseTypeMemorySize,
  NdrBaseTypeMemorySize, NdrBaseTypeMemorySize, NdrBaseTypeMemorySize, NdrBaseTypeMemorySize,
  /* 0x10 */
  NdrBaseTypeMemorySize,
298 299 300 301 302
  /* 0x11 */
  NdrPointerMemorySize, NdrPointerMemorySize,
  NdrPointerMemorySize, NdrPointerMemorySize,
  /* 0x15 */
  NdrSimpleStructMemorySize, NdrSimpleStructMemorySize,
303 304
  NdrConformantStructMemorySize, NdrConformantStructMemorySize,
  NdrConformantVaryingStructMemorySize,
305 306
  NdrComplexStructMemorySize,
  /* 0x1b */
307 308 309 310
  NdrConformantArrayMemorySize,
  NdrConformantVaryingArrayMemorySize,
  NdrFixedArrayMemorySize, NdrFixedArrayMemorySize,
  NdrVaryingArrayMemorySize, NdrVaryingArrayMemorySize,
311 312 313
  NdrComplexArrayMemorySize,
  /* 0x22 */
  NdrConformantStringMemorySize, 0, 0,
314 315
  NdrConformantStringMemorySize,
  NdrNonConformantStringMemorySize, 0, 0, 0,
316
  /* 0x2a */
317 318 319 320
  NdrEncapsulatedUnionMemorySize,
  NdrNonEncapsulatedUnionMemorySize,
  NdrByteCountPointerMemorySize,
  NdrXmitOrRepAsMemorySize, NdrXmitOrRepAsMemorySize,
321 322
  /* 0x2f */
  NdrInterfacePointerMemorySize,
323 324 325 326 327 328 329 330
  /* 0x30 */
  0,
  /* 0xb1 */
  0, 0, 0,
  NdrUserMarshalMemorySize,
  0, 0,
  /* 0xb7 */
  NdrRangeMemorySize
331
};
332
const NDR_FREE NdrFreer[NDR_TABLE_SIZE] = {
333
  0,
334 335 336 337 338 339
  NdrBaseTypeFree, NdrBaseTypeFree, NdrBaseTypeFree,
  NdrBaseTypeFree, NdrBaseTypeFree, NdrBaseTypeFree, NdrBaseTypeFree,
  NdrBaseTypeFree, NdrBaseTypeFree, NdrBaseTypeFree, NdrBaseTypeFree,
  NdrBaseTypeFree, NdrBaseTypeFree, NdrBaseTypeFree, NdrBaseTypeFree,
  /* 0x10 */
  NdrBaseTypeFree,
340 341 342 343 344
  /* 0x11 */
  NdrPointerFree, NdrPointerFree,
  NdrPointerFree, NdrPointerFree,
  /* 0x15 */
  NdrSimpleStructFree, NdrSimpleStructFree,
345 346
  NdrConformantStructFree, NdrConformantStructFree,
  NdrConformantVaryingStructFree,
347 348
  NdrComplexStructFree,
  /* 0x1b */
349 350 351 352
  NdrConformantArrayFree, 
  NdrConformantVaryingArrayFree,
  NdrFixedArrayFree, NdrFixedArrayFree,
  NdrVaryingArrayFree, NdrVaryingArrayFree,
353 354
  NdrComplexArrayFree,
  /* 0x22 */
355
  0, 0, 0,
356
  0, 0, 0, 0, 0,
357 358 359 360 361
  /* 0x2a */
  NdrEncapsulatedUnionFree,
  NdrNonEncapsulatedUnionFree,
  0,
  NdrXmitOrRepAsFree, NdrXmitOrRepAsFree,
362 363
  /* 0x2f */
  NdrInterfacePointerFree,
364 365 366 367 368 369 370 371
  /* 0x30 */
  0,
  /* 0xb1 */
  0, 0, 0,
  NdrUserMarshalFree,
  0, 0,
  /* 0xb7 */
  NdrRangeFree
372 373
};

374 375 376 377 378 379 380 381 382 383
typedef struct _NDR_MEMORY_LIST
{
    ULONG magic;
    ULONG size;
    ULONG reserved;
    struct _NDR_MEMORY_LIST *next;
} NDR_MEMORY_LIST;

#define MEML_MAGIC  ('M' << 24 | 'E' << 16 | 'M' << 8 | 'L')

384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400
/***********************************************************************
 *            NdrAllocate [RPCRT4.@]
 *
 * Allocates a block of memory using pStubMsg->pfnAllocate.
 *
 * PARAMS
 *  pStubMsg [I/O] MIDL_STUB_MESSAGE structure.
 *  len      [I]   Size of memory block to allocate.
 *
 * RETURNS
 *  The memory block of size len that was allocated.
 *
 * NOTES
 *  The memory block is always 8-byte aligned.
 *  If the function is unable to allocate memory an ERROR_OUTOFMEMORY
 *  exception is raised.
 */
401
void * WINAPI NdrAllocate(MIDL_STUB_MESSAGE *pStubMsg, SIZE_T len)
402
{
403 404
    SIZE_T aligned_len;
    SIZE_T adjusted_len;
405 406 407
    void *p;
    NDR_MEMORY_LIST *mem_list;

408
    aligned_len = (len + 7) & ~7;
409 410 411 412
    adjusted_len = aligned_len + sizeof(NDR_MEMORY_LIST);
    /* check for overflow */
    if (adjusted_len < len)
    {
413
        ERR("overflow of adjusted_len %ld, len %ld\n", adjusted_len, len);
414 415 416 417 418 419 420 421 422 423 424 425 426 427 428
        RpcRaiseException(RPC_X_BAD_STUB_DATA);
    }

    p = pStubMsg->pfnAllocate(adjusted_len);
    if (!p) RpcRaiseException(ERROR_OUTOFMEMORY);

    mem_list = (NDR_MEMORY_LIST *)((char *)p + aligned_len);
    mem_list->magic = MEML_MAGIC;
    mem_list->size = aligned_len;
    mem_list->reserved = 0;
    mem_list->next = pStubMsg->pMemoryList;
    pStubMsg->pMemoryList = mem_list;

    TRACE("-- %p\n", p);
    return p;
429 430
}

431
static void NdrFree(MIDL_STUB_MESSAGE *pStubMsg, unsigned char *Pointer)
Ove Kaaven's avatar
Ove Kaaven committed
432
{
433 434
    TRACE("(%p, %p)\n", pStubMsg, Pointer);

435
    pStubMsg->pfnFree(Pointer);
Ove Kaaven's avatar
Ove Kaaven committed
436 437
}

438 439 440 441 442
static inline BOOL IsConformanceOrVariancePresent(PFORMAT_STRING pFormat)
{
    return (*(const ULONG *)pFormat != -1);
}

Huw Davies's avatar
Huw Davies committed
443
static PFORMAT_STRING ReadConformance(MIDL_STUB_MESSAGE *pStubMsg, PFORMAT_STRING pFormat)
444
{
445
  align_pointer(&pStubMsg->Buffer, 4);
446 447
  if (pStubMsg->Buffer + 4 > pStubMsg->BufferEnd)
      RpcRaiseException(RPC_X_BAD_STUB_DATA);
448 449 450
  pStubMsg->MaxCount = NDR_LOCAL_UINT32_READ(pStubMsg->Buffer);
  pStubMsg->Buffer += 4;
  TRACE("unmarshalled conformance is %ld\n", pStubMsg->MaxCount);
451 452 453 454
  if (pStubMsg->fHasNewCorrDesc)
    return pFormat+6;
  else
    return pFormat+4;
455 456
}

457
static inline PFORMAT_STRING ReadVariance(MIDL_STUB_MESSAGE *pStubMsg, PFORMAT_STRING pFormat, ULONG MaxValue)
458
{
459
  if (pFormat && !IsConformanceOrVariancePresent(pFormat))
460 461 462 463 464 465
  {
    pStubMsg->Offset = 0;
    pStubMsg->ActualCount = pStubMsg->MaxCount;
    goto done;
  }

466
  align_pointer(&pStubMsg->Buffer, 4);
467 468
  if (pStubMsg->Buffer + 8 > pStubMsg->BufferEnd)
    RpcRaiseException(RPC_X_BAD_STUB_DATA);
469 470
  pStubMsg->Offset      = NDR_LOCAL_UINT32_READ(pStubMsg->Buffer);
  pStubMsg->Buffer += 4;
471
  TRACE("offset is %d\n", pStubMsg->Offset);
472 473
  pStubMsg->ActualCount = NDR_LOCAL_UINT32_READ(pStubMsg->Buffer);
  pStubMsg->Buffer += 4;
474
  TRACE("variance is %d\n", pStubMsg->ActualCount);
475

476 477 478
  if ((pStubMsg->ActualCount > MaxValue) ||
      (pStubMsg->ActualCount + pStubMsg->Offset > MaxValue))
  {
479
    ERR("invalid array bound(s): ActualCount = %d, Offset = %d, MaxValue = %d\n",
480 481 482 483 484
        pStubMsg->ActualCount, pStubMsg->Offset, MaxValue);
    RpcRaiseException(RPC_S_INVALID_BOUND);
    return NULL;
  }

485
done:
486 487 488 489
  if (pStubMsg->fHasNewCorrDesc)
    return pFormat+6;
  else
    return pFormat+4;
490 491
}

492 493 494
/* writes the conformance value to the buffer */
static inline void WriteConformance(MIDL_STUB_MESSAGE *pStubMsg)
{
495
    align_pointer_clear(&pStubMsg->Buffer, 4);
496 497
    if (pStubMsg->Buffer + 4 > (unsigned char *)pStubMsg->RpcMsg->Buffer + pStubMsg->BufferLength)
        RpcRaiseException(RPC_X_BAD_STUB_DATA);
498 499 500 501 502 503 504
    NDR_LOCAL_UINT32_WRITE(pStubMsg->Buffer, pStubMsg->MaxCount);
    pStubMsg->Buffer += 4;
}

/* writes the variance values to the buffer */
static inline void WriteVariance(MIDL_STUB_MESSAGE *pStubMsg)
{
505
    align_pointer_clear(&pStubMsg->Buffer, 4);
506 507
    if (pStubMsg->Buffer + 8 > (unsigned char *)pStubMsg->RpcMsg->Buffer + pStubMsg->BufferLength)
        RpcRaiseException(RPC_X_BAD_STUB_DATA);
508 509 510 511 512 513 514 515 516
    NDR_LOCAL_UINT32_WRITE(pStubMsg->Buffer, pStubMsg->Offset);
    pStubMsg->Buffer += 4;
    NDR_LOCAL_UINT32_WRITE(pStubMsg->Buffer, pStubMsg->ActualCount);
    pStubMsg->Buffer += 4;
}

/* requests buffer space for the conformance value */
static inline void SizeConformance(MIDL_STUB_MESSAGE *pStubMsg)
{
517
    align_length(&pStubMsg->BufferLength, 4);
518 519
    if (pStubMsg->BufferLength + 4 < pStubMsg->BufferLength)
        RpcRaiseException(RPC_X_BAD_STUB_DATA);
520 521 522 523 524 525
    pStubMsg->BufferLength += 4;
}

/* requests buffer space for the variance values */
static inline void SizeVariance(MIDL_STUB_MESSAGE *pStubMsg)
{
526
    align_length(&pStubMsg->BufferLength, 4);
527 528
    if (pStubMsg->BufferLength + 8 < pStubMsg->BufferLength)
        RpcRaiseException(RPC_X_BAD_STUB_DATA);
529 530 531
    pStubMsg->BufferLength += 8;
}

532 533
PFORMAT_STRING ComputeConformanceOrVariance(
    MIDL_STUB_MESSAGE *pStubMsg, unsigned char *pMemory,
534
    PFORMAT_STRING pFormat, ULONG_PTR def, ULONG_PTR *pCount)
535 536
{
  BYTE dtype = pFormat[0] & 0xf;
537
  short ofs = *(const short *)&pFormat[2];
538
  LPVOID ptr = NULL;
539
  ULONG_PTR data = 0;
540

541
  if (!IsConformanceOrVariancePresent(pFormat)) {
542
    /* null descriptor */
543
    *pCount = def;
544 545 546 547 548
    goto finish_conf;
  }

  switch (pFormat[0] & 0xf0) {
  case RPC_FC_NORMAL_CONFORMANCE:
549
    TRACE("normal conformance, ofs=%d\n", ofs);
550
    ptr = pMemory;
551 552
    break;
  case RPC_FC_POINTER_CONFORMANCE:
553
    TRACE("pointer conformance, ofs=%d\n", ofs);
554
    ptr = pStubMsg->Memory;
555 556
    break;
  case RPC_FC_TOP_LEVEL_CONFORMANCE:
557
    TRACE("toplevel conformance, ofs=%d\n", ofs);
558
    if (pStubMsg->StackTop) {
559
      ptr = pStubMsg->StackTop;
560 561
    }
    else {
562
      /* -Os mode, *pCount is already set */
563 564 565 566 567
      goto finish_conf;
    }
    break;
  case RPC_FC_CONSTANT_CONFORMANCE:
    data = ofs | ((DWORD)pFormat[1] << 16);
568
    TRACE("constant conformance, val=%ld\n", data);
569
    *pCount = data;
570 571
    goto finish_conf;
  case RPC_FC_TOP_LEVEL_MULTID_CONFORMANCE:
572
    FIXME("toplevel multidimensional conformance, ofs=%d\n", ofs);
573
    if (pStubMsg->StackTop) {
574
      ptr = pStubMsg->StackTop;
575 576 577 578 579 580 581
    }
    else {
      /* ? */
      goto done_conf_grab;
    }
    break;
  default:
582 583
    FIXME("unknown conformance type %x, expect crash.\n", pFormat[0] & 0xf0);
    goto finish_conf;
584 585 586 587
  }

  switch (pFormat[1]) {
  case RPC_FC_DEREFERENCE:
588
    ptr = *(LPVOID*)((char *)ptr + ofs);
589 590
    break;
  case RPC_FC_CALLBACK:
591 592
  {
    unsigned char *old_stack_top = pStubMsg->StackTop;
593 594
    ULONG_PTR max_count, old_max_count = pStubMsg->MaxCount;

595 596
    pStubMsg->StackTop = ptr;

597
    /* ofs is index into StubDesc->apfnExprEval */
598 599 600 601
    TRACE("callback conformance into apfnExprEval[%d]\n", ofs);
    pStubMsg->StubDesc->apfnExprEval[ofs](pStubMsg);

    pStubMsg->StackTop = old_stack_top;
602 603

    /* the callback function always stores the computed value in MaxCount */
604 605 606
    max_count = pStubMsg->MaxCount;
    pStubMsg->MaxCount = old_max_count;
    *pCount = max_count;
607
    goto finish_conf;
608
  }
609
  default:
610
    ptr = (char *)ptr + ofs;
611 612 613 614 615 616 617 618 619 620 621 622 623 624
    break;
  }

  switch (dtype) {
  case RPC_FC_LONG:
  case RPC_FC_ULONG:
    data = *(DWORD*)ptr;
    break;
  case RPC_FC_SHORT:
    data = *(SHORT*)ptr;
    break;
  case RPC_FC_USHORT:
    data = *(USHORT*)ptr;
    break;
625
  case RPC_FC_CHAR:
626 627 628
  case RPC_FC_SMALL:
    data = *(CHAR*)ptr;
    break;
629
  case RPC_FC_BYTE:
630 631 632
  case RPC_FC_USMALL:
    data = *(UCHAR*)ptr;
    break;
633 634 635
  case RPC_FC_HYPER:
    data = *(ULONGLONG *)ptr;
    break;
636 637 638 639
  default:
    FIXME("unknown conformance data type %x\n", dtype);
    goto done_conf_grab;
  }
640
  TRACE("dereferenced data type %x at %p, got %ld\n", dtype, ptr, data);
641 642 643

done_conf_grab:
  switch (pFormat[1]) {
644
  case RPC_FC_DEREFERENCE: /* already handled */
645
  case 0: /* no op */
646
    *pCount = data;
647
    break;
648 649 650 651 652 653 654 655 656 657 658 659
  case RPC_FC_ADD_1:
    *pCount = data + 1;
    break;
  case RPC_FC_SUB_1:
    *pCount = data - 1;
    break;
  case RPC_FC_MULT_2:
    *pCount = data * 2;
    break;
  case RPC_FC_DIV_2:
    *pCount = data / 2;
    break;
660 661 662 663 664 665
  default:
    FIXME("unknown conformance op %d\n", pFormat[1]);
    goto finish_conf;
  }

finish_conf:
666
  TRACE("resulting conformance is %ld\n", *pCount);
667 668 669 670
  if (pStubMsg->fHasNewCorrDesc)
    return pFormat+6;
  else
    return pFormat+4;
671 672
}

673 674 675 676 677 678 679
static inline PFORMAT_STRING SkipConformance(PMIDL_STUB_MESSAGE pStubMsg,
                                             PFORMAT_STRING pFormat)
{
    if (pStubMsg->fHasNewCorrDesc)
      pFormat += 6;
    else
      pFormat += 4;
680 681 682 683 684 685
    return pFormat;
}

static inline PFORMAT_STRING SkipVariance(PMIDL_STUB_MESSAGE pStubMsg, PFORMAT_STRING pFormat)
{
    return SkipConformance( pStubMsg, pFormat );
686 687
}

688 689
/* multiply two numbers together, raising an RPC_S_INVALID_BOUND exception if
 * the result overflows 32-bits */
690
static inline ULONG safe_multiply(ULONG a, ULONG b)
691 692 693 694 695 696 697 698 699 700
{
    ULONGLONG ret = (ULONGLONG)a * b;
    if (ret > 0xffffffff)
    {
        RpcRaiseException(RPC_S_INVALID_BOUND);
        return 0;
    }
    return ret;
}

701 702 703
static inline void safe_buffer_increment(MIDL_STUB_MESSAGE *pStubMsg, ULONG size)
{
    if ((pStubMsg->Buffer + size < pStubMsg->Buffer) || /* integer overflow of pStubMsg->Buffer */
704
        (pStubMsg->Buffer + size > (unsigned char *)pStubMsg->RpcMsg->Buffer + pStubMsg->BufferLength))
705 706 707 708
        RpcRaiseException(RPC_X_BAD_STUB_DATA);
    pStubMsg->Buffer += size;
}

709 710 711 712 713 714 715 716 717 718 719
static inline void safe_buffer_length_increment(MIDL_STUB_MESSAGE *pStubMsg, ULONG size)
{
    if (pStubMsg->BufferLength + size < pStubMsg->BufferLength) /* integer overflow of pStubMsg->BufferSize */
    {
        ERR("buffer length overflow - BufferLength = %u, size = %u\n",
            pStubMsg->BufferLength, size);
        RpcRaiseException(RPC_X_BAD_STUB_DATA);
    }
    pStubMsg->BufferLength += size;
}

720 721
/* copies data from the buffer, checking that there is enough data in the buffer
 * to do so */
722
static inline void safe_copy_from_buffer(MIDL_STUB_MESSAGE *pStubMsg, void *p, ULONG size)
723 724 725
{
    if ((pStubMsg->Buffer + size < pStubMsg->Buffer) || /* integer overflow of pStubMsg->Buffer */
        (pStubMsg->Buffer + size > pStubMsg->BufferEnd))
726 727 728
    {
        ERR("buffer overflow - Buffer = %p, BufferEnd = %p, size = %u\n",
            pStubMsg->Buffer, pStubMsg->BufferEnd, size);
729
        RpcRaiseException(RPC_X_BAD_STUB_DATA);
730 731 732
    }
    if (p == pStubMsg->Buffer)
        ERR("pointer is the same as the buffer\n");
733 734 735
    memcpy(p, pStubMsg->Buffer, size);
    pStubMsg->Buffer += size;
}
736

737 738 739 740 741 742 743 744 745 746 747 748 749 750 751
/* copies data to the buffer, checking that there is enough space to do so */
static inline void safe_copy_to_buffer(MIDL_STUB_MESSAGE *pStubMsg, const void *p, ULONG size)
{
    if ((pStubMsg->Buffer + size < pStubMsg->Buffer) || /* integer overflow of pStubMsg->Buffer */
        (pStubMsg->Buffer + size > (unsigned char *)pStubMsg->RpcMsg->Buffer + pStubMsg->BufferLength))
    {
        ERR("buffer overflow - Buffer = %p, BufferEnd = %p, size = %u\n",
            pStubMsg->Buffer, (unsigned char *)pStubMsg->RpcMsg->Buffer + pStubMsg->BufferLength,
            size);
        RpcRaiseException(RPC_X_BAD_STUB_DATA);
    }
    memcpy(pStubMsg->Buffer, p, size);
    pStubMsg->Buffer += size;
}

752 753 754 755 756 757 758 759 760 761 762 763 764 765 766 767 768 769 770 771 772 773 774 775 776 777 778 779 780 781 782
/* verify that string data sitting in the buffer is valid and safe to
 * unmarshall */
static void validate_string_data(MIDL_STUB_MESSAGE *pStubMsg, ULONG bufsize, ULONG esize)
{
    ULONG i;

    /* verify the buffer is safe to access */
    if ((pStubMsg->Buffer + bufsize < pStubMsg->Buffer) ||
        (pStubMsg->Buffer + bufsize > pStubMsg->BufferEnd))
    {
        ERR("bufsize 0x%x exceeded buffer end %p of buffer %p\n", bufsize,
            pStubMsg->BufferEnd, pStubMsg->Buffer);
        RpcRaiseException(RPC_X_BAD_STUB_DATA);
    }

    /* strings must always have null terminating bytes */
    if (bufsize < esize)
    {
        ERR("invalid string length of %d\n", bufsize / esize);
        RpcRaiseException(RPC_S_INVALID_BOUND);
    }

    for (i = bufsize - esize; i < bufsize; i++)
        if (pStubMsg->Buffer[i] != 0)
        {
            ERR("string not null-terminated at byte position %d, data is 0x%x\n",
                i, pStubMsg->Buffer[i]);
            RpcRaiseException(RPC_S_INVALID_BOUND);
        }
}

Robert Shearman's avatar
Robert Shearman committed
783 784 785 786 787 788 789 790 791 792 793 794 795 796 797
static inline void dump_pointer_attr(unsigned char attr)
{
    if (attr & RPC_FC_P_ALLOCALLNODES)
        TRACE(" RPC_FC_P_ALLOCALLNODES");
    if (attr & RPC_FC_P_DONTFREE)
        TRACE(" RPC_FC_P_DONTFREE");
    if (attr & RPC_FC_P_ONSTACK)
        TRACE(" RPC_FC_P_ONSTACK");
    if (attr & RPC_FC_P_SIMPLEPOINTER)
        TRACE(" RPC_FC_P_SIMPLEPOINTER");
    if (attr & RPC_FC_P_DEREF)
        TRACE(" RPC_FC_P_DEREF");
    TRACE("\n");
}

798
/***********************************************************************
799
 *           PointerMarshall [internal]
800
 */
801
static void PointerMarshall(PMIDL_STUB_MESSAGE pStubMsg,
802 803 804 805 806 807 808
                            unsigned char *Buffer,
                            unsigned char *Pointer,
                            PFORMAT_STRING pFormat)
{
  unsigned type = pFormat[0], attr = pFormat[1];
  PFORMAT_STRING desc;
  NDR_MARSHALL m;
809
  ULONG pointer_id;
810
  int pointer_needs_marshaling;
811 812

  TRACE("(%p,%p,%p,%p)\n", pStubMsg, Buffer, Pointer, pFormat);
Robert Shearman's avatar
Robert Shearman committed
813
  TRACE("type=0x%x, attr=", type); dump_pointer_attr(attr);
814 815
  pFormat += 2;
  if (attr & RPC_FC_P_SIMPLEPOINTER) desc = pFormat;
Eric Pouech's avatar
Eric Pouech committed
816
  else desc = pFormat + *(const SHORT*)pFormat;
817 818 819

  switch (type) {
  case RPC_FC_RP: /* ref pointer (always non-null) */
Robert Shearman's avatar
Robert Shearman committed
820
    if (!Pointer)
821 822
    {
      ERR("NULL ref pointer is not allowed\n");
Robert Shearman's avatar
Robert Shearman committed
823
      RpcRaiseException(RPC_X_NULL_REF_POINTER);
824
    }
825
    pointer_needs_marshaling = 1;
Robert Shearman's avatar
Robert Shearman committed
826 827 828
    break;
  case RPC_FC_UP: /* unique pointer */
  case RPC_FC_OP: /* object pointer - same as unique here */
829 830 831 832
    if (Pointer)
      pointer_needs_marshaling = 1;
    else
      pointer_needs_marshaling = 0;
833
    pointer_id = Pointer ? NDR_POINTER_ID(pStubMsg) : 0;
834
    TRACE("writing 0x%08x to buffer\n", pointer_id);
835
    NDR_LOCAL_UINT32_WRITE(Buffer, pointer_id);
836
    break;
Robert Shearman's avatar
Robert Shearman committed
837
  case RPC_FC_FP:
838 839
    pointer_needs_marshaling = !NdrFullPointerQueryPointer(
      pStubMsg->FullPtrXlatTables, Pointer, 1, &pointer_id);
840
    TRACE("writing 0x%08x to buffer\n", pointer_id);
841 842
    NDR_LOCAL_UINT32_WRITE(Buffer, pointer_id);
    break;
843 844
  default:
    FIXME("unhandled ptr type=%02x\n", type);
Robert Shearman's avatar
Robert Shearman committed
845
    RpcRaiseException(RPC_X_BAD_STUB_DATA);
846
    return;
847 848
  }

Robert Shearman's avatar
Robert Shearman committed
849 850
  TRACE("calling marshaller for type 0x%x\n", (int)*desc);

851
  if (pointer_needs_marshaling) {
852 853 854 855
    if (attr & RPC_FC_P_DEREF) {
      Pointer = *(unsigned char**)Pointer;
      TRACE("deref => %p\n", Pointer);
    }
Robert Shearman's avatar
Robert Shearman committed
856 857 858 859
    m = NdrMarshaller[*desc & NDR_TABLE_MASK];
    if (m) m(pStubMsg, Pointer, desc);
    else FIXME("no marshaller for data type=%02x\n", *desc);
  }
Ove Kaaven's avatar
Ove Kaaven committed
860 861

  STD_OVERFLOW_CHECK(pStubMsg);
862 863 864
}

/***********************************************************************
865
 *           PointerUnmarshall [internal]
866
 */
867
static void PointerUnmarshall(PMIDL_STUB_MESSAGE pStubMsg,
868 869
                              unsigned char *Buffer,
                              unsigned char **pPointer,
870
                              unsigned char *pSrcPointer,
871 872 873 874 875 876
                              PFORMAT_STRING pFormat,
                              unsigned char fMustAlloc)
{
  unsigned type = pFormat[0], attr = pFormat[1];
  PFORMAT_STRING desc;
  NDR_UNMARSHALL m;
Robert Shearman's avatar
Robert Shearman committed
877
  DWORD pointer_id = 0;
878
  int pointer_needs_unmarshaling;
879

880
  TRACE("(%p,%p,%p,%p,%p,%d)\n", pStubMsg, Buffer, pPointer, pSrcPointer, pFormat, fMustAlloc);
Robert Shearman's avatar
Robert Shearman committed
881
  TRACE("type=0x%x, attr=", type); dump_pointer_attr(attr);
882 883
  pFormat += 2;
  if (attr & RPC_FC_P_SIMPLEPOINTER) desc = pFormat;
Eric Pouech's avatar
Eric Pouech committed
884
  else desc = pFormat + *(const SHORT*)pFormat;
885 886 887

  switch (type) {
  case RPC_FC_RP: /* ref pointer (always non-null) */
888
    pointer_needs_unmarshaling = 1;
Robert Shearman's avatar
Robert Shearman committed
889 890
    break;
  case RPC_FC_UP: /* unique pointer */
891
    pointer_id = NDR_LOCAL_UINT32_READ(Buffer);
892
    TRACE("pointer_id is 0x%08x\n", pointer_id);
893 894
    if (pointer_id)
      pointer_needs_unmarshaling = 1;
895 896
    else {
      *pPointer = NULL;
897
      pointer_needs_unmarshaling = 0;
898
    }
899
    break;
Robert Shearman's avatar
Robert Shearman committed
900
  case RPC_FC_OP: /* object pointer - we must free data before overwriting it */
901
    pointer_id = NDR_LOCAL_UINT32_READ(Buffer);
902
    TRACE("pointer_id is 0x%08x\n", pointer_id);
903
    if (!fMustAlloc && pSrcPointer)
904
    {
905
        FIXME("free object pointer %p\n", pSrcPointer);
906
        fMustAlloc = TRUE;
907
    }
908 909 910
    if (pointer_id)
      pointer_needs_unmarshaling = 1;
    else
911 912
    {
      *pPointer = NULL;    
913
      pointer_needs_unmarshaling = 0;
914
    }
915
    break;
Robert Shearman's avatar
Robert Shearman committed
916
  case RPC_FC_FP:
917
    pointer_id = NDR_LOCAL_UINT32_READ(Buffer);
918
    TRACE("pointer_id is 0x%08x\n", pointer_id);
919 920 921
    pointer_needs_unmarshaling = !NdrFullPointerQueryRefId(
      pStubMsg->FullPtrXlatTables, pointer_id, 1, (void **)pPointer);
    break;
922 923
  default:
    FIXME("unhandled ptr type=%02x\n", type);
Robert Shearman's avatar
Robert Shearman committed
924
    RpcRaiseException(RPC_X_BAD_STUB_DATA);
925
    return;
926 927
  }

928
  if (pointer_needs_unmarshaling) {
929 930 931 932 933 934 935 936 937 938 939
    unsigned char **current_ptr = pPointer;
    if (pStubMsg->IsClient) {
      TRACE("client\n");
      /* if we aren't forcing allocation of memory then try to use the existing
       * (source) pointer to unmarshall the data into so that [in,out]
       * parameters behave correctly. it doesn't matter if the parameter is
       * [out] only since in that case the pointer will be NULL. we force
       * allocation when the source pointer is NULL here instead of in the type
       * unmarshalling routine for the benefit of the deref code below */
      if (!fMustAlloc) {
        if (pSrcPointer) {
940
          TRACE("setting *pPointer to %p\n", pSrcPointer);
941
          *pPointer = pSrcPointer;
942 943 944 945 946 947 948 949
        } else
          fMustAlloc = TRUE;
      }
    } else {
      TRACE("server\n");
      /* the memory in a stub is never initialised, so we have to work out here
       * whether we have to initialise it so we can use the optimisation of
       * setting the pointer to the buffer, if possible, or set fMustAlloc to
950 951
       * TRUE. */
      if (attr & RPC_FC_P_DEREF) {
952 953 954
        fMustAlloc = TRUE;
      } else {
        *current_ptr = NULL;
955
      }
956 957
    }

958 959 960
    if (attr & RPC_FC_P_ALLOCALLNODES)
        FIXME("RPC_FC_P_ALLOCALLNODES not implemented\n");

961 962
    if (attr & RPC_FC_P_DEREF) {
      if (fMustAlloc) {
963
        unsigned char *base_ptr_val = NdrAllocate(pStubMsg, sizeof(void *));
964
        *pPointer = base_ptr_val;
965 966 967 968 969
        current_ptr = (unsigned char **)base_ptr_val;
      } else
        current_ptr = *(unsigned char***)current_ptr;
      TRACE("deref => %p\n", current_ptr);
      if (!fMustAlloc && !*current_ptr) fMustAlloc = TRUE;
970
    }
Robert Shearman's avatar
Robert Shearman committed
971
    m = NdrUnmarshaller[*desc & NDR_TABLE_MASK];
972
    if (m) m(pStubMsg, current_ptr, desc, fMustAlloc);
Robert Shearman's avatar
Robert Shearman committed
973
    else FIXME("no unmarshaller for data type=%02x\n", *desc);
974 975 976

    if (type == RPC_FC_FP)
      NdrFullPointerInsertRefId(pStubMsg->FullPtrXlatTables, pointer_id,
977
                                *pPointer);
Robert Shearman's avatar
Robert Shearman committed
978 979
  }

980 981 982 983
  TRACE("pointer=%p\n", *pPointer);
}

/***********************************************************************
984
 *           PointerBufferSize [internal]
985
 */
986
static void PointerBufferSize(PMIDL_STUB_MESSAGE pStubMsg,
987 988 989 990 991 992
                              unsigned char *Pointer,
                              PFORMAT_STRING pFormat)
{
  unsigned type = pFormat[0], attr = pFormat[1];
  PFORMAT_STRING desc;
  NDR_BUFFERSIZE m;
993
  int pointer_needs_sizing;
994
  ULONG pointer_id;
995 996

  TRACE("(%p,%p,%p)\n", pStubMsg, Pointer, pFormat);
997
  TRACE("type=0x%x, attr=", type); dump_pointer_attr(attr);
998 999
  pFormat += 2;
  if (attr & RPC_FC_P_SIMPLEPOINTER) desc = pFormat;
Eric Pouech's avatar
Eric Pouech committed
1000
  else desc = pFormat + *(const SHORT*)pFormat;
1001

1002 1003
  switch (type) {
  case RPC_FC_RP: /* ref pointer (always non-null) */
1004 1005 1006 1007 1008
    if (!Pointer)
    {
      ERR("NULL ref pointer is not allowed\n");
      RpcRaiseException(RPC_X_NULL_REF_POINTER);
    }
1009
    break;
Robert Shearman's avatar
Robert Shearman committed
1010 1011 1012 1013 1014 1015 1016
  case RPC_FC_OP:
  case RPC_FC_UP:
    /* NULL pointer has no further representation */
    if (!Pointer)
        return;
    break;
  case RPC_FC_FP:
1017 1018 1019 1020 1021
    pointer_needs_sizing = !NdrFullPointerQueryPointer(
      pStubMsg->FullPtrXlatTables, Pointer, 0, &pointer_id);
    if (!pointer_needs_sizing)
      return;
    break;
1022 1023
  default:
    FIXME("unhandled ptr type=%02x\n", type);
Robert Shearman's avatar
Robert Shearman committed
1024
    RpcRaiseException(RPC_X_BAD_STUB_DATA);
1025
    return;
1026 1027
  }

1028 1029 1030 1031 1032
  if (attr & RPC_FC_P_DEREF) {
    Pointer = *(unsigned char**)Pointer;
    TRACE("deref => %p\n", Pointer);
  }

1033 1034 1035 1036 1037 1038
  m = NdrBufferSizer[*desc & NDR_TABLE_MASK];
  if (m) m(pStubMsg, Pointer, desc);
  else FIXME("no buffersizer for data type=%02x\n", *desc);
}

/***********************************************************************
1039
 *           PointerMemorySize [internal]
1040
 */
1041 1042
static ULONG PointerMemorySize(PMIDL_STUB_MESSAGE pStubMsg,
                               unsigned char *Buffer, PFORMAT_STRING pFormat)
1043 1044 1045 1046
{
  unsigned type = pFormat[0], attr = pFormat[1];
  PFORMAT_STRING desc;
  NDR_MEMORYSIZE m;
1047 1048
  DWORD pointer_id = 0;
  int pointer_needs_sizing;
1049

1050
  TRACE("(%p,%p,%p)\n", pStubMsg, Buffer, pFormat);
1051
  TRACE("type=0x%x, attr=", type); dump_pointer_attr(attr);
1052 1053
  pFormat += 2;
  if (attr & RPC_FC_P_SIMPLEPOINTER) desc = pFormat;
Eric Pouech's avatar
Eric Pouech committed
1054
  else desc = pFormat + *(const SHORT*)pFormat;
1055 1056 1057

  switch (type) {
  case RPC_FC_RP: /* ref pointer (always non-null) */
1058 1059 1060 1061 1062 1063 1064 1065 1066 1067
    pointer_needs_sizing = 1;
    break;
  case RPC_FC_UP: /* unique pointer */
  case RPC_FC_OP: /* object pointer - we must free data before overwriting it */
    pointer_id = NDR_LOCAL_UINT32_READ(Buffer);
    TRACE("pointer_id is 0x%08x\n", pointer_id);
    if (pointer_id)
      pointer_needs_sizing = 1;
    else
      pointer_needs_sizing = 0;
1068
    break;
1069 1070 1071 1072 1073 1074 1075 1076 1077
  case RPC_FC_FP:
  {
    void *pointer;
    pointer_id = NDR_LOCAL_UINT32_READ(Buffer);
    TRACE("pointer_id is 0x%08x\n", pointer_id);
    pointer_needs_sizing = !NdrFullPointerQueryRefId(
      pStubMsg->FullPtrXlatTables, pointer_id, 1, &pointer);
    break;
  }
1078 1079
  default:
    FIXME("unhandled ptr type=%02x\n", type);
Robert Shearman's avatar
Robert Shearman committed
1080
    RpcRaiseException(RPC_X_BAD_STUB_DATA);
1081
    return 0;
1082 1083
  }

1084
  if (attr & RPC_FC_P_DEREF) {
1085
    align_length(&pStubMsg->MemorySize, sizeof(void*));
1086
    pStubMsg->MemorySize += sizeof(void*);
1087 1088 1089
    TRACE("deref\n");
  }

1090 1091 1092 1093 1094
  if (pointer_needs_sizing) {
    m = NdrMemorySizer[*desc & NDR_TABLE_MASK];
    if (m) m(pStubMsg, desc);
    else FIXME("no memorysizer for data type=%02x\n", *desc);
  }
1095

1096
  return pStubMsg->MemorySize;
1097 1098 1099
}

/***********************************************************************
1100
 *           PointerFree [internal]
1101
 */
1102
static void PointerFree(PMIDL_STUB_MESSAGE pStubMsg,
1103 1104 1105 1106 1107 1108
                        unsigned char *Pointer,
                        PFORMAT_STRING pFormat)
{
  unsigned type = pFormat[0], attr = pFormat[1];
  PFORMAT_STRING desc;
  NDR_FREE m;
1109
  unsigned char *current_pointer = Pointer;
1110 1111

  TRACE("(%p,%p,%p)\n", pStubMsg, Pointer, pFormat);
1112
  TRACE("type=0x%x, attr=", type); dump_pointer_attr(attr);
1113 1114 1115
  if (attr & RPC_FC_P_DONTFREE) return;
  pFormat += 2;
  if (attr & RPC_FC_P_SIMPLEPOINTER) desc = pFormat;
Eric Pouech's avatar
Eric Pouech committed
1116
  else desc = pFormat + *(const SHORT*)pFormat;
1117 1118 1119

  if (!Pointer) return;

1120 1121 1122 1123 1124 1125 1126
  if (type == RPC_FC_FP) {
    int pointer_needs_freeing = NdrFullPointerFree(
      pStubMsg->FullPtrXlatTables, Pointer);
    if (!pointer_needs_freeing)
      return;
  }

1127
  if (attr & RPC_FC_P_DEREF) {
1128 1129
    current_pointer = *(unsigned char**)Pointer;
    TRACE("deref => %p\n", current_pointer);
1130
  }
1131 1132

  m = NdrFreer[*desc & NDR_TABLE_MASK];
1133
  if (m) m(pStubMsg, current_pointer, desc);
1134

1135 1136 1137 1138 1139 1140
  /* this check stops us from trying to free buffer memory. we don't have to
   * worry about clients, since they won't call this function.
   * we don't have to check for the buffer being reallocated because
   * BufferStart and BufferEnd won't be reset when allocating memory for
   * sending the response. we don't have to check for the new buffer here as
   * it won't be used a type memory, only for buffer memory */
1141
  if (Pointer >= pStubMsg->BufferStart && Pointer < pStubMsg->BufferEnd)
1142 1143
      goto notfree;

1144 1145 1146 1147 1148
  if (attr & RPC_FC_P_ONSTACK) {
    TRACE("not freeing stack ptr %p\n", Pointer);
    return;
  }
  TRACE("freeing %p\n", Pointer);
Ove Kaaven's avatar
Ove Kaaven committed
1149
  NdrFree(pStubMsg, Pointer);
1150
  return;
1151 1152
notfree:
  TRACE("not freeing %p\n", Pointer);
1153 1154 1155 1156 1157
}

/***********************************************************************
 *           EmbeddedPointerMarshall
 */
1158
static unsigned char * EmbeddedPointerMarshall(PMIDL_STUB_MESSAGE pStubMsg,
1159 1160 1161 1162
                                               unsigned char *pMemory,
                                               PFORMAT_STRING pFormat)
{
  unsigned char *Mark = pStubMsg->BufferMark;
1163
  unsigned rep, count, stride;
1164
  unsigned i;
1165
  unsigned char *saved_buffer = NULL;
1166 1167 1168 1169 1170 1171

  TRACE("(%p,%p,%p)\n", pStubMsg, pMemory, pFormat);

  if (*pFormat != RPC_FC_PP) return NULL;
  pFormat += 2;

1172 1173 1174 1175 1176 1177 1178
  if (pStubMsg->PointerBufferMark)
  {
    saved_buffer = pStubMsg->Buffer;
    pStubMsg->Buffer = pStubMsg->PointerBufferMark;
    pStubMsg->PointerBufferMark = NULL;
  }

1179 1180 1181
  while (pFormat[0] != RPC_FC_END) {
    switch (pFormat[0]) {
    default:
1182 1183
      FIXME("unknown repeat type %d; assuming no repeat\n", pFormat[0]);
      /* fallthrough */
1184 1185 1186 1187 1188 1189 1190
    case RPC_FC_NO_REPEAT:
      rep = 1;
      stride = 0;
      count = 1;
      pFormat += 2;
      break;
    case RPC_FC_FIXED_REPEAT:
Eric Pouech's avatar
Eric Pouech committed
1191 1192 1193
      rep = *(const WORD*)&pFormat[2];
      stride = *(const WORD*)&pFormat[4];
      count = *(const WORD*)&pFormat[8];
1194 1195 1196
      pFormat += 10;
      break;
    case RPC_FC_VARIABLE_REPEAT:
1197
      rep = (pFormat[1] == RPC_FC_VARIABLE_OFFSET) ? pStubMsg->ActualCount : pStubMsg->MaxCount;
Eric Pouech's avatar
Eric Pouech committed
1198 1199
      stride = *(const WORD*)&pFormat[2];
      count = *(const WORD*)&pFormat[6];
1200 1201 1202
      pFormat += 8;
      break;
    }
1203
    for (i = 0; i < rep; i++) {
1204
      PFORMAT_STRING info = pFormat;
1205 1206
      unsigned char *membase = pMemory + (i * stride);
      unsigned char *bufbase = Mark + (i * stride);
1207
      unsigned u;
1208

1209
      for (u=0; u<count; u++,info+=8) {
Eric Pouech's avatar
Eric Pouech committed
1210
        unsigned char *memptr = membase + *(const SHORT*)&info[0];
1211
        unsigned char *bufptr = bufbase + *(const SHORT*)&info[2];
1212 1213 1214
        unsigned char *saved_memory = pStubMsg->Memory;

        pStubMsg->Memory = pMemory;
1215
        PointerMarshall(pStubMsg, bufptr, *(unsigned char**)memptr, info+4);
1216
        pStubMsg->Memory = saved_memory;
1217 1218 1219 1220 1221
      }
    }
    pFormat += 8 * count;
  }

1222 1223 1224 1225 1226 1227
  if (saved_buffer)
  {
    pStubMsg->PointerBufferMark = pStubMsg->Buffer;
    pStubMsg->Buffer = saved_buffer;
  }

Ove Kaaven's avatar
Ove Kaaven committed
1228 1229
  STD_OVERFLOW_CHECK(pStubMsg);

1230 1231 1232 1233 1234 1235
  return NULL;
}

/***********************************************************************
 *           EmbeddedPointerUnmarshall
 */
1236
static unsigned char * EmbeddedPointerUnmarshall(PMIDL_STUB_MESSAGE pStubMsg,
1237
                                                 unsigned char *pDstBuffer,
1238
                                                 unsigned char *pSrcMemoryPtrs,
1239 1240 1241 1242
                                                 PFORMAT_STRING pFormat,
                                                 unsigned char fMustAlloc)
{
  unsigned char *Mark = pStubMsg->BufferMark;
1243
  unsigned rep, count, stride;
1244
  unsigned i;
1245
  unsigned char *saved_buffer = NULL;
1246

1247
  TRACE("(%p,%p,%p,%p,%d)\n", pStubMsg, pDstBuffer, pSrcMemoryPtrs, pFormat, fMustAlloc);
1248 1249 1250 1251

  if (*pFormat != RPC_FC_PP) return NULL;
  pFormat += 2;

1252 1253 1254 1255 1256 1257 1258
  if (pStubMsg->PointerBufferMark)
  {
    saved_buffer = pStubMsg->Buffer;
    pStubMsg->Buffer = pStubMsg->PointerBufferMark;
    pStubMsg->PointerBufferMark = NULL;
  }

1259
  while (pFormat[0] != RPC_FC_END) {
1260
    TRACE("pFormat[0] = 0x%x\n", pFormat[0]);
1261 1262
    switch (pFormat[0]) {
    default:
1263 1264
      FIXME("unknown repeat type %d; assuming no repeat\n", pFormat[0]);
      /* fallthrough */
1265 1266 1267 1268 1269 1270 1271
    case RPC_FC_NO_REPEAT:
      rep = 1;
      stride = 0;
      count = 1;
      pFormat += 2;
      break;
    case RPC_FC_FIXED_REPEAT:
Eric Pouech's avatar
Eric Pouech committed
1272 1273 1274
      rep = *(const WORD*)&pFormat[2];
      stride = *(const WORD*)&pFormat[4];
      count = *(const WORD*)&pFormat[8];
1275 1276 1277
      pFormat += 10;
      break;
    case RPC_FC_VARIABLE_REPEAT:
1278
      rep = (pFormat[1] == RPC_FC_VARIABLE_OFFSET) ? pStubMsg->ActualCount : pStubMsg->MaxCount;
Eric Pouech's avatar
Eric Pouech committed
1279 1280
      stride = *(const WORD*)&pFormat[2];
      count = *(const WORD*)&pFormat[6];
1281 1282 1283
      pFormat += 8;
      break;
    }
1284
    for (i = 0; i < rep; i++) {
1285
      PFORMAT_STRING info = pFormat;
1286
      unsigned char *bufdstbase = pDstBuffer + (i * stride);
1287
      unsigned char *memsrcbase = pSrcMemoryPtrs + (i * stride);
1288
      unsigned char *bufbase = Mark + (i * stride);
1289
      unsigned u;
1290

1291
      for (u=0; u<count; u++,info+=8) {
1292
        unsigned char **bufdstptr = (unsigned char **)(bufdstbase + *(const SHORT*)&info[2]);
1293
        unsigned char **memsrcptr = (unsigned char **)(memsrcbase + *(const SHORT*)&info[0]);
1294
        unsigned char *bufptr = bufbase + *(const SHORT*)&info[2];
1295
        PointerUnmarshall(pStubMsg, bufptr, bufdstptr, *memsrcptr, info+4, fMustAlloc);
1296 1297 1298 1299 1300
      }
    }
    pFormat += 8 * count;
  }

1301 1302 1303 1304 1305 1306
  if (saved_buffer)
  {
    pStubMsg->PointerBufferMark = pStubMsg->Buffer;
    pStubMsg->Buffer = saved_buffer;
  }

1307 1308 1309 1310 1311 1312
  return NULL;
}

/***********************************************************************
 *           EmbeddedPointerBufferSize
 */
1313
static void EmbeddedPointerBufferSize(PMIDL_STUB_MESSAGE pStubMsg,
1314 1315 1316
                                      unsigned char *pMemory,
                                      PFORMAT_STRING pFormat)
{
1317
  unsigned rep, count, stride;
1318
  unsigned i;
1319
  ULONG saved_buffer_length = 0;
1320 1321

  TRACE("(%p,%p,%p)\n", pStubMsg, pMemory, pFormat);
1322 1323 1324

  if (pStubMsg->IgnoreEmbeddedPointers) return;

1325 1326 1327
  if (*pFormat != RPC_FC_PP) return;
  pFormat += 2;

1328 1329 1330 1331 1332 1333 1334
  if (pStubMsg->PointerLength)
  {
    saved_buffer_length = pStubMsg->BufferLength;
    pStubMsg->BufferLength = pStubMsg->PointerLength;
    pStubMsg->PointerLength = 0;
  }

1335 1336 1337
  while (pFormat[0] != RPC_FC_END) {
    switch (pFormat[0]) {
    default:
1338 1339
      FIXME("unknown repeat type %d; assuming no repeat\n", pFormat[0]);
      /* fallthrough */
1340 1341 1342 1343 1344 1345 1346
    case RPC_FC_NO_REPEAT:
      rep = 1;
      stride = 0;
      count = 1;
      pFormat += 2;
      break;
    case RPC_FC_FIXED_REPEAT:
Eric Pouech's avatar
Eric Pouech committed
1347 1348 1349
      rep = *(const WORD*)&pFormat[2];
      stride = *(const WORD*)&pFormat[4];
      count = *(const WORD*)&pFormat[8];
1350 1351 1352
      pFormat += 10;
      break;
    case RPC_FC_VARIABLE_REPEAT:
1353
      rep = (pFormat[1] == RPC_FC_VARIABLE_OFFSET) ? pStubMsg->ActualCount : pStubMsg->MaxCount;
Eric Pouech's avatar
Eric Pouech committed
1354 1355
      stride = *(const WORD*)&pFormat[2];
      count = *(const WORD*)&pFormat[6];
1356 1357 1358
      pFormat += 8;
      break;
    }
1359
    for (i = 0; i < rep; i++) {
1360
      PFORMAT_STRING info = pFormat;
1361
      unsigned char *membase = pMemory + (i * stride);
1362
      unsigned u;
1363

1364
      for (u=0; u<count; u++,info+=8) {
Eric Pouech's avatar
Eric Pouech committed
1365
        unsigned char *memptr = membase + *(const SHORT*)&info[0];
1366 1367 1368
        unsigned char *saved_memory = pStubMsg->Memory;

        pStubMsg->Memory = pMemory;
1369
        PointerBufferSize(pStubMsg, *(unsigned char**)memptr, info+4);
1370
        pStubMsg->Memory = saved_memory;
1371 1372 1373 1374
      }
    }
    pFormat += 8 * count;
  }
1375 1376 1377 1378 1379 1380

  if (saved_buffer_length)
  {
    pStubMsg->PointerLength = pStubMsg->BufferLength;
    pStubMsg->BufferLength = saved_buffer_length;
  }
1381 1382 1383
}

/***********************************************************************
1384
 *           EmbeddedPointerMemorySize [internal]
1385
 */
1386 1387
static ULONG EmbeddedPointerMemorySize(PMIDL_STUB_MESSAGE pStubMsg,
                                       PFORMAT_STRING pFormat)
1388 1389
{
  unsigned char *Mark = pStubMsg->BufferMark;
1390
  unsigned rep, count, stride;
1391
  unsigned i;
1392
  unsigned char *saved_buffer = NULL;
1393

1394 1395 1396 1397
  TRACE("(%p,%p)\n", pStubMsg, pFormat);

  if (pStubMsg->IgnoreEmbeddedPointers) return 0;

1398 1399 1400 1401 1402 1403
  if (pStubMsg->PointerBufferMark)
  {
    saved_buffer = pStubMsg->Buffer;
    pStubMsg->Buffer = pStubMsg->PointerBufferMark;
    pStubMsg->PointerBufferMark = NULL;
  }
1404

1405 1406 1407 1408 1409 1410
  if (*pFormat != RPC_FC_PP) return 0;
  pFormat += 2;

  while (pFormat[0] != RPC_FC_END) {
    switch (pFormat[0]) {
    default:
1411 1412
      FIXME("unknown repeat type %d; assuming no repeat\n", pFormat[0]);
      /* fallthrough */
1413 1414 1415 1416 1417 1418 1419
    case RPC_FC_NO_REPEAT:
      rep = 1;
      stride = 0;
      count = 1;
      pFormat += 2;
      break;
    case RPC_FC_FIXED_REPEAT:
Eric Pouech's avatar
Eric Pouech committed
1420 1421 1422
      rep = *(const WORD*)&pFormat[2];
      stride = *(const WORD*)&pFormat[4];
      count = *(const WORD*)&pFormat[8];
1423 1424 1425
      pFormat += 10;
      break;
    case RPC_FC_VARIABLE_REPEAT:
1426
      rep = (pFormat[1] == RPC_FC_VARIABLE_OFFSET) ? pStubMsg->ActualCount : pStubMsg->MaxCount;
Eric Pouech's avatar
Eric Pouech committed
1427 1428
      stride = *(const WORD*)&pFormat[2];
      count = *(const WORD*)&pFormat[6];
1429 1430 1431
      pFormat += 8;
      break;
    }
1432
    for (i = 0; i < rep; i++) {
1433
      PFORMAT_STRING info = pFormat;
1434
      unsigned char *bufbase = Mark + (i * stride);
1435 1436
      unsigned u;
      for (u=0; u<count; u++,info+=8) {
1437
        unsigned char *bufptr = bufbase + *(const SHORT*)&info[2];
1438 1439 1440 1441 1442 1443
        PointerMemorySize(pStubMsg, bufptr, info+4);
      }
    }
    pFormat += 8 * count;
  }

1444 1445 1446 1447 1448 1449
  if (saved_buffer)
  {
    pStubMsg->PointerBufferMark = pStubMsg->Buffer;
    pStubMsg->Buffer = saved_buffer;
  }

1450 1451 1452 1453
  return 0;
}

/***********************************************************************
1454
 *           EmbeddedPointerFree [internal]
1455
 */
1456
static void EmbeddedPointerFree(PMIDL_STUB_MESSAGE pStubMsg,
1457 1458 1459
                                unsigned char *pMemory,
                                PFORMAT_STRING pFormat)
{
1460
  unsigned rep, count, stride;
1461
  unsigned i;
1462 1463 1464 1465 1466 1467 1468 1469

  TRACE("(%p,%p,%p)\n", pStubMsg, pMemory, pFormat);
  if (*pFormat != RPC_FC_PP) return;
  pFormat += 2;

  while (pFormat[0] != RPC_FC_END) {
    switch (pFormat[0]) {
    default:
1470 1471
      FIXME("unknown repeat type %d; assuming no repeat\n", pFormat[0]);
      /* fallthrough */
1472 1473 1474 1475 1476 1477 1478
    case RPC_FC_NO_REPEAT:
      rep = 1;
      stride = 0;
      count = 1;
      pFormat += 2;
      break;
    case RPC_FC_FIXED_REPEAT:
Eric Pouech's avatar
Eric Pouech committed
1479 1480 1481
      rep = *(const WORD*)&pFormat[2];
      stride = *(const WORD*)&pFormat[4];
      count = *(const WORD*)&pFormat[8];
1482 1483 1484
      pFormat += 10;
      break;
    case RPC_FC_VARIABLE_REPEAT:
1485
      rep = (pFormat[1] == RPC_FC_VARIABLE_OFFSET) ? pStubMsg->ActualCount : pStubMsg->MaxCount;
Eric Pouech's avatar
Eric Pouech committed
1486 1487
      stride = *(const WORD*)&pFormat[2];
      count = *(const WORD*)&pFormat[6];
1488 1489 1490
      pFormat += 8;
      break;
    }
1491
    for (i = 0; i < rep; i++) {
1492
      PFORMAT_STRING info = pFormat;
1493
      unsigned char *membase = pMemory + (i * stride);
1494
      unsigned u;
1495

1496
      for (u=0; u<count; u++,info+=8) {
Eric Pouech's avatar
Eric Pouech committed
1497
        unsigned char *memptr = membase + *(const SHORT*)&info[0];
1498 1499 1500
        unsigned char *saved_memory = pStubMsg->Memory;

        pStubMsg->Memory = pMemory;
1501
        PointerFree(pStubMsg, *(unsigned char**)memptr, info+4);
1502
        pStubMsg->Memory = saved_memory;
1503 1504 1505 1506 1507 1508 1509 1510 1511 1512 1513 1514 1515
      }
    }
    pFormat += 8 * count;
  }
}

/***********************************************************************
 *           NdrPointerMarshall [RPCRT4.@]
 */
unsigned char * WINAPI NdrPointerMarshall(PMIDL_STUB_MESSAGE pStubMsg,
                                          unsigned char *pMemory,
                                          PFORMAT_STRING pFormat)
{
1516 1517
  unsigned char *Buffer;

1518 1519
  TRACE("(%p,%p,%p)\n", pStubMsg, pMemory, pFormat);

Austin English's avatar
Austin English committed
1520
  /* Increment the buffer here instead of in PointerMarshall,
1521 1522 1523 1524
   * as that is used by embedded pointers which already handle the incrementing
   * the buffer, and shouldn't write any additional pointer data to the wire */
  if (*pFormat != RPC_FC_RP)
  {
1525
    align_pointer_clear(&pStubMsg->Buffer, 4);
1526
    Buffer = pStubMsg->Buffer;
1527
    safe_buffer_increment(pStubMsg, 4);
1528 1529 1530 1531
  }
  else
    Buffer = pStubMsg->Buffer;

1532
  PointerMarshall(pStubMsg, Buffer, pMemory, pFormat);
Ove Kaaven's avatar
Ove Kaaven committed
1533

1534 1535 1536 1537 1538 1539 1540 1541 1542 1543 1544
  return NULL;
}

/***********************************************************************
 *           NdrPointerUnmarshall [RPCRT4.@]
 */
unsigned char * WINAPI NdrPointerUnmarshall(PMIDL_STUB_MESSAGE pStubMsg,
                                            unsigned char **ppMemory,
                                            PFORMAT_STRING pFormat,
                                            unsigned char fMustAlloc)
{
1545 1546
  unsigned char *Buffer;

1547 1548
  TRACE("(%p,%p,%p,%d)\n", pStubMsg, ppMemory, pFormat, fMustAlloc);

1549
  if (*pFormat == RPC_FC_RP)
1550 1551
  {
    Buffer = pStubMsg->Buffer;
1552 1553 1554 1555 1556 1557 1558 1559
    /* Do the NULL ref pointer check here because embedded pointers can be
     * NULL if the type the pointer is embedded in was allocated rather than
     * being passed in by the client */
    if (pStubMsg->IsClient && !*ppMemory)
    {
      ERR("NULL ref pointer is not allowed\n");
      RpcRaiseException(RPC_X_NULL_REF_POINTER);
    }
1560 1561
  }
  else
1562 1563 1564 1565 1566
  {
    /* Increment the buffer here instead of in PointerUnmarshall,
     * as that is used by embedded pointers which already handle the incrementing
     * the buffer, and shouldn't read any additional pointer data from the
     * buffer */
1567
    align_pointer(&pStubMsg->Buffer, 4);
1568
    Buffer = pStubMsg->Buffer;
1569 1570
    safe_buffer_increment(pStubMsg, 4);
  }
1571

1572
  PointerUnmarshall(pStubMsg, Buffer, ppMemory, *ppMemory, pFormat, fMustAlloc);
1573 1574 1575 1576 1577 1578 1579 1580 1581 1582 1583 1584

  return NULL;
}

/***********************************************************************
 *           NdrPointerBufferSize [RPCRT4.@]
 */
void WINAPI NdrPointerBufferSize(PMIDL_STUB_MESSAGE pStubMsg,
                                      unsigned char *pMemory,
                                      PFORMAT_STRING pFormat)
{
  TRACE("(%p,%p,%p)\n", pStubMsg, pMemory, pFormat);
1585

Austin English's avatar
Austin English committed
1586
  /* Increment the buffer length here instead of in PointerBufferSize,
1587 1588 1589 1590
   * as that is used by embedded pointers which already handle the buffer
   * length, and shouldn't write anything more to the wire */
  if (*pFormat != RPC_FC_RP)
  {
1591
    align_length(&pStubMsg->BufferLength, 4);
1592
    safe_buffer_length_increment(pStubMsg, 4);
1593 1594
  }

Ove Kaaven's avatar
Ove Kaaven committed
1595
  PointerBufferSize(pStubMsg, pMemory, pFormat);
1596 1597 1598 1599 1600
}

/***********************************************************************
 *           NdrPointerMemorySize [RPCRT4.@]
 */
1601 1602
ULONG WINAPI NdrPointerMemorySize(PMIDL_STUB_MESSAGE pStubMsg,
                                  PFORMAT_STRING pFormat)
1603
{
1604 1605 1606
    unsigned char *Buffer = pStubMsg->Buffer;
    if (*pFormat != RPC_FC_RP)
    {
1607
        align_pointer(&pStubMsg->Buffer, 4);
1608 1609
        safe_buffer_increment(pStubMsg, 4);
    }
1610
    align_length(&pStubMsg->MemorySize, sizeof(void *));
1611
    return PointerMemorySize(pStubMsg, Buffer, pFormat);
1612 1613 1614 1615 1616 1617 1618 1619 1620 1621
}

/***********************************************************************
 *           NdrPointerFree [RPCRT4.@]
 */
void WINAPI NdrPointerFree(PMIDL_STUB_MESSAGE pStubMsg,
                           unsigned char *pMemory,
                           PFORMAT_STRING pFormat)
{
  TRACE("(%p,%p,%p)\n", pStubMsg, pMemory, pFormat);
Ove Kaaven's avatar
Ove Kaaven committed
1622
  PointerFree(pStubMsg, pMemory, pFormat);
1623 1624
}

1625 1626 1627 1628 1629 1630
/***********************************************************************
 *           NdrSimpleTypeMarshall [RPCRT4.@]
 */
void WINAPI NdrSimpleTypeMarshall( PMIDL_STUB_MESSAGE pStubMsg, unsigned char* pMemory,
                                   unsigned char FormatChar )
{
1631
    NdrBaseTypeMarshall(pStubMsg, pMemory, &FormatChar);
1632 1633 1634 1635
}

/***********************************************************************
 *           NdrSimpleTypeUnmarshall [RPCRT4.@]
1636 1637 1638 1639 1640 1641
 *
 * Unmarshall a base type.
 *
 * NOTES
 *  Doesn't check that the buffer is long enough before copying, so the caller
 * should do this.
1642 1643 1644 1645
 */
void WINAPI NdrSimpleTypeUnmarshall( PMIDL_STUB_MESSAGE pStubMsg, unsigned char* pMemory,
                                     unsigned char FormatChar )
{
1646
#define BASE_TYPE_UNMARSHALL(type) \
1647
        align_pointer(&pStubMsg->Buffer, sizeof(type)); \
1648 1649 1650 1651 1652 1653 1654 1655 1656 1657 1658 1659 1660 1661 1662 1663 1664 1665 1666 1667 1668 1669 1670 1671 1672 1673 1674 1675 1676 1677 1678 1679 1680 1681 1682 1683 1684 1685 1686
	TRACE("pMemory: %p\n", pMemory); \
	*(type *)pMemory = *(type *)pStubMsg->Buffer; \
        pStubMsg->Buffer += sizeof(type);

    switch(FormatChar)
    {
    case RPC_FC_BYTE:
    case RPC_FC_CHAR:
    case RPC_FC_SMALL:
    case RPC_FC_USMALL:
        BASE_TYPE_UNMARSHALL(UCHAR);
        TRACE("value: 0x%02x\n", *pMemory);
        break;
    case RPC_FC_WCHAR:
    case RPC_FC_SHORT:
    case RPC_FC_USHORT:
        BASE_TYPE_UNMARSHALL(USHORT);
        TRACE("value: 0x%04x\n", *(USHORT *)pMemory);
        break;
    case RPC_FC_LONG:
    case RPC_FC_ULONG:
    case RPC_FC_ERROR_STATUS_T:
    case RPC_FC_ENUM32:
        BASE_TYPE_UNMARSHALL(ULONG);
        TRACE("value: 0x%08x\n", *(ULONG *)pMemory);
        break;
   case RPC_FC_FLOAT:
        BASE_TYPE_UNMARSHALL(float);
        TRACE("value: %f\n", *(float *)pMemory);
        break;
    case RPC_FC_DOUBLE:
        BASE_TYPE_UNMARSHALL(double);
        TRACE("value: %f\n", *(double *)pMemory);
        break;
    case RPC_FC_HYPER:
        BASE_TYPE_UNMARSHALL(ULONGLONG);
        TRACE("value: %s\n", wine_dbgstr_longlong(*(ULONGLONG *)pMemory));
        break;
    case RPC_FC_ENUM16:
1687
        align_pointer(&pStubMsg->Buffer, sizeof(USHORT));
1688 1689 1690 1691 1692 1693
        TRACE("pMemory: %p\n", pMemory);
        /* 16-bits on the wire, but int in memory */
        *(UINT *)pMemory = *(USHORT *)pStubMsg->Buffer;
        pStubMsg->Buffer += sizeof(USHORT);
        TRACE("value: 0x%08x\n", *(UINT *)pMemory);
        break;
1694 1695 1696 1697 1698 1699 1700 1701 1702 1703 1704 1705 1706 1707
    case RPC_FC_INT3264:
        align_pointer(&pStubMsg->Buffer, sizeof(INT));
        /* 32-bits on the wire, but int_ptr in memory */
        *(INT_PTR *)pMemory = *(INT *)pStubMsg->Buffer;
        pStubMsg->Buffer += sizeof(INT);
        TRACE("value: 0x%08lx\n", *(INT_PTR *)pMemory);
        break;
    case RPC_FC_UINT3264:
        align_pointer(&pStubMsg->Buffer, sizeof(UINT));
        /* 32-bits on the wire, but int_ptr in memory */
        *(UINT_PTR *)pMemory = *(UINT *)pStubMsg->Buffer;
        pStubMsg->Buffer += sizeof(UINT);
        TRACE("value: 0x%08lx\n", *(UINT_PTR *)pMemory);
        break;
1708 1709 1710 1711 1712 1713
    case RPC_FC_IGNORE:
        break;
    default:
        FIXME("Unhandled base type: 0x%02x\n", FormatChar);
    }
#undef BASE_TYPE_UNMARSHALL
1714 1715
}

1716 1717 1718 1719 1720 1721 1722
/***********************************************************************
 *           NdrSimpleStructMarshall [RPCRT4.@]
 */
unsigned char * WINAPI NdrSimpleStructMarshall(PMIDL_STUB_MESSAGE pStubMsg,
                                               unsigned char *pMemory,
                                               PFORMAT_STRING pFormat)
{
Eric Pouech's avatar
Eric Pouech committed
1723
  unsigned size = *(const WORD*)(pFormat+2);
1724 1725
  TRACE("(%p,%p,%p)\n", pStubMsg, pMemory, pFormat);

1726
  align_pointer_clear(&pStubMsg->Buffer, pFormat[1] + 1);
1727

1728
  pStubMsg->BufferMark = pStubMsg->Buffer;
1729
  safe_copy_to_buffer(pStubMsg, pMemory, size);
1730 1731 1732 1733 1734 1735 1736 1737 1738 1739 1740 1741 1742 1743 1744

  if (pFormat[0] != RPC_FC_STRUCT)
    EmbeddedPointerMarshall(pStubMsg, pMemory, pFormat+4);

  return NULL;
}

/***********************************************************************
 *           NdrSimpleStructUnmarshall [RPCRT4.@]
 */
unsigned char * WINAPI NdrSimpleStructUnmarshall(PMIDL_STUB_MESSAGE pStubMsg,
                                                 unsigned char **ppMemory,
                                                 PFORMAT_STRING pFormat,
                                                 unsigned char fMustAlloc)
{
Eric Pouech's avatar
Eric Pouech committed
1745
  unsigned size = *(const WORD*)(pFormat+2);
1746
  unsigned char *saved_buffer;
1747 1748
  TRACE("(%p,%p,%p,%d)\n", pStubMsg, ppMemory, pFormat, fMustAlloc);

1749
  align_pointer(&pStubMsg->Buffer, pFormat[1] + 1);
1750

1751
  if (fMustAlloc)
1752
    *ppMemory = NdrAllocate(pStubMsg, size);
1753 1754 1755
  else
  {
    if (!pStubMsg->IsClient && !*ppMemory)
1756
      /* for servers, we just point straight into the RPC buffer */
1757 1758 1759
      *ppMemory = pStubMsg->Buffer;
  }

1760 1761 1762 1763 1764 1765 1766 1767
  saved_buffer = pStubMsg->BufferMark = pStubMsg->Buffer;
  safe_buffer_increment(pStubMsg, size);
  if (pFormat[0] == RPC_FC_PSTRUCT)
      EmbeddedPointerUnmarshall(pStubMsg, saved_buffer, *ppMemory, pFormat+4, fMustAlloc);

  TRACE("copying %p to %p\n", saved_buffer, *ppMemory);
  if (*ppMemory != saved_buffer)
      memcpy(*ppMemory, saved_buffer, size);
1768 1769 1770 1771 1772 1773 1774 1775 1776 1777 1778

  return NULL;
}

/***********************************************************************
 *           NdrSimpleStructBufferSize [RPCRT4.@]
 */
void WINAPI NdrSimpleStructBufferSize(PMIDL_STUB_MESSAGE pStubMsg,
                                      unsigned char *pMemory,
                                      PFORMAT_STRING pFormat)
{
Eric Pouech's avatar
Eric Pouech committed
1779
  unsigned size = *(const WORD*)(pFormat+2);
1780
  TRACE("(%p,%p,%p)\n", pStubMsg, pMemory, pFormat);
1781

1782
  align_length(&pStubMsg->BufferLength, pFormat[1] + 1);
1783

1784
  safe_buffer_length_increment(pStubMsg, size);
1785 1786 1787 1788 1789 1790 1791
  if (pFormat[0] != RPC_FC_STRUCT)
    EmbeddedPointerBufferSize(pStubMsg, pMemory, pFormat+4);
}

/***********************************************************************
 *           NdrSimpleStructMemorySize [RPCRT4.@]
 */
1792 1793
ULONG WINAPI NdrSimpleStructMemorySize(PMIDL_STUB_MESSAGE pStubMsg,
                                       PFORMAT_STRING pFormat)
1794
{
1795
  unsigned short size = *(const WORD *)(pFormat+2);
1796 1797 1798

  TRACE("(%p,%p)\n", pStubMsg, pFormat);

1799
  align_pointer(&pStubMsg->Buffer, pFormat[1] + 1);
1800
  pStubMsg->MemorySize += size;
1801
  safe_buffer_increment(pStubMsg, size);
1802

1803 1804
  if (pFormat[0] != RPC_FC_STRUCT)
    EmbeddedPointerMemorySize(pStubMsg, pFormat+4);
1805
  return pStubMsg->MemorySize;
1806 1807 1808 1809 1810 1811 1812 1813 1814 1815 1816 1817 1818 1819
}

/***********************************************************************
 *           NdrSimpleStructFree [RPCRT4.@]
 */
void WINAPI NdrSimpleStructFree(PMIDL_STUB_MESSAGE pStubMsg,
                                unsigned char *pMemory,
                                PFORMAT_STRING pFormat)
{
  TRACE("(%p,%p,%p)\n", pStubMsg, pMemory, pFormat);
  if (pFormat[0] != RPC_FC_STRUCT)
    EmbeddedPointerFree(pStubMsg, pMemory, pFormat+4);
}

1820 1821 1822 1823 1824 1825
/* Array helpers */

static inline void array_compute_and_size_conformance(
    unsigned char fc, PMIDL_STUB_MESSAGE pStubMsg, unsigned char *pMemory,
    PFORMAT_STRING pFormat)
{
1826 1827
  DWORD count;

1828 1829 1830 1831 1832 1833
  switch (fc)
  {
  case RPC_FC_CARRAY:
    ComputeConformance(pStubMsg, pMemory, pFormat+4, 0);
    SizeConformance(pStubMsg);
    break;
1834 1835 1836 1837 1838
  case RPC_FC_CVARRAY:
    pFormat = ComputeConformance(pStubMsg, pMemory, pFormat + 4, 0);
    pFormat = ComputeVariance(pStubMsg, pMemory, pFormat, 0);
    SizeConformance(pStubMsg);
    break;
1839 1840
  case RPC_FC_C_CSTRING:
  case RPC_FC_C_WSTRING:
1841
    if (fc == RPC_FC_C_CSTRING)
1842 1843 1844 1845 1846 1847 1848 1849 1850 1851
    {
      TRACE("string=%s\n", debugstr_a((const char *)pMemory));
      pStubMsg->ActualCount = strlen((const char *)pMemory)+1;
    }
    else
    {
      TRACE("string=%s\n", debugstr_w((LPCWSTR)pMemory));
      pStubMsg->ActualCount = strlenW((LPCWSTR)pMemory)+1;
    }

1852
    if (pFormat[1] == RPC_FC_STRING_SIZED)
1853 1854 1855 1856 1857 1858
      pFormat = ComputeConformance(pStubMsg, pMemory, pFormat + 2, 0);
    else
      pStubMsg->MaxCount = pStubMsg->ActualCount;

    SizeConformance(pStubMsg);
    break;
1859 1860 1861 1862 1863 1864 1865
  case RPC_FC_BOGUS_ARRAY:
    count = *(const WORD *)(pFormat + 2);
    pFormat += 4;
    if (IsConformanceOrVariancePresent(pFormat)) SizeConformance(pStubMsg);
    pFormat = ComputeConformance(pStubMsg, pMemory, pFormat, count);
    pFormat = ComputeVariance(pStubMsg, pMemory, pFormat, pStubMsg->MaxCount);
    break;
1866 1867 1868 1869 1870 1871 1872 1873
  default:
    ERR("unknown array format 0x%x\n", fc);
    RpcRaiseException(RPC_X_BAD_STUB_DATA);
  }
}

static inline void array_buffer_size(
    unsigned char fc, PMIDL_STUB_MESSAGE pStubMsg, unsigned char *pMemory,
1874
    PFORMAT_STRING pFormat, unsigned char fHasPointers)
1875
{
1876
  DWORD i, size;
1877 1878 1879 1880 1881 1882 1883 1884 1885 1886 1887
  DWORD esize;
  unsigned char alignment;

  switch (fc)
  {
  case RPC_FC_CARRAY:
    esize = *(const WORD*)(pFormat+2);
    alignment = pFormat[1] + 1;

    pFormat = SkipConformance(pStubMsg, pFormat + 4);

1888
    align_length(&pStubMsg->BufferLength, alignment);
1889 1890 1891 1892 1893

    size = safe_multiply(esize, pStubMsg->MaxCount);
    /* conformance value plus array */
    safe_buffer_length_increment(pStubMsg, size);

1894 1895
    if (fHasPointers)
      EmbeddedPointerBufferSize(pStubMsg, pMemory, pFormat);
1896 1897 1898 1899 1900 1901
    break;
  case RPC_FC_CVARRAY:
    esize = *(const WORD*)(pFormat+2);
    alignment = pFormat[1] + 1;

    pFormat = SkipConformance(pStubMsg, pFormat + 4);
1902
    pFormat = SkipVariance(pStubMsg, pFormat);
1903 1904 1905

    SizeVariance(pStubMsg);

1906
    align_length(&pStubMsg->BufferLength, alignment);
1907 1908 1909 1910

    size = safe_multiply(esize, pStubMsg->ActualCount);
    safe_buffer_length_increment(pStubMsg, size);

1911 1912
    if (fHasPointers)
      EmbeddedPointerBufferSize(pStubMsg, pMemory, pFormat);
1913 1914 1915 1916 1917 1918 1919 1920 1921 1922 1923 1924 1925
    break;
  case RPC_FC_C_CSTRING:
  case RPC_FC_C_WSTRING:
    if (fc == RPC_FC_C_CSTRING)
      esize = 1;
    else
      esize = 2;

    SizeVariance(pStubMsg);

    size = safe_multiply(esize, pStubMsg->ActualCount);
    safe_buffer_length_increment(pStubMsg, size);
    break;
1926 1927 1928 1929 1930 1931 1932 1933 1934 1935 1936 1937
  case RPC_FC_BOGUS_ARRAY:
    alignment = pFormat[1] + 1;
    pFormat = SkipConformance(pStubMsg, pFormat + 4);
    if (IsConformanceOrVariancePresent(pFormat)) SizeVariance(pStubMsg);
    pFormat = SkipVariance(pStubMsg, pFormat);

    align_length(&pStubMsg->BufferLength, alignment);

    size = pStubMsg->ActualCount;
    for (i = 0; i < size; i++)
      pMemory = ComplexBufferSize(pStubMsg, pMemory, pFormat, NULL);
    break;
1938 1939 1940 1941 1942 1943 1944 1945 1946 1947
  default:
    ERR("unknown array format 0x%x\n", fc);
    RpcRaiseException(RPC_X_BAD_STUB_DATA);
  }
}

static inline void array_compute_and_write_conformance(
    unsigned char fc, PMIDL_STUB_MESSAGE pStubMsg, unsigned char *pMemory,
    PFORMAT_STRING pFormat)
{
1948 1949 1950
  ULONG def;
  BOOL conformance_present;

1951 1952 1953 1954 1955 1956 1957 1958 1959 1960 1961 1962 1963 1964 1965 1966 1967 1968 1969 1970 1971 1972 1973 1974 1975 1976 1977 1978 1979 1980
  switch (fc)
  {
  case RPC_FC_CARRAY:
    ComputeConformance(pStubMsg, pMemory, pFormat+4, 0);
    WriteConformance(pStubMsg);
    break;
  case RPC_FC_CVARRAY:
    pFormat = ComputeConformance(pStubMsg, pMemory, pFormat + 4, 0);
    pFormat = ComputeVariance(pStubMsg, pMemory, pFormat, 0);
    WriteConformance(pStubMsg);
    break;
  case RPC_FC_C_CSTRING:
  case RPC_FC_C_WSTRING:
    if (fc == RPC_FC_C_CSTRING)
    {
      TRACE("string=%s\n", debugstr_a((const char *)pMemory));
      pStubMsg->ActualCount = strlen((const char *)pMemory)+1;
    }
    else
    {
      TRACE("string=%s\n", debugstr_w((LPCWSTR)pMemory));
      pStubMsg->ActualCount = strlenW((LPCWSTR)pMemory)+1;
    }
    if (pFormat[1] == RPC_FC_STRING_SIZED)
      pFormat = ComputeConformance(pStubMsg, pMemory, pFormat + 2, 0);
    else
      pStubMsg->MaxCount = pStubMsg->ActualCount;
    pStubMsg->Offset = 0;
    WriteConformance(pStubMsg);
    break;
1981 1982 1983 1984 1985 1986 1987 1988
  case RPC_FC_BOGUS_ARRAY:
    def = *(const WORD *)(pFormat + 2);
    pFormat += 4;
    conformance_present = IsConformanceOrVariancePresent(pFormat);
    pFormat = ComputeConformance(pStubMsg, pMemory, pFormat, def);
    pFormat = ComputeVariance(pStubMsg, pMemory, pFormat, pStubMsg->MaxCount);
    if (conformance_present) WriteConformance(pStubMsg);
    break;
1989 1990 1991 1992 1993 1994 1995 1996
  default:
    ERR("unknown array format 0x%x\n", fc);
    RpcRaiseException(RPC_X_BAD_STUB_DATA);
  }
}

static inline void array_write_variance_and_marshall(
    unsigned char fc, PMIDL_STUB_MESSAGE pStubMsg, unsigned char *pMemory,
1997
    PFORMAT_STRING pFormat, unsigned char fHasPointers)
1998
{
1999
  DWORD i, size;
2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010
  DWORD esize;
  unsigned char alignment;

  switch (fc)
  {
  case RPC_FC_CARRAY:
    esize = *(const WORD*)(pFormat+2);
    alignment = pFormat[1] + 1;

    pFormat = SkipConformance(pStubMsg, pFormat + 4);

2011
    align_pointer_clear(&pStubMsg->Buffer, alignment);
2012 2013

    size = safe_multiply(esize, pStubMsg->MaxCount);
2014 2015
    if (fHasPointers)
      pStubMsg->BufferMark = pStubMsg->Buffer;
2016 2017
    safe_copy_to_buffer(pStubMsg, pMemory, size);

2018 2019
    if (fHasPointers)
      EmbeddedPointerMarshall(pStubMsg, pMemory, pFormat);
2020 2021 2022 2023 2024 2025
    break;
  case RPC_FC_CVARRAY:
    esize = *(const WORD*)(pFormat+2);
    alignment = pFormat[1] + 1;

    pFormat = SkipConformance(pStubMsg, pFormat + 4);
2026
    pFormat = SkipVariance(pStubMsg, pFormat);
2027 2028 2029

    WriteVariance(pStubMsg);

2030
    align_pointer_clear(&pStubMsg->Buffer, alignment);
2031 2032 2033

    size = safe_multiply(esize, pStubMsg->ActualCount);

2034 2035
    if (fHasPointers)
      pStubMsg->BufferMark = pStubMsg->Buffer;
2036 2037
    safe_copy_to_buffer(pStubMsg, pMemory + pStubMsg->Offset, size);

2038 2039
    if (fHasPointers)
      EmbeddedPointerMarshall(pStubMsg, pMemory, pFormat);
2040 2041 2042 2043 2044 2045 2046 2047 2048 2049 2050 2051 2052
    break;
  case RPC_FC_C_CSTRING:
  case RPC_FC_C_WSTRING:
    if (fc == RPC_FC_C_CSTRING)
      esize = 1;
    else
      esize = 2;

    WriteVariance(pStubMsg);

    size = safe_multiply(esize, pStubMsg->ActualCount);
    safe_copy_to_buffer(pStubMsg, pMemory, size); /* the string itself */
    break;
2053 2054 2055 2056 2057 2058 2059 2060 2061 2062 2063 2064
  case RPC_FC_BOGUS_ARRAY:
    alignment = pFormat[1] + 1;
    pFormat = SkipConformance(pStubMsg, pFormat + 4);
    if (IsConformanceOrVariancePresent(pFormat)) WriteVariance(pStubMsg);
    pFormat = SkipVariance(pStubMsg, pFormat);

    align_pointer_clear(&pStubMsg->Buffer, alignment);

    size = pStubMsg->ActualCount;
    for (i = 0; i < size; i++)
      pMemory = ComplexMarshall(pStubMsg, pMemory, pFormat, NULL);
    break;
2065 2066 2067 2068 2069 2070 2071 2072 2073
  default:
    ERR("unknown array format 0x%x\n", fc);
    RpcRaiseException(RPC_X_BAD_STUB_DATA);
  }
}

static inline ULONG array_read_conformance(
    unsigned char fc, PMIDL_STUB_MESSAGE pStubMsg, PFORMAT_STRING pFormat)
{
2074
  DWORD def, esize;
2075 2076 2077 2078 2079 2080 2081 2082 2083 2084 2085 2086 2087 2088 2089 2090 2091 2092 2093 2094 2095 2096 2097

  switch (fc)
  {
  case RPC_FC_CARRAY:
    esize = *(const WORD*)(pFormat+2);
    pFormat = ReadConformance(pStubMsg, pFormat+4);
    return safe_multiply(esize, pStubMsg->MaxCount);
  case RPC_FC_CVARRAY:
    esize = *(const WORD*)(pFormat+2);
    pFormat = ReadConformance(pStubMsg, pFormat+4);
    return safe_multiply(esize, pStubMsg->MaxCount);
  case RPC_FC_C_CSTRING:
  case RPC_FC_C_WSTRING:
    if (fc == RPC_FC_C_CSTRING)
      esize = 1;
    else
      esize = 2;

    if (pFormat[1] == RPC_FC_STRING_SIZED)
      ReadConformance(pStubMsg, pFormat + 2);
    else
      ReadConformance(pStubMsg, NULL);
    return safe_multiply(esize, pStubMsg->MaxCount);
2098 2099 2100 2101 2102 2103 2104 2105 2106 2107 2108 2109 2110
  case RPC_FC_BOGUS_ARRAY:
    def = *(const WORD *)(pFormat + 2);
    pFormat += 4;
    if (IsConformanceOrVariancePresent(pFormat)) pFormat = ReadConformance(pStubMsg, pFormat);
    else
    {
        pStubMsg->MaxCount = def;
        pFormat = SkipConformance( pStubMsg, pFormat );
    }
    pFormat = SkipVariance( pStubMsg, pFormat );

    esize = ComplexStructSize(pStubMsg, pFormat);
    return safe_multiply(pStubMsg->MaxCount, esize);
2111 2112 2113 2114 2115 2116
  default:
    ERR("unknown array format 0x%x\n", fc);
    RpcRaiseException(RPC_X_BAD_STUB_DATA);
  }
}

2117
static inline ULONG array_read_variance_and_unmarshall(
2118 2119
    unsigned char fc, PMIDL_STUB_MESSAGE pStubMsg, unsigned char **ppMemory,
    PFORMAT_STRING pFormat, unsigned char fMustAlloc,
2120
    unsigned char fUseBufferMemoryServer, unsigned char fUnmarshall)
2121
{
2122 2123
  ULONG bufsize, memsize;
  WORD esize;
2124
  unsigned char alignment;
2125 2126
  unsigned char *saved_buffer, *pMemory;
  ULONG i, offset, count;
2127 2128 2129 2130 2131 2132 2133

  switch (fc)
  {
  case RPC_FC_CARRAY:
    esize = *(const WORD*)(pFormat+2);
    alignment = pFormat[1] + 1;

2134 2135
    bufsize = memsize = safe_multiply(esize, pStubMsg->MaxCount);

2136 2137
    pFormat = SkipConformance(pStubMsg, pFormat + 4);

2138
    align_pointer(&pStubMsg->Buffer, alignment);
2139

2140
    if (fUnmarshall)
2141
    {
2142 2143 2144 2145 2146 2147 2148 2149
      if (fMustAlloc)
        *ppMemory = NdrAllocate(pStubMsg, memsize);
      else
      {
        if (fUseBufferMemoryServer && !pStubMsg->IsClient && !*ppMemory)
          /* for servers, we just point straight into the RPC buffer */
          *ppMemory = pStubMsg->Buffer;
      }
2150

2151 2152
      saved_buffer = pStubMsg->Buffer;
      safe_buffer_increment(pStubMsg, bufsize);
2153

2154 2155 2156 2157 2158 2159 2160 2161
      pStubMsg->BufferMark = saved_buffer;
      EmbeddedPointerUnmarshall(pStubMsg, saved_buffer, *ppMemory, pFormat, fMustAlloc);

      TRACE("copying %p to %p\n", saved_buffer, *ppMemory);
      if (*ppMemory != saved_buffer)
        memcpy(*ppMemory, saved_buffer, bufsize);
    }
    return bufsize;
2162 2163 2164 2165 2166 2167
  case RPC_FC_CVARRAY:
    esize = *(const WORD*)(pFormat+2);
    alignment = pFormat[1] + 1;

    pFormat = SkipConformance(pStubMsg, pFormat + 4);

2168
    pFormat = ReadVariance(pStubMsg, pFormat, pStubMsg->MaxCount);
2169

2170
    align_pointer(&pStubMsg->Buffer, alignment);
2171

2172 2173
    bufsize = safe_multiply(esize, pStubMsg->ActualCount);
    memsize = safe_multiply(esize, pStubMsg->MaxCount);
2174

2175 2176 2177
    if (fUnmarshall)
    {
      offset = pStubMsg->Offset;
2178

2179 2180 2181 2182 2183 2184
      if (!fMustAlloc && !*ppMemory)
        fMustAlloc = TRUE;
      if (fMustAlloc)
        *ppMemory = NdrAllocate(pStubMsg, memsize);
      saved_buffer = pStubMsg->Buffer;
      safe_buffer_increment(pStubMsg, bufsize);
2185

2186 2187 2188 2189 2190 2191 2192
      pStubMsg->BufferMark = saved_buffer;
      EmbeddedPointerUnmarshall(pStubMsg, saved_buffer, *ppMemory, pFormat,
                                fMustAlloc);

      memcpy(*ppMemory + offset, saved_buffer, bufsize);
    }
    return bufsize;
2193 2194 2195 2196 2197 2198 2199 2200 2201 2202 2203 2204 2205 2206 2207 2208 2209 2210 2211 2212 2213 2214 2215 2216 2217 2218
  case RPC_FC_C_CSTRING:
  case RPC_FC_C_WSTRING:
    if (fc == RPC_FC_C_CSTRING)
      esize = 1;
    else
      esize = 2;

    ReadVariance(pStubMsg, NULL, pStubMsg->MaxCount);

    if (pFormat[1] != RPC_FC_STRING_SIZED && (pStubMsg->MaxCount != pStubMsg->ActualCount))
    {
      ERR("buffer size %d must equal memory size %ld for non-sized conformant strings\n",
          pStubMsg->ActualCount, pStubMsg->MaxCount);
      RpcRaiseException(RPC_S_INVALID_BOUND);
    }
    if (pStubMsg->Offset)
    {
      ERR("conformant strings can't have Offset (%d)\n", pStubMsg->Offset);
      RpcRaiseException(RPC_S_INVALID_BOUND);
    }

    memsize = safe_multiply(esize, pStubMsg->MaxCount);
    bufsize = safe_multiply(esize, pStubMsg->ActualCount);

    validate_string_data(pStubMsg, bufsize, esize);

2219
    if (fUnmarshall)
2220
    {
2221
      if (fMustAlloc)
2222
        *ppMemory = NdrAllocate(pStubMsg, memsize);
2223 2224 2225 2226 2227 2228 2229 2230 2231 2232
      else
      {
        if (fUseBufferMemoryServer && !pStubMsg->IsClient &&
            !*ppMemory && (pStubMsg->MaxCount == pStubMsg->ActualCount))
          /* if the data in the RPC buffer is big enough, we just point
           * straight into it */
          *ppMemory = pStubMsg->Buffer;
        else if (!*ppMemory)
          *ppMemory = NdrAllocate(pStubMsg, memsize);
      }
2233

2234 2235 2236 2237
      if (*ppMemory == pStubMsg->Buffer)
        safe_buffer_increment(pStubMsg, bufsize);
      else
        safe_copy_from_buffer(pStubMsg, *ppMemory, bufsize);
2238

2239 2240 2241 2242 2243 2244
      if (*pFormat == RPC_FC_C_CSTRING)
        TRACE("string=%s\n", debugstr_a((char*)*ppMemory));
      else
        TRACE("string=%s\n", debugstr_w((LPWSTR)*ppMemory));
    }
    return bufsize;
2245 2246 2247 2248 2249 2250 2251 2252 2253 2254 2255 2256 2257 2258 2259 2260 2261 2262 2263 2264 2265 2266 2267 2268 2269

  case RPC_FC_BOGUS_ARRAY:
    alignment = pFormat[1] + 1;
    pFormat = SkipConformance(pStubMsg, pFormat + 4);
    pFormat = ReadVariance(pStubMsg, pFormat, pStubMsg->MaxCount);

    esize = ComplexStructSize(pStubMsg, pFormat);
    memsize = safe_multiply(esize, pStubMsg->MaxCount);

    assert( fUnmarshall );

    if (!fMustAlloc && !*ppMemory)
      fMustAlloc = TRUE;
    if (fMustAlloc)
      *ppMemory = NdrAllocate(pStubMsg, memsize);

    align_pointer(&pStubMsg->Buffer, alignment);
    saved_buffer = pStubMsg->Buffer;

    pMemory = *ppMemory;
    count = pStubMsg->ActualCount;
    for (i = 0; i < count; i++)
        pMemory = ComplexUnmarshall(pStubMsg, pMemory, pFormat, NULL, fMustAlloc);
    return pStubMsg->Buffer - saved_buffer;

2270 2271 2272 2273 2274 2275
  default:
    ERR("unknown array format 0x%x\n", fc);
    RpcRaiseException(RPC_X_BAD_STUB_DATA);
  }
}

2276
static inline void array_memory_size(
2277 2278
    unsigned char fc, PMIDL_STUB_MESSAGE pStubMsg, PFORMAT_STRING pFormat,
    unsigned char fHasPointers)
2279
{
2280
  ULONG i, count, SavedMemorySize;
2281
  ULONG bufsize, memsize;
2282 2283 2284 2285 2286 2287 2288 2289 2290 2291 2292
  DWORD esize;
  unsigned char alignment;

  switch (fc)
  {
  case RPC_FC_CARRAY:
    esize = *(const WORD*)(pFormat+2);
    alignment = pFormat[1] + 1;

    pFormat = SkipConformance(pStubMsg, pFormat + 4);

2293 2294
    bufsize = memsize = safe_multiply(esize, pStubMsg->MaxCount);
    pStubMsg->MemorySize += memsize;
2295

2296
    align_pointer(&pStubMsg->Buffer, alignment);
2297 2298
    if (fHasPointers)
      pStubMsg->BufferMark = pStubMsg->Buffer;
2299
    safe_buffer_increment(pStubMsg, bufsize);
2300

2301 2302
    if (fHasPointers)
      EmbeddedPointerMemorySize(pStubMsg, pFormat);
2303 2304 2305 2306 2307 2308 2309
    break;
  case RPC_FC_CVARRAY:
    esize = *(const WORD*)(pFormat+2);
    alignment = pFormat[1] + 1;

    pFormat = SkipConformance(pStubMsg, pFormat + 4);

2310
    pFormat = ReadVariance(pStubMsg, pFormat, pStubMsg->MaxCount);
2311

2312 2313 2314
    bufsize = safe_multiply(esize, pStubMsg->ActualCount);
    memsize = safe_multiply(esize, pStubMsg->MaxCount);
    pStubMsg->MemorySize += memsize;
2315

2316
    align_pointer(&pStubMsg->Buffer, alignment);
2317 2318
    if (fHasPointers)
      pStubMsg->BufferMark = pStubMsg->Buffer;
2319
    safe_buffer_increment(pStubMsg, bufsize);
2320

2321 2322
    if (fHasPointers)
      EmbeddedPointerMemorySize(pStubMsg, pFormat);
2323 2324 2325 2326 2327 2328 2329 2330 2331 2332 2333 2334 2335 2336 2337 2338 2339 2340 2341 2342 2343 2344 2345 2346 2347 2348 2349 2350 2351
    break;
  case RPC_FC_C_CSTRING:
  case RPC_FC_C_WSTRING:
    if (fc == RPC_FC_C_CSTRING)
      esize = 1;
    else
      esize = 2;

    ReadVariance(pStubMsg, NULL, pStubMsg->MaxCount);

    if (pFormat[1] != RPC_FC_STRING_SIZED && (pStubMsg->MaxCount != pStubMsg->ActualCount))
    {
      ERR("buffer size %d must equal memory size %ld for non-sized conformant strings\n",
          pStubMsg->ActualCount, pStubMsg->MaxCount);
      RpcRaiseException(RPC_S_INVALID_BOUND);
    }
    if (pStubMsg->Offset)
    {
      ERR("conformant strings can't have Offset (%d)\n", pStubMsg->Offset);
      RpcRaiseException(RPC_S_INVALID_BOUND);
    }

    memsize = safe_multiply(esize, pStubMsg->MaxCount);
    bufsize = safe_multiply(esize, pStubMsg->ActualCount);

    validate_string_data(pStubMsg, bufsize, esize);

    safe_buffer_increment(pStubMsg, bufsize);
    pStubMsg->MemorySize += memsize;
2352
    break;
2353 2354 2355 2356 2357 2358 2359 2360 2361 2362 2363 2364 2365 2366 2367 2368 2369 2370
  case RPC_FC_BOGUS_ARRAY:
    alignment = pFormat[1] + 1;
    pFormat = SkipConformance(pStubMsg, pFormat + 4);
    pFormat = ReadVariance(pStubMsg, pFormat, pStubMsg->MaxCount);

    align_pointer(&pStubMsg->Buffer, alignment);

    SavedMemorySize = pStubMsg->MemorySize;

    esize = ComplexStructSize(pStubMsg, pFormat);
    memsize = safe_multiply(pStubMsg->MaxCount, esize);

    count = pStubMsg->ActualCount;
    for (i = 0; i < count; i++)
        ComplexStructMemorySize(pStubMsg, pFormat, NULL);

    pStubMsg->MemorySize = SavedMemorySize + memsize;
    break;
2371 2372 2373 2374 2375 2376
  default:
    ERR("unknown array format 0x%x\n", fc);
    RpcRaiseException(RPC_X_BAD_STUB_DATA);
  }
}

2377 2378
static inline void array_free(
    unsigned char fc, PMIDL_STUB_MESSAGE pStubMsg,
2379
    unsigned char *pMemory, PFORMAT_STRING pFormat, unsigned char fHasPointers)
2380
{
2381 2382
  DWORD i, count;

2383 2384 2385
  switch (fc)
  {
  case RPC_FC_CARRAY:
2386
    pFormat = ComputeConformance(pStubMsg, pMemory, pFormat+4, 0);
2387 2388
    if (fHasPointers)
      EmbeddedPointerFree(pStubMsg, pMemory, pFormat);
2389
    break;
2390
  case RPC_FC_CVARRAY:
2391 2392
    pFormat = ComputeConformance(pStubMsg, pMemory, pFormat+4, 0);
    pFormat = ComputeVariance(pStubMsg, pMemory, pFormat, 0);
2393 2394
    if (fHasPointers)
      EmbeddedPointerFree(pStubMsg, pMemory, pFormat);
2395 2396 2397 2398 2399
    break;
  case RPC_FC_C_CSTRING:
  case RPC_FC_C_WSTRING:
    /* No embedded pointers so nothing to do */
    break;
2400 2401 2402 2403 2404 2405 2406 2407 2408
  case RPC_FC_BOGUS_ARRAY:
      count = *(const WORD *)(pFormat + 2);
      pFormat = ComputeConformance(pStubMsg, pMemory, pFormat + 4, count);
      pFormat = ComputeVariance(pStubMsg, pMemory, pFormat, pStubMsg->MaxCount);

      count = pStubMsg->ActualCount;
      for (i = 0; i < count; i++)
          pMemory = ComplexFree(pStubMsg, pMemory, pFormat, NULL);
    break;
2409 2410 2411 2412 2413 2414
  default:
    ERR("unknown array format 0x%x\n", fc);
    RpcRaiseException(RPC_X_BAD_STUB_DATA);
  }
}

2415 2416 2417 2418 2419 2420 2421 2422 2423 2424 2425 2426 2427 2428 2429 2430 2431 2432 2433 2434 2435 2436 2437 2438 2439 2440 2441 2442 2443 2444 2445 2446 2447
/*
 * NdrConformantString:
 *
 * What MS calls a ConformantString is, in DCE terminology,
 * a Varying-Conformant String.
 * [
 *   maxlen: DWORD (max # of CHARTYPE characters, inclusive of '\0')
 *   offset: DWORD (actual string data begins at (offset) CHARTYPE's
 *           into unmarshalled string)
 *   length: DWORD (# of CHARTYPE characters, inclusive of '\0')
 *   [
 *     data: CHARTYPE[maxlen]
 *   ]
 * ], where CHARTYPE is the appropriate character type (specified externally)
 *
 */

/***********************************************************************
 *            NdrConformantStringMarshall [RPCRT4.@]
 */
unsigned char *WINAPI NdrConformantStringMarshall(MIDL_STUB_MESSAGE *pStubMsg,
  unsigned char *pszMessage, PFORMAT_STRING pFormat)
{
  TRACE("(pStubMsg == ^%p, pszMessage == ^%p, pFormat == ^%p)\n", pStubMsg, pszMessage, pFormat);

  if (pFormat[0] != RPC_FC_C_CSTRING && pFormat[0] != RPC_FC_C_WSTRING) {
    ERR("Unhandled string type: %#x\n", pFormat[0]);
    RpcRaiseException(RPC_X_BAD_STUB_DATA);
  }

  /* allow compiler to optimise inline function by passing constant into
   * these functions */
  if (pFormat[0] == RPC_FC_C_CSTRING) {
2448 2449 2450 2451
    array_compute_and_write_conformance(RPC_FC_C_CSTRING, pStubMsg, pszMessage,
                                        pFormat);
    array_write_variance_and_marshall(RPC_FC_C_CSTRING, pStubMsg, pszMessage,
                                      pFormat, TRUE /* fHasPointers */);
2452
  } else {
2453 2454 2455 2456
    array_compute_and_write_conformance(RPC_FC_C_WSTRING, pStubMsg, pszMessage,
                                        pFormat);
    array_write_variance_and_marshall(RPC_FC_C_WSTRING, pStubMsg, pszMessage,
                                      pFormat, TRUE /* fHasPointers */);
2457 2458 2459 2460 2461 2462 2463 2464 2465 2466 2467 2468 2469 2470 2471 2472 2473 2474 2475 2476 2477
  }

  return NULL;
}

/***********************************************************************
 *           NdrConformantStringBufferSize [RPCRT4.@]
 */
void WINAPI NdrConformantStringBufferSize(PMIDL_STUB_MESSAGE pStubMsg,
  unsigned char* pMemory, PFORMAT_STRING pFormat)
{
  TRACE("(pStubMsg == ^%p, pMemory == ^%p, pFormat == ^%p)\n", pStubMsg, pMemory, pFormat);

  if (pFormat[0] != RPC_FC_C_CSTRING && pFormat[0] != RPC_FC_C_WSTRING) {
    ERR("Unhandled string type: %#x\n", pFormat[0]);
    RpcRaiseException(RPC_X_BAD_STUB_DATA);
  }

  /* allow compiler to optimise inline function by passing constant into
   * these functions */
  if (pFormat[0] == RPC_FC_C_CSTRING) {
2478 2479 2480 2481
    array_compute_and_size_conformance(RPC_FC_C_CSTRING, pStubMsg, pMemory,
                                       pFormat);
    array_buffer_size(RPC_FC_C_CSTRING, pStubMsg, pMemory, pFormat,
                      TRUE /* fHasPointers */);
2482
  } else {
2483 2484 2485 2486
    array_compute_and_size_conformance(RPC_FC_C_WSTRING, pStubMsg, pMemory,
                                       pFormat);
    array_buffer_size(RPC_FC_C_WSTRING, pStubMsg, pMemory, pFormat,
                      TRUE /* fHasPointers */);
2487 2488 2489 2490 2491 2492 2493 2494 2495 2496 2497 2498 2499 2500 2501 2502 2503 2504 2505 2506
  }
}

/************************************************************************
 *            NdrConformantStringMemorySize [RPCRT4.@]
 */
ULONG WINAPI NdrConformantStringMemorySize( PMIDL_STUB_MESSAGE pStubMsg,
  PFORMAT_STRING pFormat )
{
  TRACE("(pStubMsg == ^%p, pFormat == ^%p)\n", pStubMsg, pFormat);

  if (pFormat[0] != RPC_FC_C_CSTRING && pFormat[0] != RPC_FC_C_WSTRING) {
    ERR("Unhandled string type: %#x\n", pFormat[0]);
    RpcRaiseException(RPC_X_BAD_STUB_DATA);
  }

  /* allow compiler to optimise inline function by passing constant into
   * these functions */
  if (pFormat[0] == RPC_FC_C_CSTRING) {
    array_read_conformance(RPC_FC_C_CSTRING, pStubMsg, pFormat);
2507 2508
    array_memory_size(RPC_FC_C_CSTRING, pStubMsg, pFormat,
                      TRUE /* fHasPointers */);
2509 2510
  } else {
    array_read_conformance(RPC_FC_C_WSTRING, pStubMsg, pFormat);
2511 2512
    array_memory_size(RPC_FC_C_WSTRING, pStubMsg, pFormat,
                      TRUE /* fHasPointers */);
2513 2514 2515 2516 2517 2518 2519 2520 2521 2522 2523 2524 2525 2526 2527 2528 2529 2530 2531 2532 2533 2534 2535 2536 2537
  }

  return pStubMsg->MemorySize;
}

/************************************************************************
 *           NdrConformantStringUnmarshall [RPCRT4.@]
 */
unsigned char *WINAPI NdrConformantStringUnmarshall( PMIDL_STUB_MESSAGE pStubMsg,
  unsigned char** ppMemory, PFORMAT_STRING pFormat, unsigned char fMustAlloc )
{
  TRACE("(pStubMsg == ^%p, *pMemory == ^%p, pFormat == ^%p, fMustAlloc == %u)\n",
    pStubMsg, *ppMemory, pFormat, fMustAlloc);

  if (pFormat[0] != RPC_FC_C_CSTRING && pFormat[0] != RPC_FC_C_WSTRING) {
    ERR("Unhandled string type: %#x\n", *pFormat);
    RpcRaiseException(RPC_X_BAD_STUB_DATA);
  }

  /* allow compiler to optimise inline function by passing constant into
   * these functions */
  if (pFormat[0] == RPC_FC_C_CSTRING) {
    array_read_conformance(RPC_FC_C_CSTRING, pStubMsg, pFormat);
    array_read_variance_and_unmarshall(RPC_FC_C_CSTRING, pStubMsg, ppMemory,
                                       pFormat, fMustAlloc,
2538 2539
                                       TRUE /* fUseBufferMemoryServer */,
                                       TRUE /* fUnmarshall */);
2540 2541 2542 2543
  } else {
    array_read_conformance(RPC_FC_C_WSTRING, pStubMsg, pFormat);
    array_read_variance_and_unmarshall(RPC_FC_C_WSTRING, pStubMsg, ppMemory,
                                       pFormat, fMustAlloc,
2544 2545
                                       TRUE /* fUseBufferMemoryServer */,
                                       TRUE /* fUnmarshall */);
2546 2547 2548 2549 2550 2551 2552 2553 2554 2555 2556
  }

  return NULL;
}

/***********************************************************************
 *           NdrNonConformantStringMarshall [RPCRT4.@]
 */
unsigned char *  WINAPI NdrNonConformantStringMarshall(PMIDL_STUB_MESSAGE pStubMsg,
                                unsigned char *pMemory,
                                PFORMAT_STRING pFormat)
2557
{
2558
  ULONG esize, size, maxsize;
2559

2560 2561
  TRACE("(pStubMsg == ^%p, pMemory == ^%p, pFormat == ^%p)\n", pStubMsg, pMemory, pFormat);

2562
  maxsize = *(const USHORT *)&pFormat[2];
2563 2564

  if (*pFormat == RPC_FC_CSTRING)
2565
  {
2566
    ULONG i = 0;
2567
    const char *str = (const char *)pMemory;
2568
    while (i < maxsize && str[i]) i++;
2569 2570 2571 2572 2573 2574
    TRACE("string=%s\n", debugstr_an(str, i));
    pStubMsg->ActualCount = i + 1;
    esize = 1;
  }
  else if (*pFormat == RPC_FC_WSTRING)
  {
2575
    ULONG i = 0;
2576
    const WCHAR *str = (const WCHAR *)pMemory;
2577
    while (i < maxsize && str[i]) i++;
2578 2579 2580 2581 2582 2583 2584 2585 2586
    TRACE("string=%s\n", debugstr_wn(str, i));
    pStubMsg->ActualCount = i + 1;
    esize = 2;
  }
  else
  {
    ERR("Unhandled string type: %#x\n", *pFormat);
    RpcRaiseException(RPC_X_BAD_STUB_DATA);
  }
2587

2588 2589
  pStubMsg->Offset = 0;
  WriteVariance(pStubMsg);
2590

2591 2592
  size = safe_multiply(esize, pStubMsg->ActualCount);
  safe_copy_to_buffer(pStubMsg, pMemory, size); /* the string itself */
2593

2594 2595
  return NULL;
}
2596

2597 2598 2599 2600 2601 2602 2603 2604 2605
/***********************************************************************
 *           NdrNonConformantStringUnmarshall [RPCRT4.@]
 */
unsigned char *  WINAPI NdrNonConformantStringUnmarshall(PMIDL_STUB_MESSAGE pStubMsg,
                                unsigned char **ppMemory,
                                PFORMAT_STRING pFormat,
                                unsigned char fMustAlloc)
{
  ULONG bufsize, memsize, esize, maxsize;
2606

2607 2608
  TRACE("(pStubMsg == ^%p, *pMemory == ^%p, pFormat == ^%p, fMustAlloc == %u)\n",
    pStubMsg, *ppMemory, pFormat, fMustAlloc);
2609

2610
  maxsize = *(const USHORT *)&pFormat[2];
2611

2612 2613 2614 2615 2616 2617
  ReadVariance(pStubMsg, NULL, maxsize);
  if (pStubMsg->Offset)
  {
    ERR("non-conformant strings can't have Offset (%d)\n", pStubMsg->Offset);
    RpcRaiseException(RPC_S_INVALID_BOUND);
  }
2618

2619 2620 2621 2622 2623 2624 2625
  if (*pFormat == RPC_FC_CSTRING) esize = 1;
  else if (*pFormat == RPC_FC_WSTRING) esize = 2;
  else
  {
    ERR("Unhandled string type: %#x\n", *pFormat);
    RpcRaiseException(RPC_X_BAD_STUB_DATA);
  }
2626

2627 2628
  memsize = esize * maxsize;
  bufsize = safe_multiply(esize, pStubMsg->ActualCount);
2629

2630
  validate_string_data(pStubMsg, bufsize, esize);
2631

2632 2633 2634
  if (!fMustAlloc && !*ppMemory)
    fMustAlloc = TRUE;
  if (fMustAlloc)
2635
    *ppMemory = NdrAllocate(pStubMsg, memsize);
2636

2637
  safe_copy_from_buffer(pStubMsg, *ppMemory, bufsize);
2638

2639 2640 2641 2642 2643
  if (*pFormat == RPC_FC_CSTRING) {
    TRACE("string=%s\n", debugstr_an((char*)*ppMemory, pStubMsg->ActualCount));
  }
  else if (*pFormat == RPC_FC_WSTRING) {
    TRACE("string=%s\n", debugstr_wn((LPWSTR)*ppMemory, pStubMsg->ActualCount));
2644
  }
2645 2646

  return NULL;
2647 2648
}

2649 2650 2651 2652 2653 2654
/***********************************************************************
 *           NdrNonConformantStringBufferSize [RPCRT4.@]
 */
void WINAPI NdrNonConformantStringBufferSize(PMIDL_STUB_MESSAGE pStubMsg,
                                unsigned char *pMemory,
                                PFORMAT_STRING pFormat)
2655
{
2656
  ULONG esize, maxsize;
2657

2658
  TRACE("(pStubMsg == ^%p, pMemory == ^%p, pFormat == ^%p)\n", pStubMsg, pMemory, pFormat);
2659

2660
  maxsize = *(const USHORT *)&pFormat[2];
2661

2662
  SizeVariance(pStubMsg);
2663

2664 2665
  if (*pFormat == RPC_FC_CSTRING)
  {
2666
    ULONG i = 0;
2667
    const char *str = (const char *)pMemory;
2668
    while (i < maxsize && str[i]) i++;
2669 2670 2671 2672 2673 2674
    TRACE("string=%s\n", debugstr_an(str, i));
    pStubMsg->ActualCount = i + 1;
    esize = 1;
  }
  else if (*pFormat == RPC_FC_WSTRING)
  {
2675
    ULONG i = 0;
2676
    const WCHAR *str = (const WCHAR *)pMemory;
2677
    while (i < maxsize && str[i]) i++;
2678 2679 2680 2681 2682 2683 2684 2685 2686
    TRACE("string=%s\n", debugstr_wn(str, i));
    pStubMsg->ActualCount = i + 1;
    esize = 2;
  }
  else
  {
    ERR("Unhandled string type: %#x\n", *pFormat);
    RpcRaiseException(RPC_X_BAD_STUB_DATA);
  }
2687

2688 2689
  safe_buffer_length_increment(pStubMsg, safe_multiply(esize, pStubMsg->ActualCount));
}
2690

2691 2692 2693 2694 2695 2696 2697
/***********************************************************************
 *           NdrNonConformantStringMemorySize [RPCRT4.@]
 */
ULONG WINAPI NdrNonConformantStringMemorySize(PMIDL_STUB_MESSAGE pStubMsg,
                                PFORMAT_STRING pFormat)
{
  ULONG bufsize, memsize, esize, maxsize;
2698

2699
  TRACE("(pStubMsg == ^%p, pFormat == ^%p)\n", pStubMsg, pFormat);
2700

2701
  maxsize = *(const USHORT *)&pFormat[2];
2702

2703
  ReadVariance(pStubMsg, NULL, maxsize);
2704

2705 2706 2707 2708
  if (pStubMsg->Offset)
  {
    ERR("non-conformant strings can't have Offset (%d)\n", pStubMsg->Offset);
    RpcRaiseException(RPC_S_INVALID_BOUND);
2709 2710
  }

2711 2712 2713
  if (*pFormat == RPC_FC_CSTRING) esize = 1;
  else if (*pFormat == RPC_FC_WSTRING) esize = 2;
  else
2714
  {
2715
    ERR("Unhandled string type: %#x\n", *pFormat);
2716 2717
    RpcRaiseException(RPC_X_BAD_STUB_DATA);
  }
2718 2719 2720 2721 2722 2723 2724 2725 2726 2727

  memsize = esize * maxsize;
  bufsize = safe_multiply(esize, pStubMsg->ActualCount);

  validate_string_data(pStubMsg, bufsize, esize);

  safe_buffer_increment(pStubMsg, bufsize);
  pStubMsg->MemorySize += memsize;

  return pStubMsg->MemorySize;
2728 2729 2730
}

/* Complex types */
2731

2732 2733 2734 2735 2736 2737 2738 2739 2740 2741
#include "pshpack1.h"
typedef struct
{
    unsigned char type;
    unsigned char flags_type; /* flags in upper nibble, type in lower nibble */
    ULONG low_value;
    ULONG high_value;
} NDR_RANGE;
#include "poppack.h"

2742 2743
static ULONG EmbeddedComplexSize(MIDL_STUB_MESSAGE *pStubMsg,
                                 PFORMAT_STRING pFormat)
Ove Kaaven's avatar
Ove Kaaven committed
2744 2745 2746 2747 2748 2749
{
  switch (*pFormat) {
  case RPC_FC_STRUCT:
  case RPC_FC_PSTRUCT:
  case RPC_FC_CSTRUCT:
  case RPC_FC_BOGUS_STRUCT:
2750
  case RPC_FC_SMFARRAY:
2751
  case RPC_FC_SMVARRAY:
2752
  case RPC_FC_CSTRING:
Eric Pouech's avatar
Eric Pouech committed
2753
    return *(const WORD*)&pFormat[2];
Ove Kaaven's avatar
Ove Kaaven committed
2754
  case RPC_FC_USER_MARSHAL:
Eric Pouech's avatar
Eric Pouech committed
2755
    return *(const WORD*)&pFormat[4];
2756 2757 2758 2759 2760 2761 2762 2763 2764 2765 2766 2767 2768 2769
  case RPC_FC_RANGE: {
    switch (((const NDR_RANGE *)pFormat)->flags_type & 0xf) {
    case RPC_FC_BYTE:
    case RPC_FC_CHAR:
    case RPC_FC_SMALL:
    case RPC_FC_USMALL:
        return sizeof(UCHAR);
    case RPC_FC_WCHAR:
    case RPC_FC_SHORT:
    case RPC_FC_USHORT:
        return sizeof(USHORT);
    case RPC_FC_LONG:
    case RPC_FC_ULONG:
    case RPC_FC_ENUM32:
2770 2771
    case RPC_FC_INT3264:
    case RPC_FC_UINT3264:
2772 2773 2774 2775 2776 2777 2778 2779 2780 2781 2782 2783 2784 2785
        return sizeof(ULONG);
    case RPC_FC_FLOAT:
        return sizeof(float);
    case RPC_FC_DOUBLE:
        return sizeof(double);
    case RPC_FC_HYPER:
        return sizeof(ULONGLONG);
    case RPC_FC_ENUM16:
        return sizeof(UINT);
    default:
        ERR("unknown type 0x%x\n", ((const NDR_RANGE *)pFormat)->flags_type & 0xf);
        RpcRaiseException(RPC_X_BAD_STUB_DATA);
    }
  }
2786
  case RPC_FC_NON_ENCAPSULATED_UNION:
2787 2788 2789 2790 2791 2792 2793 2794
    pFormat += 2;
    if (pStubMsg->fHasNewCorrDesc)
        pFormat += 6;
    else
        pFormat += 4;

    pFormat += *(const SHORT*)pFormat;
    return *(const SHORT*)pFormat;
2795 2796
  case RPC_FC_IP:
    return sizeof(void *);
2797 2798
  case RPC_FC_WSTRING:
    return *(const WORD*)&pFormat[2] * 2;
Ove Kaaven's avatar
Ove Kaaven committed
2799 2800 2801 2802 2803 2804 2805
  default:
    FIXME("unhandled embedded type %02x\n", *pFormat);
  }
  return 0;
}


2806 2807
static ULONG EmbeddedComplexMemorySize(PMIDL_STUB_MESSAGE pStubMsg,
                                       PFORMAT_STRING pFormat)
2808 2809 2810 2811 2812 2813 2814 2815 2816 2817 2818 2819 2820
{
  NDR_MEMORYSIZE m = NdrMemorySizer[*pFormat & NDR_TABLE_MASK];

  if (!m)
  {
    FIXME("no memorysizer for data type=%02x\n", *pFormat);
    return 0;
  }

  return m(pStubMsg, pFormat);
}


2821
static unsigned char * ComplexMarshall(PMIDL_STUB_MESSAGE pStubMsg,
2822 2823 2824 2825 2826 2827
                                       unsigned char *pMemory,
                                       PFORMAT_STRING pFormat,
                                       PFORMAT_STRING pPointer)
{
  PFORMAT_STRING desc;
  NDR_MARSHALL m;
2828
  ULONG size;
2829 2830 2831

  while (*pFormat != RPC_FC_END) {
    switch (*pFormat) {
2832 2833 2834 2835 2836
    case RPC_FC_BYTE:
    case RPC_FC_CHAR:
    case RPC_FC_SMALL:
    case RPC_FC_USMALL:
      TRACE("byte=%d <= %p\n", *(WORD*)pMemory, pMemory);
2837
      safe_copy_to_buffer(pStubMsg, pMemory, 1);
2838 2839 2840
      pMemory += 1;
      break;
    case RPC_FC_WCHAR:
2841 2842
    case RPC_FC_SHORT:
    case RPC_FC_USHORT:
Ove Kaaven's avatar
Ove Kaaven committed
2843
      TRACE("short=%d <= %p\n", *(WORD*)pMemory, pMemory);
2844
      safe_copy_to_buffer(pStubMsg, pMemory, 2);
2845 2846
      pMemory += 2;
      break;
2847
    case RPC_FC_ENUM16:
2848 2849
    {
      USHORT val = *(DWORD *)pMemory;
2850 2851 2852
      TRACE("enum16=%d <= %p\n", *(DWORD*)pMemory, pMemory);
      if (32767 < *(DWORD*)pMemory)
        RpcRaiseException(RPC_X_ENUM_VALUE_OUT_OF_RANGE);
2853
      safe_copy_to_buffer(pStubMsg, &val, 2);
2854 2855
      pMemory += 4;
      break;
2856
    }
2857 2858
    case RPC_FC_LONG:
    case RPC_FC_ULONG:
Huw Davies's avatar
Huw Davies committed
2859
    case RPC_FC_ENUM32:
2860
      TRACE("long=%d <= %p\n", *(DWORD*)pMemory, pMemory);
2861
      safe_copy_to_buffer(pStubMsg, pMemory, 4);
2862 2863
      pMemory += 4;
      break;
2864 2865 2866 2867 2868 2869 2870 2871 2872
    case RPC_FC_INT3264:
    case RPC_FC_UINT3264:
    {
      UINT val = *(UINT_PTR *)pMemory;
      TRACE("int3264=%ld <= %p\n", *(UINT_PTR *)pMemory, pMemory);
      safe_copy_to_buffer(pStubMsg, &val, sizeof(UINT));
      pMemory += sizeof(UINT_PTR);
      break;
    }
2873 2874 2875 2876 2877
    case RPC_FC_FLOAT:
      TRACE("float=%f <= %p\n", *(float*)pMemory, pMemory);
      safe_copy_to_buffer(pStubMsg, pMemory, sizeof(float));
      pMemory += sizeof(float);
      break;
2878 2879
    case RPC_FC_HYPER:
      TRACE("longlong=%s <= %p\n", wine_dbgstr_longlong(*(ULONGLONG*)pMemory), pMemory);
2880
      safe_copy_to_buffer(pStubMsg, pMemory, 8);
2881 2882
      pMemory += 8;
      break;
2883 2884 2885 2886 2887
    case RPC_FC_DOUBLE:
      TRACE("double=%f <= %p\n", *(double*)pMemory, pMemory);
      safe_copy_to_buffer(pStubMsg, pMemory, sizeof(double));
      pMemory += sizeof(double);
      break;
2888 2889 2890 2891
    case RPC_FC_RP:
    case RPC_FC_UP:
    case RPC_FC_OP:
    case RPC_FC_FP:
2892
    case RPC_FC_POINTER:
2893 2894 2895
    {
      unsigned char *saved_buffer;
      int pointer_buffer_mark_set = 0;
Ove Kaaven's avatar
Ove Kaaven committed
2896
      TRACE("pointer=%p <= %p\n", *(unsigned char**)pMemory, pMemory);
2897
      TRACE("pStubMsg->Buffer before %p\n", pStubMsg->Buffer);
2898 2899
      if (*pFormat != RPC_FC_POINTER)
        pPointer = pFormat;
2900
      if (*pPointer != RPC_FC_RP)
2901
        align_pointer_clear(&pStubMsg->Buffer, 4);
2902 2903 2904 2905 2906 2907 2908
      saved_buffer = pStubMsg->Buffer;
      if (pStubMsg->PointerBufferMark)
      {
        pStubMsg->Buffer = pStubMsg->PointerBufferMark;
        pStubMsg->PointerBufferMark = NULL;
        pointer_buffer_mark_set = 1;
      }
2909
      else if (*pPointer != RPC_FC_RP)
2910
        safe_buffer_increment(pStubMsg, 4); /* for pointer ID */
2911 2912 2913 2914 2915
      PointerMarshall(pStubMsg, saved_buffer, *(unsigned char**)pMemory, pPointer);
      if (pointer_buffer_mark_set)
      {
        STD_OVERFLOW_CHECK(pStubMsg);
        pStubMsg->PointerBufferMark = pStubMsg->Buffer;
2916 2917 2918
        pStubMsg->Buffer = saved_buffer;
        if (*pPointer != RPC_FC_RP)
          safe_buffer_increment(pStubMsg, 4); /* for pointer ID */
2919
      }
2920
      TRACE("pStubMsg->Buffer after %p\n", pStubMsg->Buffer);
2921 2922 2923 2924
      if (*pFormat == RPC_FC_POINTER)
        pPointer += 4;
      else
        pFormat += 4;
2925
      pMemory += sizeof(void *);
2926
      break;
2927
    }
2928
    case RPC_FC_ALIGNM2:
2929
      align_pointer(&pMemory, 2);
2930
      break;
2931
    case RPC_FC_ALIGNM4:
2932
      align_pointer(&pMemory, 4);
2933 2934
      break;
    case RPC_FC_ALIGNM8:
2935
      align_pointer(&pMemory, 8);
2936
      break;
2937
    case RPC_FC_STRUCTPAD1:
2938
    case RPC_FC_STRUCTPAD2:
2939 2940 2941 2942 2943 2944
    case RPC_FC_STRUCTPAD3:
    case RPC_FC_STRUCTPAD4:
    case RPC_FC_STRUCTPAD5:
    case RPC_FC_STRUCTPAD6:
    case RPC_FC_STRUCTPAD7:
      pMemory += *pFormat - RPC_FC_STRUCTPAD1 + 1;
2945
      break;
2946 2947 2948
    case RPC_FC_EMBEDDED_COMPLEX:
      pMemory += pFormat[1];
      pFormat += 2;
Eric Pouech's avatar
Eric Pouech committed
2949
      desc = pFormat + *(const SHORT*)pFormat;
Ove Kaaven's avatar
Ove Kaaven committed
2950
      size = EmbeddedComplexSize(pStubMsg, desc);
2951
      TRACE("embedded complex (size=%d) <= %p\n", size, pMemory);
2952
      m = NdrMarshaller[*desc & NDR_TABLE_MASK];
2953 2954 2955 2956 2957 2958 2959 2960 2961 2962 2963
      if (m)
      {
        /* for some reason interface pointers aren't generated as
         * RPC_FC_POINTER, but instead as RPC_FC_EMBEDDED_COMPLEX, yet
         * they still need the derefencing treatment that pointers are
         * given */
        if (*desc == RPC_FC_IP)
          m(pStubMsg, *(unsigned char **)pMemory, desc);
        else
          m(pStubMsg, pMemory, desc);
      }
2964
      else FIXME("no marshaller for embedded type %02x\n", *desc);
Ove Kaaven's avatar
Ove Kaaven committed
2965
      pMemory += size;
2966 2967 2968 2969 2970
      pFormat += 2;
      continue;
    case RPC_FC_PAD:
      break;
    default:
2971
      FIXME("unhandled format 0x%02x\n", *pFormat);
2972 2973 2974 2975 2976 2977 2978
    }
    pFormat++;
  }

  return pMemory;
}

2979
static unsigned char * ComplexUnmarshall(PMIDL_STUB_MESSAGE pStubMsg,
2980 2981
                                         unsigned char *pMemory,
                                         PFORMAT_STRING pFormat,
2982 2983
                                         PFORMAT_STRING pPointer,
                                         unsigned char fMustAlloc)
2984 2985 2986
{
  PFORMAT_STRING desc;
  NDR_UNMARSHALL m;
2987
  ULONG size;
2988 2989 2990

  while (*pFormat != RPC_FC_END) {
    switch (*pFormat) {
2991 2992 2993 2994
    case RPC_FC_BYTE:
    case RPC_FC_CHAR:
    case RPC_FC_SMALL:
    case RPC_FC_USMALL:
2995
      safe_copy_from_buffer(pStubMsg, pMemory, 1);
2996 2997 2998 2999
      TRACE("byte=%d => %p\n", *(WORD*)pMemory, pMemory);
      pMemory += 1;
      break;
    case RPC_FC_WCHAR:
3000 3001
    case RPC_FC_SHORT:
    case RPC_FC_USHORT:
3002
      safe_copy_from_buffer(pStubMsg, pMemory, 2);
Ove Kaaven's avatar
Ove Kaaven committed
3003
      TRACE("short=%d => %p\n", *(WORD*)pMemory, pMemory);
3004 3005
      pMemory += 2;
      break;
3006
    case RPC_FC_ENUM16:
3007 3008 3009 3010
    {
      WORD val;
      safe_copy_from_buffer(pStubMsg, &val, 2);
      *(DWORD*)pMemory = val;
3011 3012 3013 3014 3015
      TRACE("enum16=%d => %p\n", *(DWORD*)pMemory, pMemory);
      if (32767 < *(DWORD*)pMemory)
        RpcRaiseException(RPC_X_ENUM_VALUE_OUT_OF_RANGE);
      pMemory += 4;
      break;
3016
    }
3017 3018
    case RPC_FC_LONG:
    case RPC_FC_ULONG:
Huw Davies's avatar
Huw Davies committed
3019
    case RPC_FC_ENUM32:
3020
      safe_copy_from_buffer(pStubMsg, pMemory, 4);
3021
      TRACE("long=%d => %p\n", *(DWORD*)pMemory, pMemory);
3022 3023
      pMemory += 4;
      break;
3024 3025 3026 3027 3028 3029 3030 3031 3032 3033 3034 3035 3036 3037 3038 3039 3040 3041
    case RPC_FC_INT3264:
    {
      INT val;
      safe_copy_from_buffer(pStubMsg, &val, 4);
      *(INT_PTR *)pMemory = val;
      TRACE("int3264=%ld => %p\n", *(INT_PTR*)pMemory, pMemory);
      pMemory += sizeof(INT_PTR);
      break;
    }
    case RPC_FC_UINT3264:
    {
      UINT val;
      safe_copy_from_buffer(pStubMsg, &val, 4);
      *(UINT_PTR *)pMemory = val;
      TRACE("uint3264=%ld => %p\n", *(UINT_PTR*)pMemory, pMemory);
      pMemory += sizeof(UINT_PTR);
      break;
    }
3042 3043 3044 3045 3046
    case RPC_FC_FLOAT:
      safe_copy_from_buffer(pStubMsg, pMemory, sizeof(float));
      TRACE("float=%f => %p\n", *(float*)pMemory, pMemory);
      pMemory += sizeof(float);
      break;
3047
    case RPC_FC_HYPER:
3048
      safe_copy_from_buffer(pStubMsg, pMemory, 8);
3049 3050 3051
      TRACE("longlong=%s => %p\n", wine_dbgstr_longlong(*(ULONGLONG*)pMemory), pMemory);
      pMemory += 8;
      break;
3052 3053 3054 3055 3056
    case RPC_FC_DOUBLE:
      safe_copy_from_buffer(pStubMsg, pMemory, sizeof(double));
      TRACE("double=%f => %p\n", *(double*)pMemory, pMemory);
      pMemory += sizeof(double);
      break;
3057 3058 3059 3060
    case RPC_FC_RP:
    case RPC_FC_UP:
    case RPC_FC_OP:
    case RPC_FC_FP:
3061
    case RPC_FC_POINTER:
3062 3063 3064
    {
      unsigned char *saved_buffer;
      int pointer_buffer_mark_set = 0;
Ove Kaaven's avatar
Ove Kaaven committed
3065
      TRACE("pointer => %p\n", pMemory);
3066 3067
      if (*pFormat != RPC_FC_POINTER)
        pPointer = pFormat;
3068
      if (*pPointer != RPC_FC_RP)
3069
        align_pointer(&pStubMsg->Buffer, 4);
3070 3071 3072 3073 3074 3075 3076
      saved_buffer = pStubMsg->Buffer;
      if (pStubMsg->PointerBufferMark)
      {
        pStubMsg->Buffer = pStubMsg->PointerBufferMark;
        pStubMsg->PointerBufferMark = NULL;
        pointer_buffer_mark_set = 1;
      }
3077
      else if (*pPointer != RPC_FC_RP)
3078
        safe_buffer_increment(pStubMsg, 4); /* for pointer ID */
3079

3080
      PointerUnmarshall(pStubMsg, saved_buffer, (unsigned char**)pMemory, *(unsigned char**)pMemory, pPointer, fMustAlloc);
3081 3082 3083 3084
      if (pointer_buffer_mark_set)
      {
        STD_OVERFLOW_CHECK(pStubMsg);
        pStubMsg->PointerBufferMark = pStubMsg->Buffer;
3085 3086 3087
        pStubMsg->Buffer = saved_buffer;
        if (*pPointer != RPC_FC_RP)
          safe_buffer_increment(pStubMsg, 4); /* for pointer ID */
3088
      }
3089 3090 3091 3092
      if (*pFormat == RPC_FC_POINTER)
        pPointer += 4;
      else
        pFormat += 4;
3093
      pMemory += sizeof(void *);
3094
      break;
3095
    }
3096
    case RPC_FC_ALIGNM2:
3097
      align_pointer_clear(&pMemory, 2);
3098
      break;
3099
    case RPC_FC_ALIGNM4:
3100
      align_pointer_clear(&pMemory, 4);
3101 3102
      break;
    case RPC_FC_ALIGNM8:
3103
      align_pointer_clear(&pMemory, 8);
3104
      break;
3105
    case RPC_FC_STRUCTPAD1:
3106
    case RPC_FC_STRUCTPAD2:
3107 3108 3109 3110 3111
    case RPC_FC_STRUCTPAD3:
    case RPC_FC_STRUCTPAD4:
    case RPC_FC_STRUCTPAD5:
    case RPC_FC_STRUCTPAD6:
    case RPC_FC_STRUCTPAD7:
3112
      memset(pMemory, 0, *pFormat - RPC_FC_STRUCTPAD1 + 1);
3113
      pMemory += *pFormat - RPC_FC_STRUCTPAD1 + 1;
3114
      break;
3115 3116 3117
    case RPC_FC_EMBEDDED_COMPLEX:
      pMemory += pFormat[1];
      pFormat += 2;
Eric Pouech's avatar
Eric Pouech committed
3118
      desc = pFormat + *(const SHORT*)pFormat;
Ove Kaaven's avatar
Ove Kaaven committed
3119
      size = EmbeddedComplexSize(pStubMsg, desc);
3120
      TRACE("embedded complex (size=%d) => %p\n", size, pMemory);
3121 3122 3123 3124 3125 3126 3127
      if (fMustAlloc)
        /* we can't pass fMustAlloc=TRUE into the marshaller for this type
         * since the type is part of the memory block that is encompassed by
         * the whole complex type. Memory is forced to allocate when pointers
         * are set to NULL, so we emulate that part of fMustAlloc=TRUE by
         * clearing the memory we pass in to the unmarshaller */
        memset(pMemory, 0, size);
3128
      m = NdrUnmarshaller[*desc & NDR_TABLE_MASK];
3129 3130 3131 3132 3133 3134 3135 3136 3137 3138 3139
      if (m)
      {
        /* for some reason interface pointers aren't generated as
         * RPC_FC_POINTER, but instead as RPC_FC_EMBEDDED_COMPLEX, yet
         * they still need the derefencing treatment that pointers are
         * given */
        if (*desc == RPC_FC_IP)
          m(pStubMsg, (unsigned char **)pMemory, desc, FALSE);
        else
          m(pStubMsg, &pMemory, desc, FALSE);
      }
3140
      else FIXME("no unmarshaller for embedded type %02x\n", *desc);
Ove Kaaven's avatar
Ove Kaaven committed
3141
      pMemory += size;
3142 3143 3144 3145 3146 3147 3148 3149 3150 3151 3152 3153 3154
      pFormat += 2;
      continue;
    case RPC_FC_PAD:
      break;
    default:
      FIXME("unhandled format %d\n", *pFormat);
    }
    pFormat++;
  }

  return pMemory;
}

3155
static unsigned char * ComplexBufferSize(PMIDL_STUB_MESSAGE pStubMsg,
3156 3157 3158 3159 3160 3161
                                         unsigned char *pMemory,
                                         PFORMAT_STRING pFormat,
                                         PFORMAT_STRING pPointer)
{
  PFORMAT_STRING desc;
  NDR_BUFFERSIZE m;
3162
  ULONG size;
3163 3164 3165

  while (*pFormat != RPC_FC_END) {
    switch (*pFormat) {
3166 3167 3168 3169
    case RPC_FC_BYTE:
    case RPC_FC_CHAR:
    case RPC_FC_SMALL:
    case RPC_FC_USMALL:
3170
      safe_buffer_length_increment(pStubMsg, 1);
3171 3172 3173
      pMemory += 1;
      break;
    case RPC_FC_WCHAR:
3174 3175
    case RPC_FC_SHORT:
    case RPC_FC_USHORT:
3176
      safe_buffer_length_increment(pStubMsg, 2);
3177 3178
      pMemory += 2;
      break;
3179 3180 3181 3182
    case RPC_FC_ENUM16:
      safe_buffer_length_increment(pStubMsg, 2);
      pMemory += 4;
      break;
3183 3184
    case RPC_FC_LONG:
    case RPC_FC_ULONG:
Huw Davies's avatar
Huw Davies committed
3185
    case RPC_FC_ENUM32:
3186
    case RPC_FC_FLOAT:
3187
      safe_buffer_length_increment(pStubMsg, 4);
3188 3189
      pMemory += 4;
      break;
3190 3191 3192 3193 3194
    case RPC_FC_INT3264:
    case RPC_FC_UINT3264:
      safe_buffer_length_increment(pStubMsg, 4);
      pMemory += sizeof(INT_PTR);
      break;
3195
    case RPC_FC_HYPER:
3196
    case RPC_FC_DOUBLE:
3197
      safe_buffer_length_increment(pStubMsg, 8);
3198 3199
      pMemory += 8;
      break;
3200 3201 3202 3203
    case RPC_FC_RP:
    case RPC_FC_UP:
    case RPC_FC_OP:
    case RPC_FC_FP:
3204
    case RPC_FC_POINTER:
3205 3206
      if (*pFormat != RPC_FC_POINTER)
        pPointer = pFormat;
3207 3208 3209 3210 3211 3212 3213 3214 3215 3216 3217
      if (!pStubMsg->IgnoreEmbeddedPointers)
      {
        int saved_buffer_length = pStubMsg->BufferLength;
        pStubMsg->BufferLength = pStubMsg->PointerLength;
        pStubMsg->PointerLength = 0;
        if(!pStubMsg->BufferLength)
          ERR("BufferLength == 0??\n");
        PointerBufferSize(pStubMsg, *(unsigned char**)pMemory, pPointer);
        pStubMsg->PointerLength = pStubMsg->BufferLength;
        pStubMsg->BufferLength = saved_buffer_length;
      }
3218 3219
      if (*pPointer != RPC_FC_RP)
      {
3220
        align_length(&pStubMsg->BufferLength, 4);
3221 3222
        safe_buffer_length_increment(pStubMsg, 4);
      }
3223 3224 3225 3226
      if (*pFormat == RPC_FC_POINTER)
        pPointer += 4;
      else
        pFormat += 4;
3227
      pMemory += sizeof(void*);
3228
      break;
3229
    case RPC_FC_ALIGNM2:
3230
      align_pointer(&pMemory, 2);
3231
      break;
3232
    case RPC_FC_ALIGNM4:
3233
      align_pointer(&pMemory, 4);
3234 3235
      break;
    case RPC_FC_ALIGNM8:
3236
      align_pointer(&pMemory, 8);
3237
      break;
3238
    case RPC_FC_STRUCTPAD1:
3239
    case RPC_FC_STRUCTPAD2:
3240 3241 3242 3243 3244 3245
    case RPC_FC_STRUCTPAD3:
    case RPC_FC_STRUCTPAD4:
    case RPC_FC_STRUCTPAD5:
    case RPC_FC_STRUCTPAD6:
    case RPC_FC_STRUCTPAD7:
      pMemory += *pFormat - RPC_FC_STRUCTPAD1 + 1;
3246
      break;
3247 3248 3249
    case RPC_FC_EMBEDDED_COMPLEX:
      pMemory += pFormat[1];
      pFormat += 2;
Eric Pouech's avatar
Eric Pouech committed
3250
      desc = pFormat + *(const SHORT*)pFormat;
Ove Kaaven's avatar
Ove Kaaven committed
3251
      size = EmbeddedComplexSize(pStubMsg, desc);
3252
      m = NdrBufferSizer[*desc & NDR_TABLE_MASK];
3253 3254 3255 3256 3257 3258 3259 3260 3261 3262 3263
      if (m)
      {
        /* for some reason interface pointers aren't generated as
         * RPC_FC_POINTER, but instead as RPC_FC_EMBEDDED_COMPLEX, yet
         * they still need the derefencing treatment that pointers are
         * given */
        if (*desc == RPC_FC_IP)
          m(pStubMsg, *(unsigned char **)pMemory, desc);
        else
          m(pStubMsg, pMemory, desc);
      }
3264
      else FIXME("no buffersizer for embedded type %02x\n", *desc);
Ove Kaaven's avatar
Ove Kaaven committed
3265
      pMemory += size;
3266 3267 3268 3269 3270
      pFormat += 2;
      continue;
    case RPC_FC_PAD:
      break;
    default:
3271
      FIXME("unhandled format 0x%02x\n", *pFormat);
3272 3273 3274 3275 3276 3277 3278
    }
    pFormat++;
  }

  return pMemory;
}

3279
static unsigned char * ComplexFree(PMIDL_STUB_MESSAGE pStubMsg,
3280 3281 3282 3283 3284 3285
                                   unsigned char *pMemory,
                                   PFORMAT_STRING pFormat,
                                   PFORMAT_STRING pPointer)
{
  PFORMAT_STRING desc;
  NDR_FREE m;
3286
  ULONG size;
3287 3288 3289

  while (*pFormat != RPC_FC_END) {
    switch (*pFormat) {
3290 3291 3292 3293 3294 3295 3296
    case RPC_FC_BYTE:
    case RPC_FC_CHAR:
    case RPC_FC_SMALL:
    case RPC_FC_USMALL:
      pMemory += 1;
      break;
    case RPC_FC_WCHAR:
3297 3298 3299 3300 3301 3302
    case RPC_FC_SHORT:
    case RPC_FC_USHORT:
      pMemory += 2;
      break;
    case RPC_FC_LONG:
    case RPC_FC_ULONG:
3303
    case RPC_FC_ENUM16:
Huw Davies's avatar
Huw Davies committed
3304
    case RPC_FC_ENUM32:
3305
    case RPC_FC_FLOAT:
3306 3307
      pMemory += 4;
      break;
3308 3309 3310 3311
    case RPC_FC_INT3264:
    case RPC_FC_UINT3264:
      pMemory += sizeof(INT_PTR);
      break;
3312
    case RPC_FC_HYPER:
3313
    case RPC_FC_DOUBLE:
3314 3315
      pMemory += 8;
      break;
3316 3317 3318 3319
    case RPC_FC_RP:
    case RPC_FC_UP:
    case RPC_FC_OP:
    case RPC_FC_FP:
3320
    case RPC_FC_POINTER:
3321 3322
      if (*pFormat != RPC_FC_POINTER)
        pPointer = pFormat;
Ove Kaaven's avatar
Ove Kaaven committed
3323
      NdrPointerFree(pStubMsg, *(unsigned char**)pMemory, pPointer);
3324 3325 3326 3327
      if (*pFormat == RPC_FC_POINTER)
        pPointer += 4;
      else
        pFormat += 4;
3328
      pMemory += sizeof(void *);
3329
      break;
3330
    case RPC_FC_ALIGNM2:
3331
      align_pointer(&pMemory, 2);
3332
      break;
3333
    case RPC_FC_ALIGNM4:
3334
      align_pointer(&pMemory, 4);
3335 3336
      break;
    case RPC_FC_ALIGNM8:
3337
      align_pointer(&pMemory, 8);
3338
      break;
3339
    case RPC_FC_STRUCTPAD1:
3340
    case RPC_FC_STRUCTPAD2:
3341 3342 3343 3344 3345 3346
    case RPC_FC_STRUCTPAD3:
    case RPC_FC_STRUCTPAD4:
    case RPC_FC_STRUCTPAD5:
    case RPC_FC_STRUCTPAD6:
    case RPC_FC_STRUCTPAD7:
      pMemory += *pFormat - RPC_FC_STRUCTPAD1 + 1;
3347
      break;
3348 3349 3350
    case RPC_FC_EMBEDDED_COMPLEX:
      pMemory += pFormat[1];
      pFormat += 2;
Eric Pouech's avatar
Eric Pouech committed
3351
      desc = pFormat + *(const SHORT*)pFormat;
Ove Kaaven's avatar
Ove Kaaven committed
3352
      size = EmbeddedComplexSize(pStubMsg, desc);
3353
      m = NdrFreer[*desc & NDR_TABLE_MASK];
3354 3355 3356 3357 3358 3359 3360 3361 3362 3363 3364
      if (m)
      {
        /* for some reason interface pointers aren't generated as
         * RPC_FC_POINTER, but instead as RPC_FC_EMBEDDED_COMPLEX, yet
         * they still need the derefencing treatment that pointers are
         * given */
        if (*desc == RPC_FC_IP)
          m(pStubMsg, *(unsigned char **)pMemory, desc);
        else
          m(pStubMsg, pMemory, desc);
      }
Ove Kaaven's avatar
Ove Kaaven committed
3365
      pMemory += size;
3366 3367 3368 3369 3370
      pFormat += 2;
      continue;
    case RPC_FC_PAD:
      break;
    default:
3371
      FIXME("unhandled format 0x%02x\n", *pFormat);
3372 3373 3374 3375 3376 3377 3378
    }
    pFormat++;
  }

  return pMemory;
}

3379 3380 3381
static ULONG ComplexStructMemorySize(PMIDL_STUB_MESSAGE pStubMsg,
                                     PFORMAT_STRING pFormat,
                                     PFORMAT_STRING pPointer)
3382 3383
{
  PFORMAT_STRING desc;
3384
  ULONG size = 0;
3385 3386 3387

  while (*pFormat != RPC_FC_END) {
    switch (*pFormat) {
3388 3389 3390 3391 3392
    case RPC_FC_BYTE:
    case RPC_FC_CHAR:
    case RPC_FC_SMALL:
    case RPC_FC_USMALL:
      size += 1;
3393
      safe_buffer_increment(pStubMsg, 1);
3394 3395
      break;
    case RPC_FC_WCHAR:
3396 3397 3398
    case RPC_FC_SHORT:
    case RPC_FC_USHORT:
      size += 2;
3399
      safe_buffer_increment(pStubMsg, 2);
3400
      break;
3401 3402 3403 3404
    case RPC_FC_ENUM16:
      size += 4;
      safe_buffer_increment(pStubMsg, 2);
      break;
3405 3406
    case RPC_FC_LONG:
    case RPC_FC_ULONG:
3407
    case RPC_FC_ENUM32:
3408
    case RPC_FC_FLOAT:
3409
      size += 4;
3410
      safe_buffer_increment(pStubMsg, 4);
3411
      break;
3412 3413 3414 3415 3416
    case RPC_FC_INT3264:
    case RPC_FC_UINT3264:
      size += sizeof(INT_PTR);
      safe_buffer_increment(pStubMsg, 4);
      break;
3417
    case RPC_FC_HYPER:
3418
    case RPC_FC_DOUBLE:
3419
      size += 8;
3420
      safe_buffer_increment(pStubMsg, 8);
3421
      break;
3422 3423 3424 3425
    case RPC_FC_RP:
    case RPC_FC_UP:
    case RPC_FC_OP:
    case RPC_FC_FP:
3426
    case RPC_FC_POINTER:
3427 3428 3429
    {
      unsigned char *saved_buffer;
      int pointer_buffer_mark_set = 0;
3430 3431
      if (*pFormat != RPC_FC_POINTER)
        pPointer = pFormat;
3432
      if (*pPointer != RPC_FC_RP)
3433
        align_pointer(&pStubMsg->Buffer, 4);
3434 3435 3436 3437 3438 3439 3440
      saved_buffer = pStubMsg->Buffer;
      if (pStubMsg->PointerBufferMark)
      {
        pStubMsg->Buffer = pStubMsg->PointerBufferMark;
        pStubMsg->PointerBufferMark = NULL;
        pointer_buffer_mark_set = 1;
      }
3441
      else if (*pPointer != RPC_FC_RP)
3442 3443
        safe_buffer_increment(pStubMsg, 4); /* for pointer ID */

3444
      if (!pStubMsg->IgnoreEmbeddedPointers)
3445 3446 3447 3448 3449
        PointerMemorySize(pStubMsg, saved_buffer, pPointer);
      if (pointer_buffer_mark_set)
      {
        STD_OVERFLOW_CHECK(pStubMsg);
        pStubMsg->PointerBufferMark = pStubMsg->Buffer;
3450 3451 3452
        pStubMsg->Buffer = saved_buffer;
        if (*pPointer != RPC_FC_RP)
          safe_buffer_increment(pStubMsg, 4); /* for pointer ID */
3453
      }
3454 3455 3456 3457
      if (*pFormat == RPC_FC_POINTER)
        pPointer += 4;
      else
        pFormat += 4;
3458
      size += sizeof(void *);
3459
      break;
3460
    }
3461
    case RPC_FC_ALIGNM2:
3462
      align_length(&size, 2);
3463
      break;
3464
    case RPC_FC_ALIGNM4:
3465
      align_length(&size, 4);
3466 3467
      break;
    case RPC_FC_ALIGNM8:
3468
      align_length(&size, 8);
3469
      break;
3470
    case RPC_FC_STRUCTPAD1:
3471
    case RPC_FC_STRUCTPAD2:
3472 3473 3474 3475 3476 3477
    case RPC_FC_STRUCTPAD3:
    case RPC_FC_STRUCTPAD4:
    case RPC_FC_STRUCTPAD5:
    case RPC_FC_STRUCTPAD6:
    case RPC_FC_STRUCTPAD7:
      size += *pFormat - RPC_FC_STRUCTPAD1 + 1;
3478
      break;
3479 3480 3481
    case RPC_FC_EMBEDDED_COMPLEX:
      size += pFormat[1];
      pFormat += 2;
Eric Pouech's avatar
Eric Pouech committed
3482
      desc = pFormat + *(const SHORT*)pFormat;
3483
      size += EmbeddedComplexMemorySize(pStubMsg, desc);
3484 3485 3486 3487 3488
      pFormat += 2;
      continue;
    case RPC_FC_PAD:
      break;
    default:
3489
      FIXME("unhandled format 0x%02x\n", *pFormat);
3490 3491 3492 3493 3494 3495 3496
    }
    pFormat++;
  }

  return size;
}

3497
ULONG ComplexStructSize(PMIDL_STUB_MESSAGE pStubMsg, PFORMAT_STRING pFormat)
3498 3499
{
  PFORMAT_STRING desc;
3500
  ULONG size = 0;
3501 3502 3503 3504 3505 3506 3507 3508 3509 3510 3511 3512 3513 3514 3515 3516

  while (*pFormat != RPC_FC_END) {
    switch (*pFormat) {
    case RPC_FC_BYTE:
    case RPC_FC_CHAR:
    case RPC_FC_SMALL:
    case RPC_FC_USMALL:
      size += 1;
      break;
    case RPC_FC_WCHAR:
    case RPC_FC_SHORT:
    case RPC_FC_USHORT:
      size += 2;
      break;
    case RPC_FC_LONG:
    case RPC_FC_ULONG:
3517
    case RPC_FC_ENUM16:
3518
    case RPC_FC_ENUM32:
3519
    case RPC_FC_FLOAT:
3520 3521
      size += 4;
      break;
3522 3523 3524 3525
    case RPC_FC_INT3264:
    case RPC_FC_UINT3264:
      size += sizeof(INT_PTR);
      break;
3526
    case RPC_FC_HYPER:
3527
    case RPC_FC_DOUBLE:
3528 3529
      size += 8;
      break;
3530 3531 3532 3533
    case RPC_FC_RP:
    case RPC_FC_UP:
    case RPC_FC_OP:
    case RPC_FC_FP:
3534 3535
    case RPC_FC_POINTER:
      size += sizeof(void *);
3536 3537
      if (*pFormat != RPC_FC_POINTER)
        pFormat += 4;
3538
      break;
3539
    case RPC_FC_ALIGNM2:
3540
      align_length(&size, 2);
3541
      break;
3542
    case RPC_FC_ALIGNM4:
3543
      align_length(&size, 4);
3544 3545
      break;
    case RPC_FC_ALIGNM8:
3546
      align_length(&size, 8);
3547 3548 3549 3550 3551 3552 3553 3554 3555 3556 3557 3558 3559 3560 3561 3562 3563 3564 3565 3566 3567 3568 3569 3570 3571 3572 3573 3574
      break;
    case RPC_FC_STRUCTPAD1:
    case RPC_FC_STRUCTPAD2:
    case RPC_FC_STRUCTPAD3:
    case RPC_FC_STRUCTPAD4:
    case RPC_FC_STRUCTPAD5:
    case RPC_FC_STRUCTPAD6:
    case RPC_FC_STRUCTPAD7:
      size += *pFormat - RPC_FC_STRUCTPAD1 + 1;
      break;
    case RPC_FC_EMBEDDED_COMPLEX:
      size += pFormat[1];
      pFormat += 2;
      desc = pFormat + *(const SHORT*)pFormat;
      size += EmbeddedComplexSize(pStubMsg, desc);
      pFormat += 2;
      continue;
    case RPC_FC_PAD:
      break;
    default:
      FIXME("unhandled format 0x%02x\n", *pFormat);
    }
    pFormat++;
  }

  return size;
}

3575 3576 3577 3578 3579 3580 3581 3582 3583 3584
/***********************************************************************
 *           NdrComplexStructMarshall [RPCRT4.@]
 */
unsigned char * WINAPI NdrComplexStructMarshall(PMIDL_STUB_MESSAGE pStubMsg,
                                                unsigned char *pMemory,
                                                PFORMAT_STRING pFormat)
{
  PFORMAT_STRING conf_array = NULL;
  PFORMAT_STRING pointer_desc = NULL;
  unsigned char *OldMemory = pStubMsg->Memory;
3585
  int pointer_buffer_mark_set = 0;
3586 3587 3588
  ULONG count = 0;
  ULONG max_count = 0;
  ULONG offset = 0;
3589 3590 3591

  TRACE("(%p,%p,%p)\n", pStubMsg, pMemory, pFormat);

3592 3593 3594 3595
  if (!pStubMsg->PointerBufferMark)
  {
    int saved_ignore_embedded = pStubMsg->IgnoreEmbeddedPointers;
    /* save buffer length */
3596
    ULONG saved_buffer_length = pStubMsg->BufferLength;
3597 3598 3599

    /* get the buffer pointer after complex array data, but before
     * pointer data */
3600
    pStubMsg->BufferLength = pStubMsg->Buffer - (unsigned char *)pStubMsg->RpcMsg->Buffer;
3601 3602 3603 3604 3605
    pStubMsg->IgnoreEmbeddedPointers = 1;
    NdrComplexStructBufferSize(pStubMsg, pMemory, pFormat);
    pStubMsg->IgnoreEmbeddedPointers = saved_ignore_embedded;

    /* save it for use by embedded pointer code later */
3606
    pStubMsg->PointerBufferMark = (unsigned char *)pStubMsg->RpcMsg->Buffer + pStubMsg->BufferLength;
3607
    TRACE("difference = 0x%x\n", (ULONG)(pStubMsg->PointerBufferMark - pStubMsg->Buffer));
3608 3609 3610 3611 3612 3613
    pointer_buffer_mark_set = 1;

    /* restore the original buffer length */
    pStubMsg->BufferLength = saved_buffer_length;
  }

3614
  align_pointer_clear(&pStubMsg->Buffer, pFormat[1] + 1);
3615

3616
  pFormat += 4;
3617
  if (*(const SHORT*)pFormat) conf_array = pFormat + *(const SHORT*)pFormat;
3618
  pFormat += 2;
Eric Pouech's avatar
Eric Pouech committed
3619
  if (*(const WORD*)pFormat) pointer_desc = pFormat + *(const WORD*)pFormat;
3620 3621 3622 3623
  pFormat += 2;

  pStubMsg->Memory = pMemory;

3624 3625
  if (conf_array)
  {
3626
    ULONG struct_size = ComplexStructSize(pStubMsg, pFormat);
3627 3628 3629 3630 3631 3632 3633 3634
    array_compute_and_write_conformance(conf_array[0], pStubMsg,
                                        pMemory + struct_size, conf_array);
    /* these could be changed in ComplexMarshall so save them for later */
    max_count = pStubMsg->MaxCount;
    count = pStubMsg->ActualCount;
    offset = pStubMsg->Offset;
  }

3635
  pMemory = ComplexMarshall(pStubMsg, pMemory, pFormat, pointer_desc);
3636 3637

  if (conf_array)
3638 3639 3640 3641 3642
  {
    pStubMsg->MaxCount = max_count;
    pStubMsg->ActualCount = count;
    pStubMsg->Offset = offset;
    array_write_variance_and_marshall(conf_array[0], pStubMsg, pMemory,
3643
                                      conf_array, TRUE /* fHasPointers */);
3644
  }
3645 3646 3647

  pStubMsg->Memory = OldMemory;

3648 3649 3650 3651 3652 3653
  if (pointer_buffer_mark_set)
  {
    pStubMsg->Buffer = pStubMsg->PointerBufferMark;
    pStubMsg->PointerBufferMark = NULL;
  }

Ove Kaaven's avatar
Ove Kaaven committed
3654 3655
  STD_OVERFLOW_CHECK(pStubMsg);

3656 3657 3658 3659 3660 3661 3662 3663 3664 3665 3666
  return NULL;
}

/***********************************************************************
 *           NdrComplexStructUnmarshall [RPCRT4.@]
 */
unsigned char * WINAPI NdrComplexStructUnmarshall(PMIDL_STUB_MESSAGE pStubMsg,
                                                  unsigned char **ppMemory,
                                                  PFORMAT_STRING pFormat,
                                                  unsigned char fMustAlloc)
{
Eric Pouech's avatar
Eric Pouech committed
3667
  unsigned size = *(const WORD*)(pFormat+2);
3668 3669 3670
  PFORMAT_STRING conf_array = NULL;
  PFORMAT_STRING pointer_desc = NULL;
  unsigned char *pMemory;
3671
  int pointer_buffer_mark_set = 0;
3672 3673 3674 3675
  ULONG count = 0;
  ULONG max_count = 0;
  ULONG offset = 0;
  ULONG array_size = 0;
3676 3677 3678

  TRACE("(%p,%p,%p,%d)\n", pStubMsg, ppMemory, pFormat, fMustAlloc);

3679 3680 3681 3682 3683 3684 3685 3686 3687 3688 3689 3690 3691 3692
  if (!pStubMsg->PointerBufferMark)
  {
    int saved_ignore_embedded = pStubMsg->IgnoreEmbeddedPointers;
    /* save buffer pointer */
    unsigned char *saved_buffer = pStubMsg->Buffer;

    /* get the buffer pointer after complex array data, but before
     * pointer data */
    pStubMsg->IgnoreEmbeddedPointers = 1;
    NdrComplexStructMemorySize(pStubMsg, pFormat);
    pStubMsg->IgnoreEmbeddedPointers = saved_ignore_embedded;

    /* save it for use by embedded pointer code later */
    pStubMsg->PointerBufferMark = pStubMsg->Buffer;
3693
    TRACE("difference = 0x%x\n", (ULONG)(pStubMsg->PointerBufferMark - saved_buffer));
3694 3695 3696 3697 3698 3699
    pointer_buffer_mark_set = 1;

    /* restore the original buffer */
    pStubMsg->Buffer = saved_buffer;
  }

3700
  align_pointer(&pStubMsg->Buffer, pFormat[1] + 1);
3701

3702
  pFormat += 4;
3703
  if (*(const SHORT*)pFormat) conf_array = pFormat + *(const SHORT*)pFormat;
3704
  pFormat += 2;
Eric Pouech's avatar
Eric Pouech committed
3705
  if (*(const WORD*)pFormat) pointer_desc = pFormat + *(const WORD*)pFormat;
3706 3707
  pFormat += 2;

3708 3709 3710 3711 3712 3713 3714 3715 3716 3717 3718
  if (conf_array)
  {
    array_size = array_read_conformance(conf_array[0], pStubMsg, conf_array);
    size += array_size;

    /* these could be changed in ComplexMarshall so save them for later */
    max_count = pStubMsg->MaxCount;
    count = pStubMsg->ActualCount;
    offset = pStubMsg->Offset;
  }

3719 3720 3721
  if (!fMustAlloc && !*ppMemory)
    fMustAlloc = TRUE;
  if (fMustAlloc)
3722 3723
    *ppMemory = NdrAllocate(pStubMsg, size);

3724
  pMemory = ComplexUnmarshall(pStubMsg, *ppMemory, pFormat, pointer_desc, fMustAlloc);
3725 3726

  if (conf_array)
3727 3728 3729 3730 3731 3732 3733 3734
  {
    pStubMsg->MaxCount = max_count;
    pStubMsg->ActualCount = count;
    pStubMsg->Offset = offset;
    if (fMustAlloc)
      memset(pMemory, 0, array_size);
    array_read_variance_and_unmarshall(conf_array[0], pStubMsg, &pMemory,
                                       conf_array, FALSE,
3735 3736
                                       FALSE /* fUseBufferMemoryServer */,
                                       TRUE /* fUnmarshall */);
3737
  }
3738

3739 3740 3741 3742 3743 3744
  if (pointer_buffer_mark_set)
  {
    pStubMsg->Buffer = pStubMsg->PointerBufferMark;
    pStubMsg->PointerBufferMark = NULL;
  }

3745 3746 3747 3748 3749 3750 3751 3752 3753 3754 3755 3756 3757
  return NULL;
}

/***********************************************************************
 *           NdrComplexStructBufferSize [RPCRT4.@]
 */
void WINAPI NdrComplexStructBufferSize(PMIDL_STUB_MESSAGE pStubMsg,
                                       unsigned char *pMemory,
                                       PFORMAT_STRING pFormat)
{
  PFORMAT_STRING conf_array = NULL;
  PFORMAT_STRING pointer_desc = NULL;
  unsigned char *OldMemory = pStubMsg->Memory;
3758
  int pointer_length_set = 0;
3759 3760 3761
  ULONG count = 0;
  ULONG max_count = 0;
  ULONG offset = 0;
3762 3763 3764

  TRACE("(%p,%p,%p)\n", pStubMsg, pMemory, pFormat);

3765
  align_length(&pStubMsg->BufferLength, pFormat[1] + 1);
3766

3767 3768 3769
  if(!pStubMsg->IgnoreEmbeddedPointers && !pStubMsg->PointerLength)
  {
    int saved_ignore_embedded = pStubMsg->IgnoreEmbeddedPointers;
3770
    ULONG saved_buffer_length = pStubMsg->BufferLength;
3771 3772 3773 3774 3775 3776 3777 3778 3779 3780

    /* get the buffer length after complex struct data, but before
     * pointer data */
    pStubMsg->IgnoreEmbeddedPointers = 1;
    NdrComplexStructBufferSize(pStubMsg, pMemory, pFormat);
    pStubMsg->IgnoreEmbeddedPointers = saved_ignore_embedded;

    /* save it for use by embedded pointer code later */
    pStubMsg->PointerLength = pStubMsg->BufferLength;
    pointer_length_set = 1;
3781
    TRACE("difference = 0x%x\n", pStubMsg->PointerLength - saved_buffer_length);
3782 3783 3784 3785 3786

    /* restore the original buffer length */
    pStubMsg->BufferLength = saved_buffer_length;
  }

3787
  pFormat += 4;
3788
  if (*(const SHORT*)pFormat) conf_array = pFormat + *(const SHORT*)pFormat;
3789
  pFormat += 2;
Eric Pouech's avatar
Eric Pouech committed
3790
  if (*(const WORD*)pFormat) pointer_desc = pFormat + *(const WORD*)pFormat;
3791 3792 3793 3794
  pFormat += 2;

  pStubMsg->Memory = pMemory;

3795 3796
  if (conf_array)
  {
3797
    ULONG struct_size = ComplexStructSize(pStubMsg, pFormat);
3798 3799 3800 3801 3802 3803 3804 3805 3806
    array_compute_and_size_conformance(conf_array[0], pStubMsg, pMemory + struct_size,
                                       conf_array);

    /* these could be changed in ComplexMarshall so save them for later */
    max_count = pStubMsg->MaxCount;
    count = pStubMsg->ActualCount;
    offset = pStubMsg->Offset;
  }

3807 3808 3809
  pMemory = ComplexBufferSize(pStubMsg, pMemory, pFormat, pointer_desc);

  if (conf_array)
3810 3811 3812 3813
  {
    pStubMsg->MaxCount = max_count;
    pStubMsg->ActualCount = count;
    pStubMsg->Offset = offset;
3814 3815
    array_buffer_size(conf_array[0], pStubMsg, pMemory, conf_array,
                      TRUE /* fHasPointers */);
3816
  }
3817 3818

  pStubMsg->Memory = OldMemory;
3819 3820 3821 3822 3823 3824 3825

  if(pointer_length_set)
  {
    pStubMsg->BufferLength = pStubMsg->PointerLength;
    pStubMsg->PointerLength = 0;
  }

3826 3827 3828 3829 3830
}

/***********************************************************************
 *           NdrComplexStructMemorySize [RPCRT4.@]
 */
3831 3832
ULONG WINAPI NdrComplexStructMemorySize(PMIDL_STUB_MESSAGE pStubMsg,
                                        PFORMAT_STRING pFormat)
3833
{
3834
  unsigned size = *(const WORD*)(pFormat+2);
3835
  PFORMAT_STRING conf_array = NULL;
3836
  PFORMAT_STRING pointer_desc = NULL;
3837 3838 3839
  ULONG count = 0;
  ULONG max_count = 0;
  ULONG offset = 0;
3840

3841 3842
  TRACE("(%p,%p)\n", pStubMsg, pFormat);

3843
  align_pointer(&pStubMsg->Buffer, pFormat[1] + 1);
3844 3845

  pFormat += 4;
3846
  if (*(const SHORT*)pFormat) conf_array = pFormat + *(const SHORT*)pFormat;
3847 3848 3849
  pFormat += 2;
  if (*(const WORD*)pFormat) pointer_desc = pFormat + *(const WORD*)pFormat;
  pFormat += 2;
3850

3851 3852 3853 3854 3855 3856 3857 3858 3859 3860 3861
  if (conf_array)
  {
    array_read_conformance(conf_array[0], pStubMsg, conf_array);

    /* these could be changed in ComplexStructMemorySize so save them for
     * later */
    max_count = pStubMsg->MaxCount;
    count = pStubMsg->ActualCount;
    offset = pStubMsg->Offset;
  }

3862
  ComplexStructMemorySize(pStubMsg, pFormat, pointer_desc);
3863 3864

  if (conf_array)
3865 3866 3867 3868
  {
    pStubMsg->MaxCount = max_count;
    pStubMsg->ActualCount = count;
    pStubMsg->Offset = offset;
3869 3870
    array_memory_size(conf_array[0], pStubMsg, conf_array,
                      TRUE /* fHasPointers */);
3871
  }
3872 3873

  return size;
3874 3875 3876 3877 3878 3879 3880 3881 3882 3883 3884 3885 3886 3887 3888 3889
}

/***********************************************************************
 *           NdrComplexStructFree [RPCRT4.@]
 */
void WINAPI NdrComplexStructFree(PMIDL_STUB_MESSAGE pStubMsg,
                                 unsigned char *pMemory,
                                 PFORMAT_STRING pFormat)
{
  PFORMAT_STRING conf_array = NULL;
  PFORMAT_STRING pointer_desc = NULL;
  unsigned char *OldMemory = pStubMsg->Memory;

  TRACE("(%p,%p,%p)\n", pStubMsg, pMemory, pFormat);

  pFormat += 4;
3890
  if (*(const SHORT*)pFormat) conf_array = pFormat + *(const SHORT*)pFormat;
3891
  pFormat += 2;
Eric Pouech's avatar
Eric Pouech committed
3892
  if (*(const WORD*)pFormat) pointer_desc = pFormat + *(const WORD*)pFormat;
3893 3894 3895 3896 3897 3898 3899
  pFormat += 2;

  pStubMsg->Memory = pMemory;

  pMemory = ComplexFree(pStubMsg, pMemory, pFormat, pointer_desc);

  if (conf_array)
3900 3901
    array_free(conf_array[0], pStubMsg, pMemory, conf_array,
               TRUE /* fHasPointers */);
3902 3903 3904 3905 3906 3907 3908 3909 3910 3911 3912 3913

  pStubMsg->Memory = OldMemory;
}

/***********************************************************************
 *           NdrConformantArrayMarshall [RPCRT4.@]
 */
unsigned char * WINAPI NdrConformantArrayMarshall(PMIDL_STUB_MESSAGE pStubMsg,
                                                  unsigned char *pMemory,
                                                  PFORMAT_STRING pFormat)
{
  TRACE("(%p,%p,%p)\n", pStubMsg, pMemory, pFormat);
3914 3915 3916 3917 3918
  if (pFormat[0] != RPC_FC_CARRAY)
  {
    ERR("invalid format = 0x%x\n", pFormat[0]);
    RpcRaiseException(RPC_X_BAD_STUB_DATA);
  }
3919

3920 3921
  array_compute_and_write_conformance(RPC_FC_CARRAY, pStubMsg, pMemory,
                                      pFormat);
3922 3923
  array_write_variance_and_marshall(RPC_FC_CARRAY, pStubMsg, pMemory, pFormat,
                                    TRUE /* fHasPointers */);
3924 3925 3926 3927 3928 3929 3930 3931 3932 3933 3934 3935 3936

  return NULL;
}

/***********************************************************************
 *           NdrConformantArrayUnmarshall [RPCRT4.@]
 */
unsigned char * WINAPI NdrConformantArrayUnmarshall(PMIDL_STUB_MESSAGE pStubMsg,
                                                    unsigned char **ppMemory,
                                                    PFORMAT_STRING pFormat,
                                                    unsigned char fMustAlloc)
{
  TRACE("(%p,%p,%p,%d)\n", pStubMsg, ppMemory, pFormat, fMustAlloc);
3937
  if (pFormat[0] != RPC_FC_CARRAY)
3938
  {
3939 3940
    ERR("invalid format = 0x%x\n", pFormat[0]);
    RpcRaiseException(RPC_X_BAD_STUB_DATA);
3941
  }
3942

3943 3944 3945
  array_read_conformance(RPC_FC_CARRAY, pStubMsg, pFormat);
  array_read_variance_and_unmarshall(RPC_FC_CARRAY, pStubMsg, ppMemory, pFormat,
                                     fMustAlloc,
3946 3947
                                     TRUE /* fUseBufferMemoryServer */,
                                     TRUE /* fUnmarshall */);
3948 3949 3950 3951 3952 3953 3954 3955 3956 3957 3958 3959

  return NULL;
}

/***********************************************************************
 *           NdrConformantArrayBufferSize [RPCRT4.@]
 */
void WINAPI NdrConformantArrayBufferSize(PMIDL_STUB_MESSAGE pStubMsg,
                                         unsigned char *pMemory,
                                         PFORMAT_STRING pFormat)
{
  TRACE("(%p,%p,%p)\n", pStubMsg, pMemory, pFormat);
3960 3961 3962 3963 3964
  if (pFormat[0] != RPC_FC_CARRAY)
  {
    ERR("invalid format = 0x%x\n", pFormat[0]);
    RpcRaiseException(RPC_X_BAD_STUB_DATA);
  }
3965

3966
  array_compute_and_size_conformance(RPC_FC_CARRAY, pStubMsg, pMemory, pFormat);
3967 3968
  array_buffer_size(RPC_FC_CARRAY, pStubMsg, pMemory, pFormat,
                    TRUE /* fHasPointers */);
3969 3970 3971 3972 3973
}

/***********************************************************************
 *           NdrConformantArrayMemorySize [RPCRT4.@]
 */
3974 3975
ULONG WINAPI NdrConformantArrayMemorySize(PMIDL_STUB_MESSAGE pStubMsg,
                                          PFORMAT_STRING pFormat)
3976
{
3977
  TRACE("(%p,%p)\n", pStubMsg, pFormat);
3978 3979 3980 3981 3982
  if (pFormat[0] != RPC_FC_CARRAY)
  {
    ERR("invalid format = 0x%x\n", pFormat[0]);
    RpcRaiseException(RPC_X_BAD_STUB_DATA);
  }
3983

3984
  array_read_conformance(RPC_FC_CARRAY, pStubMsg, pFormat);
3985
  array_memory_size(RPC_FC_CARRAY, pStubMsg, pFormat, TRUE /* fHasPointers */);
3986

3987
  return pStubMsg->MemorySize;
3988 3989 3990 3991 3992 3993 3994 3995 3996 3997
}

/***********************************************************************
 *           NdrConformantArrayFree [RPCRT4.@]
 */
void WINAPI NdrConformantArrayFree(PMIDL_STUB_MESSAGE pStubMsg,
                                   unsigned char *pMemory,
                                   PFORMAT_STRING pFormat)
{
  TRACE("(%p,%p,%p)\n", pStubMsg, pMemory, pFormat);
3998 3999 4000 4001 4002
  if (pFormat[0] != RPC_FC_CARRAY)
  {
    ERR("invalid format = 0x%x\n", pFormat[0]);
    RpcRaiseException(RPC_X_BAD_STUB_DATA);
  }
4003

4004 4005
  array_free(RPC_FC_CARRAY, pStubMsg, pMemory, pFormat,
             TRUE /* fHasPointers */);
4006 4007
}

4008 4009 4010 4011 4012 4013 4014 4015

/***********************************************************************
 *           NdrConformantVaryingArrayMarshall  [RPCRT4.@]
 */
unsigned char* WINAPI NdrConformantVaryingArrayMarshall( PMIDL_STUB_MESSAGE pStubMsg,
                                                         unsigned char* pMemory,
                                                         PFORMAT_STRING pFormat )
{
4016 4017 4018 4019 4020 4021 4022 4023 4024
    TRACE("(%p, %p, %p)\n", pStubMsg, pMemory, pFormat);

    if (pFormat[0] != RPC_FC_CVARRAY)
    {
        ERR("invalid format type %x\n", pFormat[0]);
        RpcRaiseException(RPC_S_INTERNAL_ERROR);
        return NULL;
    }

4025 4026 4027
    array_compute_and_write_conformance(RPC_FC_CVARRAY, pStubMsg, pMemory,
                                        pFormat);
    array_write_variance_and_marshall(RPC_FC_CVARRAY, pStubMsg, pMemory,
4028
                                      pFormat, TRUE /* fHasPointers */);
4029

4030 4031 4032 4033 4034 4035 4036 4037 4038 4039 4040 4041
    return NULL;
}


/***********************************************************************
 *           NdrConformantVaryingArrayUnmarshall  [RPCRT4.@]
 */
unsigned char* WINAPI NdrConformantVaryingArrayUnmarshall( PMIDL_STUB_MESSAGE pStubMsg,
                                                           unsigned char** ppMemory,
                                                           PFORMAT_STRING pFormat,
                                                           unsigned char fMustAlloc )
{
4042 4043 4044 4045 4046 4047 4048 4049
    TRACE("(%p, %p, %p, %d)\n", pStubMsg, ppMemory, pFormat, fMustAlloc);

    if (pFormat[0] != RPC_FC_CVARRAY)
    {
        ERR("invalid format type %x\n", pFormat[0]);
        RpcRaiseException(RPC_S_INTERNAL_ERROR);
        return NULL;
    }
4050

4051 4052 4053
    array_read_conformance(RPC_FC_CVARRAY, pStubMsg, pFormat);
    array_read_variance_and_unmarshall(RPC_FC_CVARRAY, pStubMsg, ppMemory,
                                       pFormat, fMustAlloc,
4054 4055
                                       TRUE /* fUseBufferMemoryServer */,
                                       TRUE /* fUnmarshall */);
4056

4057 4058 4059 4060 4061 4062 4063 4064 4065 4066 4067
    return NULL;
}


/***********************************************************************
 *           NdrConformantVaryingArrayFree  [RPCRT4.@]
 */
void WINAPI NdrConformantVaryingArrayFree( PMIDL_STUB_MESSAGE pStubMsg,
                                           unsigned char* pMemory,
                                           PFORMAT_STRING pFormat )
{
4068 4069 4070 4071 4072 4073 4074 4075 4076
    TRACE("(%p,%p,%p)\n", pStubMsg, pMemory, pFormat);

    if (pFormat[0] != RPC_FC_CVARRAY)
    {
        ERR("invalid format type %x\n", pFormat[0]);
        RpcRaiseException(RPC_S_INTERNAL_ERROR);
        return;
    }

4077 4078
    array_free(RPC_FC_CVARRAY, pStubMsg, pMemory, pFormat,
               TRUE /* fHasPointers */);
4079 4080 4081 4082 4083 4084 4085 4086 4087
}


/***********************************************************************
 *           NdrConformantVaryingArrayBufferSize  [RPCRT4.@]
 */
void WINAPI NdrConformantVaryingArrayBufferSize( PMIDL_STUB_MESSAGE pStubMsg,
                                                 unsigned char* pMemory, PFORMAT_STRING pFormat )
{
4088 4089 4090 4091 4092 4093 4094 4095 4096
    TRACE("(%p, %p, %p)\n", pStubMsg, pMemory, pFormat);

    if (pFormat[0] != RPC_FC_CVARRAY)
    {
        ERR("invalid format type %x\n", pFormat[0]);
        RpcRaiseException(RPC_S_INTERNAL_ERROR);
        return;
    }

4097 4098
    array_compute_and_size_conformance(RPC_FC_CVARRAY, pStubMsg, pMemory,
                                       pFormat);
4099 4100
    array_buffer_size(RPC_FC_CVARRAY, pStubMsg, pMemory, pFormat,
                      TRUE /* fHasPointers */);
4101 4102 4103 4104 4105 4106
}


/***********************************************************************
 *           NdrConformantVaryingArrayMemorySize  [RPCRT4.@]
 */
4107 4108
ULONG WINAPI NdrConformantVaryingArrayMemorySize( PMIDL_STUB_MESSAGE pStubMsg,
                                                  PFORMAT_STRING pFormat )
4109
{
4110 4111 4112 4113 4114 4115 4116 4117 4118
    TRACE("(%p, %p)\n", pStubMsg, pFormat);

    if (pFormat[0] != RPC_FC_CVARRAY)
    {
        ERR("invalid format type %x\n", pFormat[0]);
        RpcRaiseException(RPC_S_INTERNAL_ERROR);
        return pStubMsg->MemorySize;
    }

4119
    array_read_conformance(RPC_FC_CVARRAY, pStubMsg, pFormat);
4120 4121
    array_memory_size(RPC_FC_CVARRAY, pStubMsg, pFormat,
                      TRUE /* fHasPointers */);
4122 4123

    return pStubMsg->MemorySize;
4124 4125 4126
}


4127 4128 4129 4130 4131 4132 4133
/***********************************************************************
 *           NdrComplexArrayMarshall [RPCRT4.@]
 */
unsigned char * WINAPI NdrComplexArrayMarshall(PMIDL_STUB_MESSAGE pStubMsg,
                                               unsigned char *pMemory,
                                               PFORMAT_STRING pFormat)
{
4134
  int pointer_buffer_mark_set = 0;
4135

4136 4137
  TRACE("(%p,%p,%p)\n", pStubMsg, pMemory, pFormat);

4138 4139 4140 4141 4142 4143 4144
  if (pFormat[0] != RPC_FC_BOGUS_ARRAY)
  {
      ERR("invalid format type %x\n", pFormat[0]);
      RpcRaiseException(RPC_S_INTERNAL_ERROR);
      return NULL;
  }

4145 4146 4147 4148 4149
  if (!pStubMsg->PointerBufferMark)
  {
    /* save buffer fields that may be changed by buffer sizer functions
     * and that may be needed later on */
    int saved_ignore_embedded = pStubMsg->IgnoreEmbeddedPointers;
4150 4151 4152 4153
    ULONG saved_buffer_length = pStubMsg->BufferLength;
    ULONG_PTR saved_max_count = pStubMsg->MaxCount;
    ULONG saved_offset = pStubMsg->Offset;
    ULONG saved_actual_count = pStubMsg->ActualCount;
4154 4155 4156

    /* get the buffer pointer after complex array data, but before
     * pointer data */
4157
    pStubMsg->BufferLength = pStubMsg->Buffer - (unsigned char *)pStubMsg->RpcMsg->Buffer;
4158 4159 4160 4161 4162
    pStubMsg->IgnoreEmbeddedPointers = 1;
    NdrComplexArrayBufferSize(pStubMsg, pMemory, pFormat);
    pStubMsg->IgnoreEmbeddedPointers = saved_ignore_embedded;

    /* save it for use by embedded pointer code later */
4163
    pStubMsg->PointerBufferMark = (unsigned char *)pStubMsg->RpcMsg->Buffer + pStubMsg->BufferLength;
4164
    TRACE("difference = 0x%x\n", (ULONG)(pStubMsg->Buffer - (unsigned char *)pStubMsg->RpcMsg->Buffer));
4165 4166 4167 4168 4169 4170 4171 4172 4173
    pointer_buffer_mark_set = 1;

    /* restore fields */
    pStubMsg->ActualCount = saved_actual_count;
    pStubMsg->Offset = saved_offset;
    pStubMsg->MaxCount = saved_max_count;
    pStubMsg->BufferLength = saved_buffer_length;
  }

4174 4175 4176
  array_compute_and_write_conformance(RPC_FC_BOGUS_ARRAY, pStubMsg, pMemory, pFormat);
  array_write_variance_and_marshall(RPC_FC_BOGUS_ARRAY, pStubMsg,
                                    pMemory, pFormat, TRUE /* fHasPointers */);
4177

Ove Kaaven's avatar
Ove Kaaven committed
4178 4179
  STD_OVERFLOW_CHECK(pStubMsg);

4180 4181 4182 4183 4184 4185
  if (pointer_buffer_mark_set)
  {
    pStubMsg->Buffer = pStubMsg->PointerBufferMark;
    pStubMsg->PointerBufferMark = NULL;
  }

4186 4187 4188 4189 4190 4191 4192 4193 4194 4195 4196
  return NULL;
}

/***********************************************************************
 *           NdrComplexArrayUnmarshall [RPCRT4.@]
 */
unsigned char * WINAPI NdrComplexArrayUnmarshall(PMIDL_STUB_MESSAGE pStubMsg,
                                                 unsigned char **ppMemory,
                                                 PFORMAT_STRING pFormat,
                                                 unsigned char fMustAlloc)
{
4197 4198 4199
  unsigned char *saved_buffer;
  int pointer_buffer_mark_set = 0;
  int saved_ignore_embedded;
4200

4201 4202
  TRACE("(%p,%p,%p,%d)\n", pStubMsg, ppMemory, pFormat, fMustAlloc);

4203 4204 4205 4206 4207 4208 4209
  if (pFormat[0] != RPC_FC_BOGUS_ARRAY)
  {
      ERR("invalid format type %x\n", pFormat[0]);
      RpcRaiseException(RPC_S_INTERNAL_ERROR);
      return NULL;
  }

4210 4211 4212 4213 4214 4215 4216 4217 4218 4219
  saved_ignore_embedded = pStubMsg->IgnoreEmbeddedPointers;
  /* save buffer pointer */
  saved_buffer = pStubMsg->Buffer;
  /* get the buffer pointer after complex array data, but before
   * pointer data */
  pStubMsg->IgnoreEmbeddedPointers = 1;
  pStubMsg->MemorySize = 0;
  NdrComplexArrayMemorySize(pStubMsg, pFormat);
  pStubMsg->IgnoreEmbeddedPointers = saved_ignore_embedded;

4220
  TRACE("difference = 0x%x\n", (ULONG)(pStubMsg->Buffer - saved_buffer));
4221 4222 4223 4224 4225 4226 4227 4228 4229
  if (!pStubMsg->PointerBufferMark)
  {
    /* save it for use by embedded pointer code later */
    pStubMsg->PointerBufferMark = pStubMsg->Buffer;
    pointer_buffer_mark_set = 1;
  }
  /* restore the original buffer */
  pStubMsg->Buffer = saved_buffer;

4230 4231 4232
  array_read_conformance(RPC_FC_BOGUS_ARRAY, pStubMsg, pFormat);
  array_read_variance_and_unmarshall(RPC_FC_BOGUS_ARRAY, pStubMsg, ppMemory, pFormat, fMustAlloc,
                                     TRUE /* fUseBufferMemoryServer */, TRUE /* fUnmarshall */);
4233

4234 4235 4236 4237 4238 4239
  if (pointer_buffer_mark_set)
  {
    pStubMsg->Buffer = pStubMsg->PointerBufferMark;
    pStubMsg->PointerBufferMark = NULL;
  }

4240 4241 4242 4243 4244 4245 4246 4247 4248 4249
  return NULL;
}

/***********************************************************************
 *           NdrComplexArrayBufferSize [RPCRT4.@]
 */
void WINAPI NdrComplexArrayBufferSize(PMIDL_STUB_MESSAGE pStubMsg,
                                      unsigned char *pMemory,
                                      PFORMAT_STRING pFormat)
{
4250
  int pointer_length_set = 0;
4251

4252 4253
  TRACE("(%p,%p,%p)\n", pStubMsg, pMemory, pFormat);

4254 4255 4256 4257 4258 4259 4260
  if (pFormat[0] != RPC_FC_BOGUS_ARRAY)
  {
      ERR("invalid format type %x\n", pFormat[0]);
      RpcRaiseException(RPC_S_INTERNAL_ERROR);
      return;
  }

4261 4262 4263 4264 4265
  if (!pStubMsg->IgnoreEmbeddedPointers && !pStubMsg->PointerLength)
  {
    /* save buffer fields that may be changed by buffer sizer functions
     * and that may be needed later on */
    int saved_ignore_embedded = pStubMsg->IgnoreEmbeddedPointers;
4266 4267 4268 4269
    ULONG saved_buffer_length = pStubMsg->BufferLength;
    ULONG_PTR saved_max_count = pStubMsg->MaxCount;
    ULONG saved_offset = pStubMsg->Offset;
    ULONG saved_actual_count = pStubMsg->ActualCount;
4270 4271 4272 4273 4274 4275 4276 4277 4278 4279 4280 4281 4282 4283 4284 4285 4286

    /* get the buffer pointer after complex array data, but before
     * pointer data */
    pStubMsg->IgnoreEmbeddedPointers = 1;
    NdrComplexArrayBufferSize(pStubMsg, pMemory, pFormat);
    pStubMsg->IgnoreEmbeddedPointers = saved_ignore_embedded;

    /* save it for use by embedded pointer code later */
    pStubMsg->PointerLength = pStubMsg->BufferLength;
    pointer_length_set = 1;

    /* restore fields */
    pStubMsg->ActualCount = saved_actual_count;
    pStubMsg->Offset = saved_offset;
    pStubMsg->MaxCount = saved_max_count;
    pStubMsg->BufferLength = saved_buffer_length;
  }
4287

4288 4289
  array_compute_and_size_conformance(RPC_FC_BOGUS_ARRAY, pStubMsg, pMemory, pFormat);
  array_buffer_size(RPC_FC_BOGUS_ARRAY, pStubMsg, pMemory, pFormat, TRUE /* fHasPointers */);
4290 4291 4292 4293 4294 4295

  if(pointer_length_set)
  {
    pStubMsg->BufferLength = pStubMsg->PointerLength;
    pStubMsg->PointerLength = 0;
  }
4296 4297 4298 4299 4300
}

/***********************************************************************
 *           NdrComplexArrayMemorySize [RPCRT4.@]
 */
4301 4302
ULONG WINAPI NdrComplexArrayMemorySize(PMIDL_STUB_MESSAGE pStubMsg,
                                       PFORMAT_STRING pFormat)
4303
{
4304
  TRACE("(%p,%p)\n", pStubMsg, pFormat);
4305

4306 4307 4308 4309 4310 4311 4312
  if (pFormat[0] != RPC_FC_BOGUS_ARRAY)
  {
      ERR("invalid format type %x\n", pFormat[0]);
      RpcRaiseException(RPC_S_INTERNAL_ERROR);
      return 0;
  }

4313 4314 4315
  array_read_conformance(RPC_FC_BOGUS_ARRAY, pStubMsg, pFormat);
  array_memory_size(RPC_FC_BOGUS_ARRAY, pStubMsg, pFormat, TRUE /* fHasPointers */);
  return pStubMsg->MemorySize;
4316 4317 4318 4319 4320 4321 4322 4323 4324
}

/***********************************************************************
 *           NdrComplexArrayFree [RPCRT4.@]
 */
void WINAPI NdrComplexArrayFree(PMIDL_STUB_MESSAGE pStubMsg,
                                unsigned char *pMemory,
                                PFORMAT_STRING pFormat)
{
4325
  ULONG i, count, def;
4326

4327 4328
  TRACE("(%p,%p,%p)\n", pStubMsg, pMemory, pFormat);

4329 4330 4331 4332 4333 4334 4335
  if (pFormat[0] != RPC_FC_BOGUS_ARRAY)
  {
      ERR("invalid format type %x\n", pFormat[0]);
      RpcRaiseException(RPC_S_INTERNAL_ERROR);
      return;
  }

Eric Pouech's avatar
Eric Pouech committed
4336
  def = *(const WORD*)&pFormat[2];
4337 4338 4339
  pFormat += 4;

  pFormat = ComputeConformance(pStubMsg, pMemory, pFormat, def);
4340
  TRACE("conformance = %ld\n", pStubMsg->MaxCount);
4341

4342
  pFormat = ComputeVariance(pStubMsg, pMemory, pFormat, pStubMsg->MaxCount);
4343
  TRACE("variance = %d\n", pStubMsg->ActualCount);
4344

4345 4346
  count = pStubMsg->ActualCount;
  for (i = 0; i < count; i++)
4347 4348 4349
    pMemory = ComplexFree(pStubMsg, pMemory, pFormat, NULL);
}

4350 4351 4352
static void UserMarshalCB(PMIDL_STUB_MESSAGE pStubMsg,
                          USER_MARSHAL_CB_TYPE cbtype, PFORMAT_STRING pFormat,
                          USER_MARSHAL_CB *umcb)
4353
{
4354 4355 4356 4357 4358 4359 4360 4361
  umcb->Flags = MAKELONG(pStubMsg->dwDestContext,
                         pStubMsg->RpcMsg->DataRepresentation);
  umcb->pStubMsg = pStubMsg;
  umcb->pReserve = NULL;
  umcb->Signature = USER_MARSHAL_CB_SIGNATURE;
  umcb->CBType = cbtype;
  umcb->pFormat = pFormat;
  umcb->pTypeFormat = NULL /* FIXME */;
4362 4363
}

4364 4365 4366 4367
#define USER_MARSHAL_PTR_PREFIX \
        ( (DWORD)'U'         | ( (DWORD)'s' << 8 ) | \
        ( (DWORD)'e' << 16 ) | ( (DWORD)'r' << 24 ) )

4368 4369 4370 4371 4372 4373 4374
/***********************************************************************
 *           NdrUserMarshalMarshall [RPCRT4.@]
 */
unsigned char * WINAPI NdrUserMarshalMarshall(PMIDL_STUB_MESSAGE pStubMsg,
                                              unsigned char *pMemory,
                                              PFORMAT_STRING pFormat)
{
4375
  unsigned flags = pFormat[1];
Eric Pouech's avatar
Eric Pouech committed
4376
  unsigned index = *(const WORD*)&pFormat[2];
4377
  unsigned char *saved_buffer = NULL;
4378 4379
  USER_MARSHAL_CB umcb;

4380 4381 4382
  TRACE("(%p,%p,%p)\n", pStubMsg, pMemory, pFormat);
  TRACE("index=%d\n", index);

4383 4384
  UserMarshalCB(pStubMsg, USER_MARSHAL_CB_MARSHALL, pFormat, &umcb);

4385 4386
  if (flags & USER_MARSHAL_POINTER)
  {
4387
    align_pointer_clear(&pStubMsg->Buffer, 4);
4388 4389
    NDR_LOCAL_UINT32_WRITE(pStubMsg->Buffer, USER_MARSHAL_PTR_PREFIX);
    pStubMsg->Buffer += 4;
4390 4391 4392 4393 4394 4395
    if (pStubMsg->PointerBufferMark)
    {
      saved_buffer = pStubMsg->Buffer;
      pStubMsg->Buffer = pStubMsg->PointerBufferMark;
      pStubMsg->PointerBufferMark = NULL;
    }
4396
    align_pointer_clear(&pStubMsg->Buffer, 8);
4397 4398
  }
  else
4399
    align_pointer_clear(&pStubMsg->Buffer, (flags & 0xf) + 1);
4400

4401 4402
  pStubMsg->Buffer =
    pStubMsg->StubDesc->aUserMarshalQuadruple[index].pfnMarshall(
4403
      &umcb.Flags, pStubMsg->Buffer, pMemory);
4404

4405 4406 4407 4408 4409 4410 4411
  if (saved_buffer)
  {
    STD_OVERFLOW_CHECK(pStubMsg);
    pStubMsg->PointerBufferMark = pStubMsg->Buffer;
    pStubMsg->Buffer = saved_buffer;
  }

Ove Kaaven's avatar
Ove Kaaven committed
4412 4413
  STD_OVERFLOW_CHECK(pStubMsg);

4414 4415 4416 4417 4418 4419 4420 4421 4422 4423 4424
  return NULL;
}

/***********************************************************************
 *           NdrUserMarshalUnmarshall [RPCRT4.@]
 */
unsigned char * WINAPI NdrUserMarshalUnmarshall(PMIDL_STUB_MESSAGE pStubMsg,
                                                 unsigned char **ppMemory,
                                                 PFORMAT_STRING pFormat,
                                                 unsigned char fMustAlloc)
{
4425
  unsigned flags = pFormat[1];
Eric Pouech's avatar
Eric Pouech committed
4426 4427
  unsigned index = *(const WORD*)&pFormat[2];
  DWORD memsize = *(const WORD*)&pFormat[4];
4428
  unsigned char *saved_buffer = NULL;
4429 4430
  USER_MARSHAL_CB umcb;

4431 4432 4433
  TRACE("(%p,%p,%p,%d)\n", pStubMsg, ppMemory, pFormat, fMustAlloc);
  TRACE("index=%d\n", index);

4434 4435
  UserMarshalCB(pStubMsg, USER_MARSHAL_CB_UNMARSHALL, pFormat, &umcb);

4436 4437
  if (flags & USER_MARSHAL_POINTER)
  {
4438
    align_pointer(&pStubMsg->Buffer, 4);
4439 4440
    /* skip pointer prefix */
    pStubMsg->Buffer += 4;
4441 4442 4443 4444 4445 4446
    if (pStubMsg->PointerBufferMark)
    {
      saved_buffer = pStubMsg->Buffer;
      pStubMsg->Buffer = pStubMsg->PointerBufferMark;
      pStubMsg->PointerBufferMark = NULL;
    }
4447
    align_pointer(&pStubMsg->Buffer, 8);
4448 4449
  }
  else
4450
    align_pointer(&pStubMsg->Buffer, (flags & 0xf) + 1);
4451

4452 4453 4454 4455
  if (!fMustAlloc && !*ppMemory)
    fMustAlloc = TRUE;
  if (fMustAlloc)
  {
4456
    *ppMemory = NdrAllocate(pStubMsg, memsize);
4457 4458
    memset(*ppMemory, 0, memsize);
  }
4459 4460 4461

  pStubMsg->Buffer =
    pStubMsg->StubDesc->aUserMarshalQuadruple[index].pfnUnmarshall(
4462
      &umcb.Flags, pStubMsg->Buffer, *ppMemory);
4463

4464 4465 4466 4467 4468 4469 4470
  if (saved_buffer)
  {
    STD_OVERFLOW_CHECK(pStubMsg);
    pStubMsg->PointerBufferMark = pStubMsg->Buffer;
    pStubMsg->Buffer = saved_buffer;
  }

4471 4472 4473 4474 4475 4476 4477 4478 4479 4480
  return NULL;
}

/***********************************************************************
 *           NdrUserMarshalBufferSize [RPCRT4.@]
 */
void WINAPI NdrUserMarshalBufferSize(PMIDL_STUB_MESSAGE pStubMsg,
                                      unsigned char *pMemory,
                                      PFORMAT_STRING pFormat)
{
4481
  unsigned flags = pFormat[1];
Eric Pouech's avatar
Eric Pouech committed
4482 4483
  unsigned index = *(const WORD*)&pFormat[2];
  DWORD bufsize = *(const WORD*)&pFormat[6];
4484
  USER_MARSHAL_CB umcb;
4485
  ULONG saved_buffer_length = 0;
4486

4487 4488 4489
  TRACE("(%p,%p,%p)\n", pStubMsg, pMemory, pFormat);
  TRACE("index=%d\n", index);

4490 4491
  UserMarshalCB(pStubMsg, USER_MARSHAL_CB_BUFFER_SIZE, pFormat, &umcb);

4492 4493
  if (flags & USER_MARSHAL_POINTER)
  {
4494
    align_length(&pStubMsg->BufferLength, 4);
4495
    /* skip pointer prefix */
4496
    safe_buffer_length_increment(pStubMsg, 4);
4497 4498 4499 4500 4501 4502 4503 4504
    if (pStubMsg->IgnoreEmbeddedPointers)
      return;
    if (pStubMsg->PointerLength)
    {
      saved_buffer_length = pStubMsg->BufferLength;
      pStubMsg->BufferLength = pStubMsg->PointerLength;
      pStubMsg->PointerLength = 0;
    }
4505
    align_length(&pStubMsg->BufferLength, 8);
4506 4507
  }
  else
4508
    align_length(&pStubMsg->BufferLength, (flags & 0xf) + 1);
4509

4510
  if (bufsize) {
4511
    TRACE("size=%d\n", bufsize);
4512
    safe_buffer_length_increment(pStubMsg, bufsize);
4513 4514 4515 4516
  }
  else
    pStubMsg->BufferLength =
        pStubMsg->StubDesc->aUserMarshalQuadruple[index].pfnBufferSize(
4517
                             &umcb.Flags, pStubMsg->BufferLength, pMemory);
4518 4519 4520 4521 4522

  if (saved_buffer_length)
  {
    pStubMsg->PointerLength = pStubMsg->BufferLength;
    pStubMsg->BufferLength = saved_buffer_length;
4523 4524 4525 4526 4527 4528 4529
  }

}

/***********************************************************************
 *           NdrUserMarshalMemorySize [RPCRT4.@]
 */
4530 4531
ULONG WINAPI NdrUserMarshalMemorySize(PMIDL_STUB_MESSAGE pStubMsg,
                                      PFORMAT_STRING pFormat)
4532
{
4533
  unsigned flags = pFormat[1];
Eric Pouech's avatar
Eric Pouech committed
4534
  unsigned index = *(const WORD*)&pFormat[2];
4535 4536 4537 4538
  DWORD memsize = *(const WORD*)&pFormat[4];
  DWORD bufsize = *(const WORD*)&pFormat[6];

  TRACE("(%p,%p)\n", pStubMsg, pFormat);
Ove Kaaven's avatar
Ove Kaaven committed
4539 4540
  TRACE("index=%d\n", index);

4541
  pStubMsg->MemorySize += memsize;
4542 4543 4544

  if (flags & USER_MARSHAL_POINTER)
  {
4545
    align_pointer(&pStubMsg->Buffer, 4);
4546 4547
    /* skip pointer prefix */
    pStubMsg->Buffer += 4;
4548 4549
    if (pStubMsg->IgnoreEmbeddedPointers)
      return pStubMsg->MemorySize;
4550
    align_pointer(&pStubMsg->Buffer, 8);
4551 4552
  }
  else
4553
    align_pointer(&pStubMsg->Buffer, (flags & 0xf) + 1);
4554

4555 4556 4557
  if (!bufsize)
    FIXME("not implemented for varying buffer size\n");

4558 4559 4560
  pStubMsg->Buffer += bufsize;

  return pStubMsg->MemorySize;
4561 4562 4563 4564 4565 4566 4567 4568 4569 4570
}

/***********************************************************************
 *           NdrUserMarshalFree [RPCRT4.@]
 */
void WINAPI NdrUserMarshalFree(PMIDL_STUB_MESSAGE pStubMsg,
                                unsigned char *pMemory,
                                PFORMAT_STRING pFormat)
{
/*  unsigned flags = pFormat[1]; */
Eric Pouech's avatar
Eric Pouech committed
4571
  unsigned index = *(const WORD*)&pFormat[2];
4572 4573
  USER_MARSHAL_CB umcb;

4574 4575 4576
  TRACE("(%p,%p,%p)\n", pStubMsg, pMemory, pFormat);
  TRACE("index=%d\n", index);

4577 4578
  UserMarshalCB(pStubMsg, USER_MARSHAL_CB_FREE, pFormat, &umcb);

4579
  pStubMsg->StubDesc->aUserMarshalQuadruple[index].pfnFree(
4580
    &umcb.Flags, pMemory);
4581
}
4582

4583 4584 4585
/***********************************************************************
 *           NdrGetUserMarshalInfo [RPCRT4.@]
 */
4586
RPC_STATUS RPC_ENTRY NdrGetUserMarshalInfo(ULONG *flags, ULONG level, NDR_USER_MARSHAL_INFO *umi)
4587
{
4588 4589 4590 4591 4592 4593 4594
    USER_MARSHAL_CB *umcb = CONTAINING_RECORD(flags, USER_MARSHAL_CB, Flags);

    TRACE("(%p,%u,%p)\n", flags, level, umi);

    if (level != 1)
        return RPC_S_INVALID_ARG;

4595
    memset(&umi->u1.Level1, 0, sizeof(umi->u1.Level1));
4596 4597 4598 4599 4600
    umi->InformationLevel = level;

    if (umcb->Signature != USER_MARSHAL_CB_SIGNATURE)
        return RPC_S_INVALID_ARG;

4601 4602 4603
    umi->u1.Level1.pfnAllocate = umcb->pStubMsg->pfnAllocate;
    umi->u1.Level1.pfnFree = umcb->pStubMsg->pfnFree;
    umi->u1.Level1.pRpcChannelBuffer = umcb->pStubMsg->pRpcChannelBuffer;
4604 4605 4606 4607 4608 4609 4610 4611 4612 4613 4614 4615 4616 4617 4618

    switch (umcb->CBType)
    {
    case USER_MARSHAL_CB_MARSHALL:
    case USER_MARSHAL_CB_UNMARSHALL:
    {
        RPC_MESSAGE *msg = umcb->pStubMsg->RpcMsg;
        unsigned char *buffer_start = msg->Buffer;
        unsigned char *buffer_end =
            (unsigned char *)msg->Buffer + msg->BufferLength;

        if (umcb->pStubMsg->Buffer < buffer_start ||
            umcb->pStubMsg->Buffer > buffer_end)
            return ERROR_INVALID_USER_BUFFER;

4619 4620
        umi->u1.Level1.Buffer = umcb->pStubMsg->Buffer;
        umi->u1.Level1.BufferSize = buffer_end - umcb->pStubMsg->Buffer;
4621 4622 4623 4624 4625 4626 4627 4628 4629 4630
        break;
    }
    case USER_MARSHAL_CB_BUFFER_SIZE:
    case USER_MARSHAL_CB_FREE:
        break;
    default:
        WARN("unrecognised CBType %d\n", umcb->CBType);
    }

    return RPC_S_OK;
4631 4632
}

4633 4634 4635 4636 4637 4638 4639 4640 4641 4642
/***********************************************************************
 *           NdrClearOutParameters [RPCRT4.@]
 */
void WINAPI NdrClearOutParameters(PMIDL_STUB_MESSAGE pStubMsg,
                                  PFORMAT_STRING pFormat,
                                  void *ArgAddr)
{
  FIXME("(%p,%p,%p): stub\n", pStubMsg, pFormat, ArgAddr);
}

4643 4644 4645 4646 4647 4648
/***********************************************************************
 *           NdrConvert [RPCRT4.@]
 */
void WINAPI NdrConvert( PMIDL_STUB_MESSAGE pStubMsg, PFORMAT_STRING pFormat )
{
  FIXME("(pStubMsg == ^%p, pFormat == ^%p): stub.\n", pStubMsg, pFormat);
4649 4650
  /* FIXME: since this stub doesn't do any converting, the proper behavior
     is to raise an exception */
4651 4652 4653 4654 4655
}

/***********************************************************************
 *           NdrConvert2 [RPCRT4.@]
 */
4656
void WINAPI NdrConvert2( PMIDL_STUB_MESSAGE pStubMsg, PFORMAT_STRING pFormat, LONG NumberParams )
4657
{
4658
  FIXME("(pStubMsg == ^%p, pFormat == ^%p, NumberParams == %d): stub.\n",
4659
    pStubMsg, pFormat, NumberParams);
4660 4661
  /* FIXME: since this stub doesn't do any converting, the proper behavior
     is to raise an exception */
4662
}
4663

4664
#include "pshpack1.h"
4665 4666 4667 4668 4669 4670
typedef struct _NDR_CSTRUCT_FORMAT
{
    unsigned char type;
    unsigned char alignment;
    unsigned short memory_size;
    short offset_to_array_description;
4671
} NDR_CSTRUCT_FORMAT, NDR_CVSTRUCT_FORMAT;
4672
#include "poppack.h"
4673

4674 4675 4676 4677 4678 4679 4680
/***********************************************************************
 *           NdrConformantStructMarshall [RPCRT4.@]
 */
unsigned char *  WINAPI NdrConformantStructMarshall(PMIDL_STUB_MESSAGE pStubMsg,
                                unsigned char *pMemory,
                                PFORMAT_STRING pFormat)
{
4681
    const NDR_CSTRUCT_FORMAT *pCStructFormat = (const NDR_CSTRUCT_FORMAT *)pFormat;
4682
    PFORMAT_STRING pCArrayFormat;
4683
    ULONG esize, bufsize;
4684 4685 4686

    TRACE("(%p, %p, %p)\n", pStubMsg, pMemory, pFormat);

4687
    pFormat += sizeof(NDR_CSTRUCT_FORMAT);
4688 4689 4690 4691 4692 4693 4694
    if ((pCStructFormat->type != RPC_FC_CPSTRUCT) && (pCStructFormat->type != RPC_FC_CSTRUCT))
    {
        ERR("invalid format type %x\n", pCStructFormat->type);
        RpcRaiseException(RPC_S_INTERNAL_ERROR);
        return NULL;
    }

4695
    pCArrayFormat = (const unsigned char *)&pCStructFormat->offset_to_array_description +
4696 4697 4698 4699 4700 4701 4702 4703 4704 4705 4706 4707 4708 4709
        pCStructFormat->offset_to_array_description;
    if (*pCArrayFormat != RPC_FC_CARRAY)
    {
        ERR("invalid array format type %x\n", pCStructFormat->type);
        RpcRaiseException(RPC_S_INTERNAL_ERROR);
        return NULL;
    }
    esize = *(const WORD*)(pCArrayFormat+2);

    ComputeConformance(pStubMsg, pMemory + pCStructFormat->memory_size,
                       pCArrayFormat + 4, 0);

    WriteConformance(pStubMsg);

4710
    align_pointer_clear(&pStubMsg->Buffer, pCStructFormat->alignment + 1);
4711

4712 4713
    TRACE("memory_size = %d\n", pCStructFormat->memory_size);

4714
    bufsize = safe_multiply(esize, pStubMsg->MaxCount);
4715 4716 4717 4718 4719 4720
    if (pCStructFormat->memory_size + bufsize < pCStructFormat->memory_size) /* integer overflow */
    {
        ERR("integer overflow of memory_size %u with bufsize %u\n",
            pCStructFormat->memory_size, bufsize);
        RpcRaiseException(RPC_X_BAD_STUB_DATA);
    }
4721
    /* copy constant sized part of struct */
4722
    pStubMsg->BufferMark = pStubMsg->Buffer;
4723
    safe_copy_to_buffer(pStubMsg, pMemory, pCStructFormat->memory_size + bufsize);
4724 4725 4726

    if (pCStructFormat->type == RPC_FC_CPSTRUCT)
        EmbeddedPointerMarshall(pStubMsg, pMemory, pFormat);
4727

4728 4729 4730 4731 4732 4733 4734 4735 4736 4737 4738
    return NULL;
}

/***********************************************************************
 *           NdrConformantStructUnmarshall [RPCRT4.@]
 */
unsigned char *  WINAPI NdrConformantStructUnmarshall(PMIDL_STUB_MESSAGE pStubMsg,
                                unsigned char **ppMemory,
                                PFORMAT_STRING pFormat,
                                unsigned char fMustAlloc)
{
4739
    const NDR_CSTRUCT_FORMAT *pCStructFormat = (const NDR_CSTRUCT_FORMAT *)pFormat;
4740
    PFORMAT_STRING pCArrayFormat;
4741
    ULONG esize, bufsize;
4742
    unsigned char *saved_buffer;
4743 4744 4745

    TRACE("(%p, %p, %p, %d)\n", pStubMsg, ppMemory, pFormat, fMustAlloc);

4746
    pFormat += sizeof(NDR_CSTRUCT_FORMAT);
4747 4748 4749 4750 4751 4752
    if ((pCStructFormat->type != RPC_FC_CPSTRUCT) && (pCStructFormat->type != RPC_FC_CSTRUCT))
    {
        ERR("invalid format type %x\n", pCStructFormat->type);
        RpcRaiseException(RPC_S_INTERNAL_ERROR);
        return NULL;
    }
4753
    pCArrayFormat = (const unsigned char *)&pCStructFormat->offset_to_array_description +
4754 4755 4756 4757 4758 4759 4760 4761 4762 4763
        pCStructFormat->offset_to_array_description;
    if (*pCArrayFormat != RPC_FC_CARRAY)
    {
        ERR("invalid array format type %x\n", pCStructFormat->type);
        RpcRaiseException(RPC_S_INTERNAL_ERROR);
        return NULL;
    }
    esize = *(const WORD*)(pCArrayFormat+2);

    pCArrayFormat = ReadConformance(pStubMsg, pCArrayFormat + 4);
4764

4765
    align_pointer(&pStubMsg->Buffer, pCStructFormat->alignment + 1);
4766

4767 4768
    TRACE("memory_size = %d\n", pCStructFormat->memory_size);

4769
    bufsize = safe_multiply(esize, pStubMsg->MaxCount);
4770 4771 4772 4773 4774 4775
    if (pCStructFormat->memory_size + bufsize < pCStructFormat->memory_size) /* integer overflow */
    {
        ERR("integer overflow of memory_size %u with bufsize %u\n",
            pCStructFormat->memory_size, bufsize);
        RpcRaiseException(RPC_X_BAD_STUB_DATA);
    }
4776 4777

    if (fMustAlloc)
4778
    {
4779
        SIZE_T size = pCStructFormat->memory_size + bufsize;
4780 4781
        *ppMemory = NdrAllocate(pStubMsg, size);
    }
4782 4783 4784 4785 4786 4787
    else
    {
        if (!pStubMsg->IsClient && !*ppMemory)
            /* for servers, we just point straight into the RPC buffer */
            *ppMemory = pStubMsg->Buffer;
    }
4788

4789 4790
    saved_buffer = pStubMsg->BufferMark = pStubMsg->Buffer;
    safe_buffer_increment(pStubMsg, pCStructFormat->memory_size + bufsize);
4791
    if (pCStructFormat->type == RPC_FC_CPSTRUCT)
4792 4793 4794 4795 4796
        EmbeddedPointerUnmarshall(pStubMsg, saved_buffer, *ppMemory, pFormat, fMustAlloc);

    TRACE("copying %p to %p\n", saved_buffer, *ppMemory);
    if (*ppMemory != saved_buffer)
        memcpy(*ppMemory, saved_buffer, pCStructFormat->memory_size + bufsize);
4797

4798 4799 4800 4801 4802 4803 4804 4805 4806 4807
    return NULL;
}

/***********************************************************************
 *           NdrConformantStructBufferSize [RPCRT4.@]
 */
void WINAPI NdrConformantStructBufferSize(PMIDL_STUB_MESSAGE pStubMsg,
                                unsigned char *pMemory,
                                PFORMAT_STRING pFormat)
{
4808
    const NDR_CSTRUCT_FORMAT * pCStructFormat = (const NDR_CSTRUCT_FORMAT *)pFormat;
4809 4810 4811
    PFORMAT_STRING pCArrayFormat;
    ULONG esize;

4812 4813
    TRACE("(%p, %p, %p)\n", pStubMsg, pMemory, pFormat);

4814
    pFormat += sizeof(NDR_CSTRUCT_FORMAT);
4815 4816 4817 4818 4819 4820
    if ((pCStructFormat->type != RPC_FC_CPSTRUCT) && (pCStructFormat->type != RPC_FC_CSTRUCT))
    {
        ERR("invalid format type %x\n", pCStructFormat->type);
        RpcRaiseException(RPC_S_INTERNAL_ERROR);
        return;
    }
4821
    pCArrayFormat = (const unsigned char *)&pCStructFormat->offset_to_array_description +
4822 4823 4824 4825 4826 4827 4828 4829 4830 4831 4832
        pCStructFormat->offset_to_array_description;
    if (*pCArrayFormat != RPC_FC_CARRAY)
    {
        ERR("invalid array format type %x\n", pCStructFormat->type);
        RpcRaiseException(RPC_S_INTERNAL_ERROR);
        return;
    }
    esize = *(const WORD*)(pCArrayFormat+2);

    pCArrayFormat = ComputeConformance(pStubMsg, pMemory + pCStructFormat->memory_size, pCArrayFormat+4, 0);
    SizeConformance(pStubMsg);
4833

4834
    align_length(&pStubMsg->BufferLength, pCStructFormat->alignment + 1);
4835

4836 4837
    TRACE("memory_size = %d\n", pCStructFormat->memory_size);

4838 4839
    safe_buffer_length_increment(pStubMsg, pCStructFormat->memory_size);
    safe_buffer_length_increment(pStubMsg, safe_multiply(pStubMsg->MaxCount, esize));
4840 4841 4842

    if (pCStructFormat->type == RPC_FC_CPSTRUCT)
        EmbeddedPointerBufferSize(pStubMsg, pMemory, pFormat);
4843 4844 4845 4846 4847
}

/***********************************************************************
 *           NdrConformantStructMemorySize [RPCRT4.@]
 */
4848
ULONG WINAPI NdrConformantStructMemorySize(PMIDL_STUB_MESSAGE pStubMsg,
4849 4850 4851 4852 4853 4854 4855 4856 4857 4858 4859 4860 4861
                                PFORMAT_STRING pFormat)
{
    FIXME("stub\n");
    return 0;
}

/***********************************************************************
 *           NdrConformantStructFree [RPCRT4.@]
 */
void WINAPI NdrConformantStructFree(PMIDL_STUB_MESSAGE pStubMsg,
                                unsigned char *pMemory,
                                PFORMAT_STRING pFormat)
{
4862 4863 4864 4865 4866 4867 4868 4869 4870 4871 4872 4873 4874 4875 4876 4877 4878 4879 4880 4881 4882 4883 4884 4885 4886 4887 4888 4889 4890 4891 4892 4893
    const NDR_CSTRUCT_FORMAT *pCStructFormat = (const NDR_CSTRUCT_FORMAT *)pFormat;
    PFORMAT_STRING pCArrayFormat;

    TRACE("(%p, %p, %p)\n", pStubMsg, pMemory, pFormat);

    pFormat += sizeof(NDR_CSTRUCT_FORMAT);
    if ((pCStructFormat->type != RPC_FC_CPSTRUCT) && (pCStructFormat->type != RPC_FC_CSTRUCT))
    {
        ERR("invalid format type %x\n", pCStructFormat->type);
        RpcRaiseException(RPC_S_INTERNAL_ERROR);
        return;
    }

    pCArrayFormat = (const unsigned char *)&pCStructFormat->offset_to_array_description +
        pCStructFormat->offset_to_array_description;
    if (*pCArrayFormat != RPC_FC_CARRAY)
    {
        ERR("invalid array format type %x\n", pCStructFormat->type);
        RpcRaiseException(RPC_S_INTERNAL_ERROR);
        return;
    }

    ComputeConformance(pStubMsg, pMemory + pCStructFormat->memory_size,
                       pCArrayFormat + 4, 0);

    TRACE("memory_size = %d\n", pCStructFormat->memory_size);

    /* copy constant sized part of struct */
    pStubMsg->BufferMark = pStubMsg->Buffer;

    if (pCStructFormat->type == RPC_FC_CPSTRUCT)
        EmbeddedPointerFree(pStubMsg, pMemory, pFormat);
4894 4895 4896 4897 4898 4899 4900 4901 4902
}

/***********************************************************************
 *           NdrConformantVaryingStructMarshall [RPCRT4.@]
 */
unsigned char *  WINAPI NdrConformantVaryingStructMarshall(PMIDL_STUB_MESSAGE pStubMsg,
                                unsigned char *pMemory,
                                PFORMAT_STRING pFormat)
{
4903
    const NDR_CVSTRUCT_FORMAT *pCVStructFormat = (const NDR_CVSTRUCT_FORMAT *)pFormat;
4904 4905 4906 4907 4908 4909 4910 4911 4912 4913 4914 4915
    PFORMAT_STRING pCVArrayFormat;

    TRACE("(%p, %p, %p)\n", pStubMsg, pMemory, pFormat);

    pFormat += sizeof(NDR_CVSTRUCT_FORMAT);
    if (pCVStructFormat->type != RPC_FC_CVSTRUCT)
    {
        ERR("invalid format type %x\n", pCVStructFormat->type);
        RpcRaiseException(RPC_S_INTERNAL_ERROR);
        return NULL;
    }

4916
    pCVArrayFormat = (const unsigned char *)&pCVStructFormat->offset_to_array_description +
4917 4918
        pCVStructFormat->offset_to_array_description;

4919 4920 4921
    array_compute_and_write_conformance(*pCVArrayFormat, pStubMsg,
                                        pMemory + pCVStructFormat->memory_size,
                                        pCVArrayFormat);
4922

4923
    align_pointer_clear(&pStubMsg->Buffer, pCVStructFormat->alignment + 1);
4924 4925 4926

    TRACE("memory_size = %d\n", pCVStructFormat->memory_size);

4927
    /* write constant sized part */
4928
    pStubMsg->BufferMark = pStubMsg->Buffer;
4929
    safe_copy_to_buffer(pStubMsg, pMemory, pCVStructFormat->memory_size);
4930

4931 4932 4933
    array_write_variance_and_marshall(*pCVArrayFormat, pStubMsg,
                                      pMemory + pCVStructFormat->memory_size,
                                      pCVArrayFormat, FALSE /* fHasPointers */);
4934 4935 4936

    EmbeddedPointerMarshall(pStubMsg, pMemory, pFormat);

4937 4938 4939 4940 4941 4942 4943 4944 4945 4946 4947
    return NULL;
}

/***********************************************************************
 *           NdrConformantVaryingStructUnmarshall [RPCRT4.@]
 */
unsigned char *  WINAPI NdrConformantVaryingStructUnmarshall(PMIDL_STUB_MESSAGE pStubMsg,
                                unsigned char **ppMemory,
                                PFORMAT_STRING pFormat,
                                unsigned char fMustAlloc)
{
4948
    const NDR_CVSTRUCT_FORMAT *pCVStructFormat = (const NDR_CVSTRUCT_FORMAT *)pFormat;
4949
    PFORMAT_STRING pCVArrayFormat;
4950
    ULONG memsize, bufsize;
4951
    unsigned char *saved_buffer, *saved_array_buffer;
4952 4953
    ULONG offset;
    unsigned char *array_memory;
4954 4955 4956 4957 4958 4959 4960 4961 4962 4963 4964

    TRACE("(%p, %p, %p, %d)\n", pStubMsg, ppMemory, pFormat, fMustAlloc);

    pFormat += sizeof(NDR_CVSTRUCT_FORMAT);
    if (pCVStructFormat->type != RPC_FC_CVSTRUCT)
    {
        ERR("invalid format type %x\n", pCVStructFormat->type);
        RpcRaiseException(RPC_S_INTERNAL_ERROR);
        return NULL;
    }

4965
    pCVArrayFormat = (const unsigned char *)&pCVStructFormat->offset_to_array_description +
4966
        pCVStructFormat->offset_to_array_description;
4967 4968 4969

    memsize = array_read_conformance(*pCVArrayFormat, pStubMsg,
                                     pCVArrayFormat);
4970

4971
    align_pointer(&pStubMsg->Buffer, pCVStructFormat->alignment + 1);
4972 4973 4974 4975

    TRACE("memory_size = %d\n", pCVStructFormat->memory_size);

    /* work out how much memory to allocate if we need to do so */
4976 4977 4978
    if (!fMustAlloc && !*ppMemory)
        fMustAlloc = TRUE;
    if (fMustAlloc)
4979
    {
4980
        SIZE_T size = pCVStructFormat->memory_size + memsize;
4981 4982 4983
        *ppMemory = NdrAllocate(pStubMsg, size);
    }

4984 4985 4986
    /* mark the start of the constant data */
    saved_buffer = pStubMsg->BufferMark = pStubMsg->Buffer;
    safe_buffer_increment(pStubMsg, pCVStructFormat->memory_size);
4987

4988 4989 4990 4991 4992 4993
    array_memory = *ppMemory + pCVStructFormat->memory_size;
    bufsize = array_read_variance_and_unmarshall(*pCVArrayFormat, pStubMsg,
                                                 &array_memory, pCVArrayFormat,
                                                 FALSE /* fMustAlloc */,
                                                 FALSE /* fUseServerBufferMemory */,
                                                 FALSE /* fUnmarshall */);
4994

4995 4996
    /* save offset in case unmarshalling pointers changes it */
    offset = pStubMsg->Offset;
4997

4998 4999 5000 5001 5002 5003 5004 5005
    /* mark the start of the array data */
    saved_array_buffer = pStubMsg->Buffer;
    safe_buffer_increment(pStubMsg, bufsize);

    EmbeddedPointerUnmarshall(pStubMsg, saved_buffer, *ppMemory, pFormat, fMustAlloc);

    /* copy the constant data */
    memcpy(*ppMemory, saved_buffer, pCVStructFormat->memory_size);
5006
    /* copy the array data */
5007
    TRACE("copying %p to %p\n", saved_array_buffer, *ppMemory + pCVStructFormat->memory_size);
5008 5009
    memcpy(*ppMemory + pCVStructFormat->memory_size + offset,
           saved_array_buffer, bufsize);
5010

5011
    if (*pCVArrayFormat == RPC_FC_C_CSTRING)
5012
        TRACE("string=%s\n", debugstr_a((char *)(*ppMemory + pCVStructFormat->memory_size)));
5013
    else if (*pCVArrayFormat == RPC_FC_C_WSTRING)
5014 5015
        TRACE("string=%s\n", debugstr_w((WCHAR *)(*ppMemory + pCVStructFormat->memory_size)));

5016 5017 5018 5019 5020 5021 5022 5023 5024 5025
    return NULL;
}

/***********************************************************************
 *           NdrConformantVaryingStructBufferSize [RPCRT4.@]
 */
void WINAPI NdrConformantVaryingStructBufferSize(PMIDL_STUB_MESSAGE pStubMsg,
                                unsigned char *pMemory,
                                PFORMAT_STRING pFormat)
{
5026
    const NDR_CVSTRUCT_FORMAT *pCVStructFormat = (const NDR_CVSTRUCT_FORMAT *)pFormat;
5027 5028 5029 5030 5031 5032 5033 5034 5035 5036 5037 5038
    PFORMAT_STRING pCVArrayFormat;

    TRACE("(%p, %p, %p)\n", pStubMsg, pMemory, pFormat);

    pFormat += sizeof(NDR_CVSTRUCT_FORMAT);
    if (pCVStructFormat->type != RPC_FC_CVSTRUCT)
    {
        ERR("invalid format type %x\n", pCVStructFormat->type);
        RpcRaiseException(RPC_S_INTERNAL_ERROR);
        return;
    }

5039
    pCVArrayFormat = (const unsigned char *)&pCVStructFormat->offset_to_array_description +
5040
        pCVStructFormat->offset_to_array_description;
5041 5042 5043
    array_compute_and_size_conformance(*pCVArrayFormat, pStubMsg,
                                       pMemory + pCVStructFormat->memory_size,
                                       pCVArrayFormat);
5044

5045
    align_length(&pStubMsg->BufferLength, pCVStructFormat->alignment + 1);
5046 5047 5048

    TRACE("memory_size = %d\n", pCVStructFormat->memory_size);

5049
    safe_buffer_length_increment(pStubMsg, pCVStructFormat->memory_size);
5050 5051 5052 5053

    array_buffer_size(*pCVArrayFormat, pStubMsg,
                      pMemory + pCVStructFormat->memory_size, pCVArrayFormat,
                      FALSE /* fHasPointers */);
5054 5055

    EmbeddedPointerBufferSize(pStubMsg, pMemory, pFormat);
5056 5057 5058 5059 5060
}

/***********************************************************************
 *           NdrConformantVaryingStructMemorySize [RPCRT4.@]
 */
5061
ULONG WINAPI NdrConformantVaryingStructMemorySize(PMIDL_STUB_MESSAGE pStubMsg,
5062 5063
                                PFORMAT_STRING pFormat)
{
5064
    const NDR_CVSTRUCT_FORMAT *pCVStructFormat = (const NDR_CVSTRUCT_FORMAT *)pFormat;
5065 5066 5067 5068 5069 5070 5071 5072 5073 5074 5075 5076
    PFORMAT_STRING pCVArrayFormat;

    TRACE("(%p, %p)\n", pStubMsg, pFormat);

    pFormat += sizeof(NDR_CVSTRUCT_FORMAT);
    if (pCVStructFormat->type != RPC_FC_CVSTRUCT)
    {
        ERR("invalid format type %x\n", pCVStructFormat->type);
        RpcRaiseException(RPC_S_INTERNAL_ERROR);
        return 0;
    }

5077
    pCVArrayFormat = (const unsigned char *)&pCVStructFormat->offset_to_array_description +
5078
        pCVStructFormat->offset_to_array_description;
5079
    array_read_conformance(*pCVArrayFormat, pStubMsg, pCVArrayFormat);
5080

5081
    align_pointer(&pStubMsg->Buffer, pCVStructFormat->alignment + 1);
5082 5083 5084

    TRACE("memory_size = %d\n", pCVStructFormat->memory_size);

5085
    safe_buffer_increment(pStubMsg, pCVStructFormat->memory_size);
5086 5087
    array_memory_size(*pCVArrayFormat, pStubMsg, pCVArrayFormat,
                      FALSE /* fHasPointers */);
5088

5089
    pStubMsg->MemorySize += pCVStructFormat->memory_size;
5090 5091 5092

    EmbeddedPointerMemorySize(pStubMsg, pFormat);

5093
    return pStubMsg->MemorySize;
5094 5095 5096 5097 5098 5099 5100 5101 5102
}

/***********************************************************************
 *           NdrConformantVaryingStructFree [RPCRT4.@]
 */
void WINAPI NdrConformantVaryingStructFree(PMIDL_STUB_MESSAGE pStubMsg,
                                unsigned char *pMemory,
                                PFORMAT_STRING pFormat)
{
5103
    const NDR_CVSTRUCT_FORMAT *pCVStructFormat = (const NDR_CVSTRUCT_FORMAT *)pFormat;
5104 5105 5106 5107 5108 5109 5110 5111 5112 5113 5114 5115
    PFORMAT_STRING pCVArrayFormat;

    TRACE("(%p, %p, %p)\n", pStubMsg, pMemory, pFormat);

    pFormat += sizeof(NDR_CVSTRUCT_FORMAT);
    if (pCVStructFormat->type != RPC_FC_CVSTRUCT)
    {
        ERR("invalid format type %x\n", pCVStructFormat->type);
        RpcRaiseException(RPC_S_INTERNAL_ERROR);
        return;
    }

5116
    pCVArrayFormat = (const unsigned char *)&pCVStructFormat->offset_to_array_description +
5117
        pCVStructFormat->offset_to_array_description;
5118 5119 5120
    array_free(*pCVArrayFormat, pStubMsg,
               pMemory + pCVStructFormat->memory_size, pCVArrayFormat,
               FALSE /* fHasPointers */);
5121 5122 5123 5124

    TRACE("memory_size = %d\n", pCVStructFormat->memory_size);

    EmbeddedPointerFree(pStubMsg, pMemory, pFormat);
5125 5126
}

5127
#include "pshpack1.h"
5128 5129 5130 5131 5132 5133 5134 5135 5136 5137 5138
typedef struct
{
    unsigned char type;
    unsigned char alignment;
    unsigned short total_size;
} NDR_SMFARRAY_FORMAT;

typedef struct
{
    unsigned char type;
    unsigned char alignment;
5139
    ULONG total_size;
5140
} NDR_LGFARRAY_FORMAT;
5141
#include "poppack.h"
5142

5143 5144 5145 5146 5147 5148 5149
/***********************************************************************
 *           NdrFixedArrayMarshall [RPCRT4.@]
 */
unsigned char *  WINAPI NdrFixedArrayMarshall(PMIDL_STUB_MESSAGE pStubMsg,
                                unsigned char *pMemory,
                                PFORMAT_STRING pFormat)
{
5150
    const NDR_SMFARRAY_FORMAT *pSmFArrayFormat = (const NDR_SMFARRAY_FORMAT *)pFormat;
5151
    ULONG total_size;
5152 5153 5154 5155 5156 5157 5158 5159 5160 5161 5162

    TRACE("(%p, %p, %p)\n", pStubMsg, pMemory, pFormat);

    if ((pSmFArrayFormat->type != RPC_FC_SMFARRAY) &&
        (pSmFArrayFormat->type != RPC_FC_LGFARRAY))
    {
        ERR("invalid format type %x\n", pSmFArrayFormat->type);
        RpcRaiseException(RPC_S_INTERNAL_ERROR);
        return NULL;
    }

5163
    align_pointer_clear(&pStubMsg->Buffer, pSmFArrayFormat->alignment + 1);
5164 5165 5166 5167

    if (pSmFArrayFormat->type == RPC_FC_SMFARRAY)
    {
        total_size = pSmFArrayFormat->total_size;
5168
        pFormat = (const unsigned char *)(pSmFArrayFormat + 1);
5169 5170 5171 5172 5173
    }
    else
    {
        const NDR_LGFARRAY_FORMAT *pLgFArrayFormat = (const NDR_LGFARRAY_FORMAT *)pFormat;
        total_size = pLgFArrayFormat->total_size;
5174
        pFormat = (const unsigned char *)(pLgFArrayFormat + 1);
5175
    }
5176 5177

    pStubMsg->BufferMark = pStubMsg->Buffer;
5178
    safe_copy_to_buffer(pStubMsg, pMemory, total_size);
5179 5180 5181

    pFormat = EmbeddedPointerMarshall(pStubMsg, pMemory, pFormat);

5182 5183 5184 5185 5186 5187 5188 5189 5190 5191 5192
    return NULL;
}

/***********************************************************************
 *           NdrFixedArrayUnmarshall [RPCRT4.@]
 */
unsigned char *  WINAPI NdrFixedArrayUnmarshall(PMIDL_STUB_MESSAGE pStubMsg,
                                unsigned char **ppMemory,
                                PFORMAT_STRING pFormat,
                                unsigned char fMustAlloc)
{
5193
    const NDR_SMFARRAY_FORMAT *pSmFArrayFormat = (const NDR_SMFARRAY_FORMAT *)pFormat;
5194
    ULONG total_size;
5195
    unsigned char *saved_buffer;
5196 5197 5198 5199 5200 5201 5202 5203 5204 5205 5206

    TRACE("(%p, %p, %p, %d)\n", pStubMsg, ppMemory, pFormat, fMustAlloc);

    if ((pSmFArrayFormat->type != RPC_FC_SMFARRAY) &&
        (pSmFArrayFormat->type != RPC_FC_LGFARRAY))
    {
        ERR("invalid format type %x\n", pSmFArrayFormat->type);
        RpcRaiseException(RPC_S_INTERNAL_ERROR);
        return NULL;
    }

5207
    align_pointer(&pStubMsg->Buffer, pSmFArrayFormat->alignment + 1);
5208 5209 5210 5211

    if (pSmFArrayFormat->type == RPC_FC_SMFARRAY)
    {
        total_size = pSmFArrayFormat->total_size;
5212
        pFormat = (const unsigned char *)(pSmFArrayFormat + 1);
5213 5214 5215 5216 5217
    }
    else
    {
        const NDR_LGFARRAY_FORMAT *pLgFArrayFormat = (const NDR_LGFARRAY_FORMAT *)pFormat;
        total_size = pLgFArrayFormat->total_size;
5218
        pFormat = (const unsigned char *)(pLgFArrayFormat + 1);
5219 5220
    }

5221
    if (fMustAlloc)
5222
        *ppMemory = NdrAllocate(pStubMsg, total_size);
5223 5224 5225 5226 5227 5228 5229 5230 5231 5232
    else
    {
        if (!pStubMsg->IsClient && !*ppMemory)
            /* for servers, we just point straight into the RPC buffer */
            *ppMemory = pStubMsg->Buffer;
    }

    saved_buffer = pStubMsg->BufferMark = pStubMsg->Buffer;
    safe_buffer_increment(pStubMsg, total_size);
    pFormat = EmbeddedPointerUnmarshall(pStubMsg, saved_buffer, *ppMemory, pFormat, fMustAlloc);
5233

5234 5235 5236
    TRACE("copying %p to %p\n", saved_buffer, *ppMemory);
    if (*ppMemory != saved_buffer)
        memcpy(*ppMemory, saved_buffer, total_size);
5237

5238 5239 5240 5241 5242 5243 5244 5245 5246 5247
    return NULL;
}

/***********************************************************************
 *           NdrFixedArrayBufferSize [RPCRT4.@]
 */
void WINAPI NdrFixedArrayBufferSize(PMIDL_STUB_MESSAGE pStubMsg,
                                unsigned char *pMemory,
                                PFORMAT_STRING pFormat)
{
5248
    const NDR_SMFARRAY_FORMAT *pSmFArrayFormat = (const NDR_SMFARRAY_FORMAT *)pFormat;
5249
    ULONG total_size;
5250 5251 5252 5253 5254 5255 5256 5257 5258 5259 5260

    TRACE("(%p, %p, %p)\n", pStubMsg, pMemory, pFormat);

    if ((pSmFArrayFormat->type != RPC_FC_SMFARRAY) &&
        (pSmFArrayFormat->type != RPC_FC_LGFARRAY))
    {
        ERR("invalid format type %x\n", pSmFArrayFormat->type);
        RpcRaiseException(RPC_S_INTERNAL_ERROR);
        return;
    }

5261
    align_length(&pStubMsg->BufferLength, pSmFArrayFormat->alignment + 1);
5262 5263 5264 5265

    if (pSmFArrayFormat->type == RPC_FC_SMFARRAY)
    {
        total_size = pSmFArrayFormat->total_size;
5266
        pFormat = (const unsigned char *)(pSmFArrayFormat + 1);
5267 5268 5269 5270 5271
    }
    else
    {
        const NDR_LGFARRAY_FORMAT *pLgFArrayFormat = (const NDR_LGFARRAY_FORMAT *)pFormat;
        total_size = pLgFArrayFormat->total_size;
5272
        pFormat = (const unsigned char *)(pLgFArrayFormat + 1);
5273
    }
5274
    safe_buffer_length_increment(pStubMsg, total_size);
5275 5276

    EmbeddedPointerBufferSize(pStubMsg, pMemory, pFormat);
5277 5278 5279 5280 5281
}

/***********************************************************************
 *           NdrFixedArrayMemorySize [RPCRT4.@]
 */
5282
ULONG WINAPI NdrFixedArrayMemorySize(PMIDL_STUB_MESSAGE pStubMsg,
5283 5284
                                PFORMAT_STRING pFormat)
{
5285
    const NDR_SMFARRAY_FORMAT *pSmFArrayFormat = (const NDR_SMFARRAY_FORMAT *)pFormat;
5286
    ULONG total_size;
5287 5288 5289 5290 5291 5292 5293 5294 5295 5296 5297

    TRACE("(%p, %p)\n", pStubMsg, pFormat);

    if ((pSmFArrayFormat->type != RPC_FC_SMFARRAY) &&
        (pSmFArrayFormat->type != RPC_FC_LGFARRAY))
    {
        ERR("invalid format type %x\n", pSmFArrayFormat->type);
        RpcRaiseException(RPC_S_INTERNAL_ERROR);
        return 0;
    }

5298
    align_pointer(&pStubMsg->Buffer, pSmFArrayFormat->alignment + 1);
5299 5300 5301 5302

    if (pSmFArrayFormat->type == RPC_FC_SMFARRAY)
    {
        total_size = pSmFArrayFormat->total_size;
5303
        pFormat = (const unsigned char *)(pSmFArrayFormat + 1);
5304 5305 5306 5307 5308
    }
    else
    {
        const NDR_LGFARRAY_FORMAT *pLgFArrayFormat = (const NDR_LGFARRAY_FORMAT *)pFormat;
        total_size = pLgFArrayFormat->total_size;
5309
        pFormat = (const unsigned char *)(pLgFArrayFormat + 1);
5310
    }
5311
    pStubMsg->BufferMark = pStubMsg->Buffer;
5312
    safe_buffer_increment(pStubMsg, total_size);
5313 5314 5315 5316 5317
    pStubMsg->MemorySize += total_size;

    EmbeddedPointerMemorySize(pStubMsg, pFormat);

    return total_size;
5318 5319 5320 5321 5322 5323 5324 5325 5326
}

/***********************************************************************
 *           NdrFixedArrayFree [RPCRT4.@]
 */
void WINAPI NdrFixedArrayFree(PMIDL_STUB_MESSAGE pStubMsg,
                                unsigned char *pMemory,
                                PFORMAT_STRING pFormat)
{
5327 5328 5329 5330 5331 5332 5333 5334 5335 5336 5337 5338 5339
    const NDR_SMFARRAY_FORMAT *pSmFArrayFormat = (const NDR_SMFARRAY_FORMAT *)pFormat;

    TRACE("(%p, %p, %p)\n", pStubMsg, pMemory, pFormat);

    if ((pSmFArrayFormat->type != RPC_FC_SMFARRAY) &&
        (pSmFArrayFormat->type != RPC_FC_LGFARRAY))
    {
        ERR("invalid format type %x\n", pSmFArrayFormat->type);
        RpcRaiseException(RPC_S_INTERNAL_ERROR);
        return;
    }

    if (pSmFArrayFormat->type == RPC_FC_SMFARRAY)
5340
        pFormat = (const unsigned char *)(pSmFArrayFormat + 1);
5341 5342 5343
    else
    {
        const NDR_LGFARRAY_FORMAT *pLgFArrayFormat = (const NDR_LGFARRAY_FORMAT *)pFormat;
5344
        pFormat = (const unsigned char *)(pLgFArrayFormat + 1);
5345 5346 5347
    }

    EmbeddedPointerFree(pStubMsg, pMemory, pFormat);
5348 5349 5350 5351 5352 5353 5354 5355 5356
}

/***********************************************************************
 *           NdrVaryingArrayMarshall [RPCRT4.@]
 */
unsigned char *  WINAPI NdrVaryingArrayMarshall(PMIDL_STUB_MESSAGE pStubMsg,
                                unsigned char *pMemory,
                                PFORMAT_STRING pFormat)
{
5357 5358
    unsigned char alignment;
    DWORD elements, esize;
5359
    ULONG bufsize;
5360 5361 5362 5363 5364 5365 5366 5367 5368 5369 5370 5371 5372 5373 5374 5375 5376 5377 5378 5379 5380 5381 5382 5383 5384 5385 5386 5387 5388 5389 5390 5391 5392 5393 5394 5395 5396 5397 5398 5399 5400

    TRACE("(%p, %p, %p)\n", pStubMsg, pMemory, pFormat);

    if ((pFormat[0] != RPC_FC_SMVARRAY) &&
        (pFormat[0] != RPC_FC_LGVARRAY))
    {
        ERR("invalid format type %x\n", pFormat[0]);
        RpcRaiseException(RPC_S_INTERNAL_ERROR);
        return NULL;
    }

    alignment = pFormat[1] + 1;

    if (pFormat[0] == RPC_FC_SMVARRAY)
    {
        pFormat += 2;
        pFormat += sizeof(WORD);
        elements = *(const WORD*)pFormat;
        pFormat += sizeof(WORD);
    }
    else
    {
        pFormat += 2;
        pFormat += sizeof(DWORD);
        elements = *(const DWORD*)pFormat;
        pFormat += sizeof(DWORD);
    }

    esize = *(const WORD*)pFormat;
    pFormat += sizeof(WORD);

    pFormat = ComputeVariance(pStubMsg, pMemory, pFormat, 0);
    if ((pStubMsg->ActualCount > elements) ||
        (pStubMsg->ActualCount + pStubMsg->Offset > elements))
    {
        RpcRaiseException(RPC_S_INVALID_BOUND);
        return NULL;
    }

    WriteVariance(pStubMsg);

5401
    align_pointer_clear(&pStubMsg->Buffer, alignment);
5402

5403
    bufsize = safe_multiply(esize, pStubMsg->ActualCount);
5404
    pStubMsg->BufferMark = pStubMsg->Buffer;
5405
    safe_copy_to_buffer(pStubMsg, pMemory + pStubMsg->Offset, bufsize);
5406 5407 5408

    EmbeddedPointerMarshall(pStubMsg, pMemory, pFormat);

5409 5410 5411 5412 5413 5414 5415 5416 5417 5418 5419
    return NULL;
}

/***********************************************************************
 *           NdrVaryingArrayUnmarshall [RPCRT4.@]
 */
unsigned char *  WINAPI NdrVaryingArrayUnmarshall(PMIDL_STUB_MESSAGE pStubMsg,
                                unsigned char **ppMemory,
                                PFORMAT_STRING pFormat,
                                unsigned char fMustAlloc)
{
5420 5421
    unsigned char alignment;
    DWORD size, elements, esize;
5422
    ULONG bufsize;
5423 5424
    unsigned char *saved_buffer;
    ULONG offset;
5425 5426 5427 5428 5429 5430 5431 5432 5433 5434 5435 5436 5437 5438 5439 5440 5441 5442 5443 5444 5445 5446 5447 5448 5449 5450 5451 5452 5453 5454 5455 5456 5457

    TRACE("(%p, %p, %p, %d)\n", pStubMsg, ppMemory, pFormat, fMustAlloc);

    if ((pFormat[0] != RPC_FC_SMVARRAY) &&
        (pFormat[0] != RPC_FC_LGVARRAY))
    {
        ERR("invalid format type %x\n", pFormat[0]);
        RpcRaiseException(RPC_S_INTERNAL_ERROR);
        return NULL;
    }

    alignment = pFormat[1] + 1;

    if (pFormat[0] == RPC_FC_SMVARRAY)
    {
        pFormat += 2;
        size = *(const WORD*)pFormat;
        pFormat += sizeof(WORD);
        elements = *(const WORD*)pFormat;
        pFormat += sizeof(WORD);
    }
    else
    {
        pFormat += 2;
        size = *(const DWORD*)pFormat;
        pFormat += sizeof(DWORD);
        elements = *(const DWORD*)pFormat;
        pFormat += sizeof(DWORD);
    }

    esize = *(const WORD*)pFormat;
    pFormat += sizeof(WORD);

5458
    pFormat = ReadVariance(pStubMsg, pFormat, elements);
5459

5460
    align_pointer(&pStubMsg->Buffer, alignment);
5461

5462
    bufsize = safe_multiply(esize, pStubMsg->ActualCount);
5463
    offset = pStubMsg->Offset;
5464

5465 5466 5467
    if (!fMustAlloc && !*ppMemory)
        fMustAlloc = TRUE;
    if (fMustAlloc)
5468
        *ppMemory = NdrAllocate(pStubMsg, size);
5469 5470
    saved_buffer = pStubMsg->BufferMark = pStubMsg->Buffer;
    safe_buffer_increment(pStubMsg, bufsize);
5471

5472 5473 5474
    EmbeddedPointerUnmarshall(pStubMsg, saved_buffer, *ppMemory, pFormat, fMustAlloc);

    memcpy(*ppMemory + offset, saved_buffer, bufsize);
5475

5476 5477 5478 5479 5480 5481 5482 5483 5484 5485
    return NULL;
}

/***********************************************************************
 *           NdrVaryingArrayBufferSize [RPCRT4.@]
 */
void WINAPI NdrVaryingArrayBufferSize(PMIDL_STUB_MESSAGE pStubMsg,
                                unsigned char *pMemory,
                                PFORMAT_STRING pFormat)
{
5486 5487 5488 5489 5490 5491 5492 5493 5494 5495 5496 5497 5498 5499 5500 5501 5502 5503 5504 5505 5506 5507 5508 5509 5510 5511 5512 5513 5514 5515 5516 5517 5518 5519 5520 5521 5522 5523 5524 5525 5526 5527 5528
    unsigned char alignment;
    DWORD elements, esize;

    TRACE("(%p, %p, %p)\n", pStubMsg, pMemory, pFormat);

    if ((pFormat[0] != RPC_FC_SMVARRAY) &&
        (pFormat[0] != RPC_FC_LGVARRAY))
    {
        ERR("invalid format type %x\n", pFormat[0]);
        RpcRaiseException(RPC_S_INTERNAL_ERROR);
        return;
    }

    alignment = pFormat[1] + 1;

    if (pFormat[0] == RPC_FC_SMVARRAY)
    {
        pFormat += 2;
        pFormat += sizeof(WORD);
        elements = *(const WORD*)pFormat;
        pFormat += sizeof(WORD);
    }
    else
    {
        pFormat += 2;
        pFormat += sizeof(DWORD);
        elements = *(const DWORD*)pFormat;
        pFormat += sizeof(DWORD);
    }

    esize = *(const WORD*)pFormat;
    pFormat += sizeof(WORD);

    pFormat = ComputeVariance(pStubMsg, pMemory, pFormat, 0);
    if ((pStubMsg->ActualCount > elements) ||
        (pStubMsg->ActualCount + pStubMsg->Offset > elements))
    {
        RpcRaiseException(RPC_S_INVALID_BOUND);
        return;
    }

    SizeVariance(pStubMsg);

5529
    align_length(&pStubMsg->BufferLength, alignment);
5530

5531
    safe_buffer_length_increment(pStubMsg, safe_multiply(esize, pStubMsg->ActualCount));
5532 5533

    EmbeddedPointerBufferSize(pStubMsg, pMemory, pFormat);
5534 5535 5536 5537 5538
}

/***********************************************************************
 *           NdrVaryingArrayMemorySize [RPCRT4.@]
 */
5539
ULONG WINAPI NdrVaryingArrayMemorySize(PMIDL_STUB_MESSAGE pStubMsg,
5540 5541
                                PFORMAT_STRING pFormat)
{
5542 5543 5544 5545 5546 5547 5548 5549 5550 5551 5552 5553 5554 5555 5556 5557 5558 5559 5560 5561 5562 5563 5564 5565 5566 5567 5568 5569 5570 5571 5572 5573 5574 5575 5576
    unsigned char alignment;
    DWORD size, elements, esize;

    TRACE("(%p, %p)\n", pStubMsg, pFormat);

    if ((pFormat[0] != RPC_FC_SMVARRAY) &&
        (pFormat[0] != RPC_FC_LGVARRAY))
    {
        ERR("invalid format type %x\n", pFormat[0]);
        RpcRaiseException(RPC_S_INTERNAL_ERROR);
        return 0;
    }

    alignment = pFormat[1] + 1;

    if (pFormat[0] == RPC_FC_SMVARRAY)
    {
        pFormat += 2;
        size = *(const WORD*)pFormat;
        pFormat += sizeof(WORD);
        elements = *(const WORD*)pFormat;
        pFormat += sizeof(WORD);
    }
    else
    {
        pFormat += 2;
        size = *(const DWORD*)pFormat;
        pFormat += sizeof(DWORD);
        elements = *(const DWORD*)pFormat;
        pFormat += sizeof(DWORD);
    }

    esize = *(const WORD*)pFormat;
    pFormat += sizeof(WORD);

5577
    pFormat = ReadVariance(pStubMsg, pFormat, elements);
5578

5579
    align_pointer(&pStubMsg->Buffer, alignment);
5580

5581
    safe_buffer_increment(pStubMsg, safe_multiply(esize, pStubMsg->ActualCount));
5582 5583 5584 5585 5586
    pStubMsg->MemorySize += size;

    EmbeddedPointerMemorySize(pStubMsg, pFormat);

    return pStubMsg->MemorySize;
5587 5588 5589 5590 5591 5592 5593 5594 5595
}

/***********************************************************************
 *           NdrVaryingArrayFree [RPCRT4.@]
 */
void WINAPI NdrVaryingArrayFree(PMIDL_STUB_MESSAGE pStubMsg,
                                unsigned char *pMemory,
                                PFORMAT_STRING pFormat)
{
5596 5597 5598 5599 5600 5601 5602 5603 5604 5605 5606 5607 5608 5609 5610 5611 5612 5613 5614 5615 5616 5617 5618 5619 5620 5621 5622 5623 5624 5625 5626 5627 5628 5629 5630 5631 5632 5633
    DWORD elements;

    TRACE("(%p, %p, %p)\n", pStubMsg, pMemory, pFormat);

    if ((pFormat[0] != RPC_FC_SMVARRAY) &&
        (pFormat[0] != RPC_FC_LGVARRAY))
    {
        ERR("invalid format type %x\n", pFormat[0]);
        RpcRaiseException(RPC_S_INTERNAL_ERROR);
        return;
    }

    if (pFormat[0] == RPC_FC_SMVARRAY)
    {
        pFormat += 2;
        pFormat += sizeof(WORD);
        elements = *(const WORD*)pFormat;
        pFormat += sizeof(WORD);
    }
    else
    {
        pFormat += 2;
        pFormat += sizeof(DWORD);
        elements = *(const DWORD*)pFormat;
        pFormat += sizeof(DWORD);
    }

    pFormat += sizeof(WORD);

    pFormat = ComputeVariance(pStubMsg, pMemory, pFormat, 0);
    if ((pStubMsg->ActualCount > elements) ||
        (pStubMsg->ActualCount + pStubMsg->Offset > elements))
    {
        RpcRaiseException(RPC_S_INVALID_BOUND);
        return;
    }

    EmbeddedPointerFree(pStubMsg, pMemory, pFormat);
5634 5635
}

5636
static ULONG get_discriminant(unsigned char fc, const unsigned char *pMemory)
5637
{
5638 5639 5640 5641 5642 5643
    switch (fc)
    {
    case RPC_FC_BYTE:
    case RPC_FC_CHAR:
    case RPC_FC_SMALL:
    case RPC_FC_USMALL:
5644
        return *pMemory;
5645 5646 5647
    case RPC_FC_WCHAR:
    case RPC_FC_SHORT:
    case RPC_FC_USHORT:
5648
    case RPC_FC_ENUM16:
5649
        return *(const USHORT *)pMemory;
5650 5651
    case RPC_FC_LONG:
    case RPC_FC_ULONG:
5652
    case RPC_FC_ENUM32:
5653
        return *(const ULONG *)pMemory;
5654 5655 5656
    case RPC_FC_INT3264:
    case RPC_FC_UINT3264:
        return *(const ULONG_PTR *)pMemory;
5657 5658 5659 5660
    default:
        FIXME("Unhandled base type: 0x%02x\n", fc);
        return 0;
    }
5661 5662
}

5663
static PFORMAT_STRING get_arm_offset_from_union_arm_selector(PMIDL_STUB_MESSAGE pStubMsg,
5664
                                                             ULONG discriminant,
5665 5666 5667 5668 5669 5670 5671 5672 5673 5674 5675 5676 5677 5678 5679 5680 5681 5682 5683 5684 5685 5686
                                                             PFORMAT_STRING pFormat)
{
    unsigned short num_arms, arm, type;

    num_arms = *(const SHORT*)pFormat & 0x0fff;
    pFormat += 2;
    for(arm = 0; arm < num_arms; arm++)
    {
        if(discriminant == *(const ULONG*)pFormat)
        {
            pFormat += 4;
            break;
        }
        pFormat += 6;
    }

    type = *(const unsigned short*)pFormat;
    TRACE("type %04x\n", type);
    if(arm == num_arms) /* default arm extras */
    {
        if(type == 0xffff)
        {
5687
            ERR("no arm for 0x%x and no default case\n", discriminant);
5688
            RpcRaiseException(RPC_S_INVALID_TAG);
5689 5690 5691 5692
            return NULL;
        }
        if(type == 0)
        {
5693
            TRACE("falling back to empty default case for 0x%x\n", discriminant);
5694 5695 5696 5697 5698 5699
            return NULL;
        }
    }
    return pFormat;
}

5700
static unsigned char *union_arm_marshall(PMIDL_STUB_MESSAGE pStubMsg, unsigned char *pMemory, ULONG discriminant, PFORMAT_STRING pFormat)
5701
{
5702 5703
    unsigned short type;

5704
    pFormat += 2;
5705

5706
    pFormat = get_arm_offset_from_union_arm_selector(pStubMsg, discriminant, pFormat);
5707 5708 5709 5710
    if(!pFormat)
        return NULL;

    type = *(const unsigned short*)pFormat;
5711
    if((type & 0xff00) == 0x8000)
5712
    {
5713 5714
        unsigned char basetype = LOBYTE(type);
        return NdrBaseTypeMarshall(pStubMsg, pMemory, &basetype);
5715 5716 5717 5718 5719 5720 5721
    }
    else
    {
        PFORMAT_STRING desc = pFormat + *(const SHORT*)pFormat;
        NDR_MARSHALL m = NdrMarshaller[*desc & NDR_TABLE_MASK];
        if (m)
        {
5722
            unsigned char *saved_buffer = NULL;
5723
            int pointer_buffer_mark_set = 0;
5724 5725 5726 5727 5728 5729
            switch(*desc)
            {
            case RPC_FC_RP:
            case RPC_FC_UP:
            case RPC_FC_OP:
            case RPC_FC_FP:
5730
                align_pointer_clear(&pStubMsg->Buffer, 4);
5731
                saved_buffer = pStubMsg->Buffer;
5732 5733 5734 5735 5736 5737 5738
                if (pStubMsg->PointerBufferMark)
                {
                  pStubMsg->Buffer = pStubMsg->PointerBufferMark;
                  pStubMsg->PointerBufferMark = NULL;
                  pointer_buffer_mark_set = 1;
                }
                else
5739
                  safe_buffer_increment(pStubMsg, 4); /* for pointer ID */
5740

5741
                PointerMarshall(pStubMsg, saved_buffer, *(unsigned char **)pMemory, desc);
5742 5743 5744 5745
                if (pointer_buffer_mark_set)
                {
                  STD_OVERFLOW_CHECK(pStubMsg);
                  pStubMsg->PointerBufferMark = pStubMsg->Buffer;
5746 5747 5748 5749 5750 5751
                  if (saved_buffer + 4 > (unsigned char *)pStubMsg->RpcMsg->Buffer + pStubMsg->BufferLength)
                  {
                      ERR("buffer overflow - saved_buffer = %p, BufferEnd = %p\n",
                          saved_buffer, (unsigned char *)pStubMsg->RpcMsg->Buffer + pStubMsg->BufferLength);
                      RpcRaiseException(RPC_X_BAD_STUB_DATA);
                  }
5752 5753
                  pStubMsg->Buffer = saved_buffer + 4;
                }
5754
                break;
5755 5756
            default:
                m(pStubMsg, pMemory, desc);
5757 5758 5759 5760
            }
        }
        else FIXME("no marshaller for embedded type %02x\n", *desc);
    }
5761 5762 5763
    return NULL;
}

5764
static unsigned char *union_arm_unmarshall(PMIDL_STUB_MESSAGE pStubMsg,
5765
                                unsigned char **ppMemory,
5766
                                ULONG discriminant,
5767 5768 5769
                                PFORMAT_STRING pFormat,
                                unsigned char fMustAlloc)
{
5770
    unsigned short type;
5771 5772 5773 5774 5775 5776 5777 5778

    pFormat += 2;

    pFormat = get_arm_offset_from_union_arm_selector(pStubMsg, discriminant, pFormat);
    if(!pFormat)
        return NULL;

    type = *(const unsigned short*)pFormat;
5779
    if((type & 0xff00) == 0x8000)
5780
    {
5781
        unsigned char basetype = LOBYTE(type);
5782
        return NdrBaseTypeUnmarshall(pStubMsg, ppMemory, &basetype, FALSE);
5783 5784 5785 5786 5787 5788 5789
    }
    else
    {
        PFORMAT_STRING desc = pFormat + *(const SHORT*)pFormat;
        NDR_UNMARSHALL m = NdrUnmarshaller[*desc & NDR_TABLE_MASK];
        if (m)
        {
5790
            unsigned char *saved_buffer = NULL;
5791
            int pointer_buffer_mark_set = 0;
5792 5793 5794 5795 5796 5797
            switch(*desc)
            {
            case RPC_FC_RP:
            case RPC_FC_UP:
            case RPC_FC_OP:
            case RPC_FC_FP:
5798
                align_pointer(&pStubMsg->Buffer, 4);
5799
                saved_buffer = pStubMsg->Buffer;
5800 5801 5802 5803 5804 5805 5806 5807 5808
                if (pStubMsg->PointerBufferMark)
                {
                  pStubMsg->Buffer = pStubMsg->PointerBufferMark;
                  pStubMsg->PointerBufferMark = NULL;
                  pointer_buffer_mark_set = 1;
                }
                else
                  pStubMsg->Buffer += 4; /* for pointer ID */

5809
                if (saved_buffer + 4 > pStubMsg->BufferEnd)
5810 5811 5812
                {
                    ERR("buffer overflow - saved_buffer = %p, BufferEnd = %p\n",
                        saved_buffer, pStubMsg->BufferEnd);
5813
                    RpcRaiseException(RPC_X_BAD_STUB_DATA);
5814
                }
5815

5816
                PointerUnmarshall(pStubMsg, saved_buffer, *(unsigned char ***)ppMemory, **(unsigned char ***)ppMemory, desc, fMustAlloc);
5817 5818 5819 5820 5821 5822
                if (pointer_buffer_mark_set)
                {
                  STD_OVERFLOW_CHECK(pStubMsg);
                  pStubMsg->PointerBufferMark = pStubMsg->Buffer;
                  pStubMsg->Buffer = saved_buffer + 4;
                }
5823
                break;
5824 5825
            default:
                m(pStubMsg, ppMemory, desc, fMustAlloc);
5826 5827 5828 5829
            }
        }
        else FIXME("no marshaller for embedded type %02x\n", *desc);
    }
5830 5831 5832
    return NULL;
}

5833 5834 5835 5836
static void union_arm_buffer_size(PMIDL_STUB_MESSAGE pStubMsg,
                                  unsigned char *pMemory,
                                  ULONG discriminant,
                                  PFORMAT_STRING pFormat)
5837
{
5838
    unsigned short type;
5839

5840
    pFormat += 2;
5841

5842
    pFormat = get_arm_offset_from_union_arm_selector(pStubMsg, discriminant, pFormat);
5843 5844 5845 5846
    if(!pFormat)
        return;

    type = *(const unsigned short*)pFormat;
5847
    if((type & 0xff00) == 0x8000)
5848
    {
5849 5850
        unsigned char basetype = LOBYTE(type);
        NdrBaseTypeBufferSize(pStubMsg, pMemory, &basetype);
5851 5852 5853 5854 5855 5856 5857 5858 5859 5860 5861 5862 5863
    }
    else
    {
        PFORMAT_STRING desc = pFormat + *(const SHORT*)pFormat;
        NDR_BUFFERSIZE m = NdrBufferSizer[*desc & NDR_TABLE_MASK];
        if (m)
        {
            switch(*desc)
            {
            case RPC_FC_RP:
            case RPC_FC_UP:
            case RPC_FC_OP:
            case RPC_FC_FP:
5864
                align_length(&pStubMsg->BufferLength, 4);
5865
                safe_buffer_length_increment(pStubMsg, 4); /* for pointer ID */
5866 5867 5868 5869 5870 5871 5872 5873 5874 5875 5876
                if (!pStubMsg->IgnoreEmbeddedPointers)
                {
                    int saved_buffer_length = pStubMsg->BufferLength;
                    pStubMsg->BufferLength = pStubMsg->PointerLength;
                    pStubMsg->PointerLength = 0;
                    if(!pStubMsg->BufferLength)
                        ERR("BufferLength == 0??\n");
                    PointerBufferSize(pStubMsg, *(unsigned char **)pMemory, desc);
                    pStubMsg->PointerLength = pStubMsg->BufferLength;
                    pStubMsg->BufferLength = saved_buffer_length;
                }
5877
                break;
5878 5879
            default:
                m(pStubMsg, pMemory, desc);
5880 5881 5882 5883
            }
        }
        else FIXME("no buffersizer for embedded type %02x\n", *desc);
    }
5884 5885
}

5886 5887 5888
static ULONG union_arm_memory_size(PMIDL_STUB_MESSAGE pStubMsg,
                                   ULONG discriminant,
                                   PFORMAT_STRING pFormat)
5889
{
5890 5891 5892
    unsigned short type, size;

    size = *(const unsigned short*)pFormat;
5893
    pStubMsg->Memory += size;
5894
    pFormat += 2;
5895 5896 5897 5898 5899 5900 5901 5902 5903 5904

    pFormat = get_arm_offset_from_union_arm_selector(pStubMsg, discriminant, pFormat);
    if(!pFormat)
        return 0;

    type = *(const unsigned short*)pFormat;
    if((type & 0xff00) == 0x8000)
    {
        return NdrBaseTypeMemorySize(pStubMsg, pFormat);
    }
5905
    else
5906 5907 5908 5909 5910 5911 5912 5913 5914 5915 5916 5917
    {
        PFORMAT_STRING desc = pFormat + *(const SHORT*)pFormat;
        NDR_MEMORYSIZE m = NdrMemorySizer[*desc & NDR_TABLE_MASK];
        unsigned char *saved_buffer;
        if (m)
        {
            switch(*desc)
            {
            case RPC_FC_RP:
            case RPC_FC_UP:
            case RPC_FC_OP:
            case RPC_FC_FP:
5918
                align_pointer(&pStubMsg->Buffer, 4);
5919
                saved_buffer = pStubMsg->Buffer;
5920
                safe_buffer_increment(pStubMsg, 4);
5921
                align_length(&pStubMsg->MemorySize, sizeof(void *));
5922
                pStubMsg->MemorySize += sizeof(void *);
5923 5924
                if (!pStubMsg->IgnoreEmbeddedPointers)
                    PointerMemorySize(pStubMsg, saved_buffer, pFormat);
5925 5926 5927 5928 5929 5930 5931
                break;
            default:
                return m(pStubMsg, desc);
            }
        }
        else FIXME("no marshaller for embedded type %02x\n", *desc);
    }
5932

5933 5934
    TRACE("size %d\n", size);
    return size;
5935 5936
}

5937 5938 5939 5940 5941 5942 5943 5944 5945 5946 5947 5948 5949 5950 5951 5952 5953 5954 5955 5956 5957 5958 5959 5960 5961 5962 5963 5964 5965 5966 5967 5968 5969 5970 5971 5972 5973 5974 5975 5976 5977 5978 5979 5980 5981 5982 5983 5984 5985 5986
static void union_arm_free(PMIDL_STUB_MESSAGE pStubMsg,
                           unsigned char *pMemory,
                           ULONG discriminant,
                           PFORMAT_STRING pFormat)
{
    unsigned short type;

    pFormat += 2;

    pFormat = get_arm_offset_from_union_arm_selector(pStubMsg, discriminant, pFormat);
    if(!pFormat)
        return;

    type = *(const unsigned short*)pFormat;
    if((type & 0xff00) != 0x8000)
    {
        PFORMAT_STRING desc = pFormat + *(const SHORT*)pFormat;
        NDR_FREE m = NdrFreer[*desc & NDR_TABLE_MASK];
        if (m)
        {
            switch(*desc)
            {
            case RPC_FC_RP:
            case RPC_FC_UP:
            case RPC_FC_OP:
            case RPC_FC_FP:
                PointerFree(pStubMsg, *(unsigned char **)pMemory, desc);
                break;
            default:
                m(pStubMsg, pMemory, desc);
            }
        }
    }
}

/***********************************************************************
 *           NdrEncapsulatedUnionMarshall [RPCRT4.@]
 */
unsigned char *  WINAPI NdrEncapsulatedUnionMarshall(PMIDL_STUB_MESSAGE pStubMsg,
                                unsigned char *pMemory,
                                PFORMAT_STRING pFormat)
{
    unsigned char switch_type;
    unsigned char increment;
    ULONG switch_value;

    TRACE("(%p, %p, %p)\n", pStubMsg, pMemory, pFormat);
    pFormat++;

    switch_type = *pFormat & 0xf;
5987
    increment = (*pFormat & 0xf0) >> 4;
5988 5989
    pFormat++;

5990
    align_pointer_clear(&pStubMsg->Buffer, increment);
5991 5992 5993 5994 5995 5996 5997 5998 5999 6000 6001 6002 6003 6004 6005 6006 6007 6008 6009 6010 6011 6012 6013 6014 6015 6016 6017 6018

    switch_value = get_discriminant(switch_type, pMemory);
    TRACE("got switch value 0x%x\n", switch_value);

    NdrBaseTypeMarshall(pStubMsg, pMemory, &switch_type);
    pMemory += increment;

    return union_arm_marshall(pStubMsg, pMemory, switch_value, pFormat);
}

/***********************************************************************
 *           NdrEncapsulatedUnionUnmarshall [RPCRT4.@]
 */
unsigned char *  WINAPI NdrEncapsulatedUnionUnmarshall(PMIDL_STUB_MESSAGE pStubMsg,
                                unsigned char **ppMemory,
                                PFORMAT_STRING pFormat,
                                unsigned char fMustAlloc)
{
    unsigned char switch_type;
    unsigned char increment;
    ULONG switch_value;
    unsigned short size;
    unsigned char *pMemoryArm;

    TRACE("(%p, %p, %p, %d)\n", pStubMsg, ppMemory, pFormat, fMustAlloc);
    pFormat++;

    switch_type = *pFormat & 0xf;
6019
    increment = (*pFormat & 0xf0) >> 4;
6020 6021
    pFormat++;

6022
    align_pointer(&pStubMsg->Buffer, increment);
6023 6024 6025 6026
    switch_value = get_discriminant(switch_type, pStubMsg->Buffer);
    TRACE("got switch value 0x%x\n", switch_value);

    size = *(const unsigned short*)pFormat + increment;
6027 6028 6029
    if (!fMustAlloc && !*ppMemory)
        fMustAlloc = TRUE;
    if (fMustAlloc)
6030 6031
        *ppMemory = NdrAllocate(pStubMsg, size);

6032 6033 6034 6035 6036 6037 6038 6039
    /* we can't pass fMustAlloc=TRUE into the marshaller for the arm
     * since the arm is part of the memory block that is encompassed by
     * the whole union. Memory is forced to allocate when pointers
     * are set to NULL, so we emulate that part of fMustAlloc=TRUE by
     * clearing the memory we pass in to the unmarshaller */
    if (fMustAlloc)
        memset(*ppMemory, 0, size);

6040 6041 6042
    NdrBaseTypeUnmarshall(pStubMsg, ppMemory, &switch_type, FALSE);
    pMemoryArm = *ppMemory + increment;

6043
    return union_arm_unmarshall(pStubMsg, &pMemoryArm, switch_value, pFormat, FALSE);
6044 6045 6046 6047 6048 6049 6050 6051 6052 6053 6054 6055 6056 6057 6058 6059 6060
}

/***********************************************************************
 *           NdrEncapsulatedUnionBufferSize [RPCRT4.@]
 */
void WINAPI NdrEncapsulatedUnionBufferSize(PMIDL_STUB_MESSAGE pStubMsg,
                                unsigned char *pMemory,
                                PFORMAT_STRING pFormat)
{
    unsigned char switch_type;
    unsigned char increment;
    ULONG switch_value;

    TRACE("(%p, %p, %p)\n", pStubMsg, pMemory, pFormat);
    pFormat++;

    switch_type = *pFormat & 0xf;
6061
    increment = (*pFormat & 0xf0) >> 4;
6062 6063
    pFormat++;

6064
    align_length(&pStubMsg->BufferLength, increment);
6065
    switch_value = get_discriminant(switch_type, pMemory);
6066 6067 6068 6069 6070 6071 6072 6073 6074 6075 6076 6077 6078 6079 6080 6081 6082 6083 6084 6085
    TRACE("got switch value 0x%x\n", switch_value);

    /* Add discriminant size */
    NdrBaseTypeBufferSize(pStubMsg, (unsigned char *)&switch_value, &switch_type);
    pMemory += increment;

    union_arm_buffer_size(pStubMsg, pMemory, switch_value, pFormat);
}

/***********************************************************************
 *           NdrEncapsulatedUnionMemorySize [RPCRT4.@]
 */
ULONG WINAPI NdrEncapsulatedUnionMemorySize(PMIDL_STUB_MESSAGE pStubMsg,
                                PFORMAT_STRING pFormat)
{
    unsigned char switch_type;
    unsigned char increment;
    ULONG switch_value;

    switch_type = *pFormat & 0xf;
6086
    increment = (*pFormat & 0xf0) >> 4;
6087 6088
    pFormat++;

6089
    align_pointer(&pStubMsg->Buffer, increment);
6090 6091 6092 6093 6094 6095 6096 6097 6098 6099 6100 6101 6102 6103 6104 6105 6106 6107 6108 6109 6110 6111 6112
    switch_value = get_discriminant(switch_type, pStubMsg->Buffer);
    TRACE("got switch value 0x%x\n", switch_value);

    pStubMsg->Memory += increment;

    return increment + union_arm_memory_size(pStubMsg, switch_value, pFormat + *(const SHORT*)pFormat);
}

/***********************************************************************
 *           NdrEncapsulatedUnionFree [RPCRT4.@]
 */
void WINAPI NdrEncapsulatedUnionFree(PMIDL_STUB_MESSAGE pStubMsg,
                                unsigned char *pMemory,
                                PFORMAT_STRING pFormat)
{
    unsigned char switch_type;
    unsigned char increment;
    ULONG switch_value;

    TRACE("(%p, %p, %p)\n", pStubMsg, pMemory, pFormat);
    pFormat++;

    switch_type = *pFormat & 0xf;
6113
    increment = (*pFormat & 0xf0) >> 4;
6114 6115 6116 6117 6118 6119 6120
    pFormat++;

    switch_value = get_discriminant(switch_type, pMemory);
    TRACE("got switch value 0x%x\n", switch_value);

    pMemory += increment;

6121
    union_arm_free(pStubMsg, pMemory, switch_value, pFormat);
6122 6123 6124 6125 6126 6127 6128 6129 6130 6131 6132 6133 6134 6135 6136 6137 6138 6139 6140 6141 6142 6143 6144 6145 6146
}

/***********************************************************************
 *           NdrNonEncapsulatedUnionMarshall [RPCRT4.@]
 */
unsigned char *  WINAPI NdrNonEncapsulatedUnionMarshall(PMIDL_STUB_MESSAGE pStubMsg,
                                unsigned char *pMemory,
                                PFORMAT_STRING pFormat)
{
    unsigned char switch_type;

    TRACE("(%p, %p, %p)\n", pStubMsg, pMemory, pFormat);
    pFormat++;

    switch_type = *pFormat;
    pFormat++;

    pFormat = ComputeConformance(pStubMsg, pMemory, pFormat, 0);
    TRACE("got switch value 0x%lx\n", pStubMsg->MaxCount);
    /* Marshall discriminant */
    NdrBaseTypeMarshall(pStubMsg, (unsigned char *)&pStubMsg->MaxCount, &switch_type);

    return union_arm_marshall(pStubMsg, pMemory, pStubMsg->MaxCount, pFormat + *(const SHORT*)pFormat);
}

6147
static LONG unmarshall_discriminant(PMIDL_STUB_MESSAGE pStubMsg,
6148 6149
                                    PFORMAT_STRING *ppFormat)
{
6150
    LONG discriminant = 0;
6151 6152 6153 6154 6155 6156 6157

    switch(**ppFormat)
    {
    case RPC_FC_BYTE:
    case RPC_FC_CHAR:
    case RPC_FC_SMALL:
    case RPC_FC_USMALL:
6158 6159
    {
        UCHAR d;
6160
        safe_copy_from_buffer(pStubMsg, &d, sizeof(d));
6161
        discriminant = d;
6162
        break;
6163
    }
6164 6165 6166
    case RPC_FC_WCHAR:
    case RPC_FC_SHORT:
    case RPC_FC_USHORT:
6167
    case RPC_FC_ENUM16:
6168 6169
    {
        USHORT d;
6170
        align_pointer(&pStubMsg->Buffer, sizeof(USHORT));
6171
        safe_copy_from_buffer(pStubMsg, &d, sizeof(d));
6172
        discriminant = d;
6173
        break;
6174
    }
6175 6176
    case RPC_FC_LONG:
    case RPC_FC_ULONG:
6177 6178
    {
        ULONG d;
6179
        align_pointer(&pStubMsg->Buffer, sizeof(ULONG));
6180
        safe_copy_from_buffer(pStubMsg, &d, sizeof(d));
6181
        discriminant = d;
6182
        break;
6183
    }
6184 6185 6186 6187 6188 6189 6190 6191 6192 6193 6194 6195 6196 6197 6198 6199 6200 6201 6202 6203
    default:
        FIXME("Unhandled base type: 0x%02x\n", **ppFormat);
    }
    (*ppFormat)++;

    if (pStubMsg->fHasNewCorrDesc)
        *ppFormat += 6;
    else
        *ppFormat += 4;
    return discriminant;
}

/**********************************************************************
 *           NdrNonEncapsulatedUnionUnmarshall [RPCRT4.@]
 */
unsigned char *  WINAPI NdrNonEncapsulatedUnionUnmarshall(PMIDL_STUB_MESSAGE pStubMsg,
                                unsigned char **ppMemory,
                                PFORMAT_STRING pFormat,
                                unsigned char fMustAlloc)
{
6204
    LONG discriminant;
6205 6206 6207 6208 6209 6210 6211
    unsigned short size;

    TRACE("(%p, %p, %p, %d)\n", pStubMsg, ppMemory, pFormat, fMustAlloc);
    pFormat++;

    /* Unmarshall discriminant */
    discriminant = unmarshall_discriminant(pStubMsg, &pFormat);
6212
    TRACE("unmarshalled discriminant %x\n", discriminant);
6213 6214 6215 6216 6217

    pFormat += *(const SHORT*)pFormat;

    size = *(const unsigned short*)pFormat;

6218 6219 6220
    if (!fMustAlloc && !*ppMemory)
        fMustAlloc = TRUE;
    if (fMustAlloc)
6221 6222
        *ppMemory = NdrAllocate(pStubMsg, size);

6223 6224 6225 6226 6227 6228 6229 6230 6231
    /* we can't pass fMustAlloc=TRUE into the marshaller for the arm
     * since the arm is part of the memory block that is encompassed by
     * the whole union. Memory is forced to allocate when pointers
     * are set to NULL, so we emulate that part of fMustAlloc=TRUE by
     * clearing the memory we pass in to the unmarshaller */
    if (fMustAlloc)
        memset(*ppMemory, 0, size);

    return union_arm_unmarshall(pStubMsg, ppMemory, discriminant, pFormat, FALSE);
6232 6233 6234 6235 6236 6237 6238 6239 6240 6241 6242 6243 6244 6245 6246 6247 6248 6249 6250 6251 6252 6253 6254 6255 6256 6257 6258 6259 6260 6261 6262 6263 6264 6265 6266 6267 6268 6269 6270 6271 6272
}

/***********************************************************************
 *           NdrNonEncapsulatedUnionBufferSize [RPCRT4.@]
 */
void WINAPI NdrNonEncapsulatedUnionBufferSize(PMIDL_STUB_MESSAGE pStubMsg,
                                unsigned char *pMemory,
                                PFORMAT_STRING pFormat)
{
    unsigned char switch_type;

    TRACE("(%p, %p, %p)\n", pStubMsg, pMemory, pFormat);
    pFormat++;

    switch_type = *pFormat;
    pFormat++;

    pFormat = ComputeConformance(pStubMsg, pMemory, pFormat, 0);
    TRACE("got switch value 0x%lx\n", pStubMsg->MaxCount);
    /* Add discriminant size */
    NdrBaseTypeBufferSize(pStubMsg, (unsigned char *)&pStubMsg->MaxCount, &switch_type);

    union_arm_buffer_size(pStubMsg, pMemory, pStubMsg->MaxCount, pFormat + *(const SHORT*)pFormat);
}

/***********************************************************************
 *           NdrNonEncapsulatedUnionMemorySize [RPCRT4.@]
 */
ULONG WINAPI NdrNonEncapsulatedUnionMemorySize(PMIDL_STUB_MESSAGE pStubMsg,
                                PFORMAT_STRING pFormat)
{
    ULONG discriminant;

    pFormat++;
    /* Unmarshall discriminant */
    discriminant = unmarshall_discriminant(pStubMsg, &pFormat);
    TRACE("unmarshalled discriminant 0x%x\n", discriminant);

    return union_arm_memory_size(pStubMsg, discriminant, pFormat + *(const SHORT*)pFormat);
}

6273 6274 6275 6276 6277 6278 6279
/***********************************************************************
 *           NdrNonEncapsulatedUnionFree [RPCRT4.@]
 */
void WINAPI NdrNonEncapsulatedUnionFree(PMIDL_STUB_MESSAGE pStubMsg,
                                unsigned char *pMemory,
                                PFORMAT_STRING pFormat)
{
6280 6281 6282 6283 6284 6285 6286
    TRACE("(%p, %p, %p)\n", pStubMsg, pMemory, pFormat);
    pFormat++;
    pFormat++;

    pFormat = ComputeConformance(pStubMsg, pMemory, pFormat, 0);
    TRACE("got switch value 0x%lx\n", pStubMsg->MaxCount);

6287
    union_arm_free(pStubMsg, pMemory, pStubMsg->MaxCount, pFormat + *(const SHORT*)pFormat);
6288 6289 6290 6291 6292 6293 6294 6295 6296 6297 6298 6299 6300 6301 6302 6303 6304 6305 6306 6307 6308 6309 6310 6311 6312 6313 6314 6315 6316 6317 6318 6319 6320 6321 6322 6323
}

/***********************************************************************
 *           NdrByteCountPointerMarshall [RPCRT4.@]
 */
unsigned char *  WINAPI NdrByteCountPointerMarshall(PMIDL_STUB_MESSAGE pStubMsg,
                                unsigned char *pMemory,
                                PFORMAT_STRING pFormat)
{
    FIXME("stub\n");
    return NULL;
}

/***********************************************************************
 *           NdrByteCountPointerUnmarshall [RPCRT4.@]
 */
unsigned char *  WINAPI NdrByteCountPointerUnmarshall(PMIDL_STUB_MESSAGE pStubMsg,
                                unsigned char **ppMemory,
                                PFORMAT_STRING pFormat,
                                unsigned char fMustAlloc)
{
    FIXME("stub\n");
    return NULL;
}

/***********************************************************************
 *           NdrByteCountPointerBufferSize [RPCRT4.@]
 */
void WINAPI NdrByteCountPointerBufferSize(PMIDL_STUB_MESSAGE pStubMsg,
                                unsigned char *pMemory,
                                PFORMAT_STRING pFormat)
{
    FIXME("stub\n");
}

/***********************************************************************
6324
 *           NdrByteCountPointerMemorySize [internal]
6325
 */
6326 6327
static ULONG WINAPI NdrByteCountPointerMemorySize(PMIDL_STUB_MESSAGE pStubMsg,
                                                  PFORMAT_STRING pFormat)
6328 6329 6330 6331 6332 6333 6334 6335 6336 6337 6338 6339 6340 6341 6342 6343 6344 6345 6346 6347 6348 6349 6350 6351 6352 6353 6354 6355 6356 6357 6358 6359 6360 6361 6362 6363 6364 6365 6366 6367 6368 6369 6370 6371 6372 6373 6374 6375 6376 6377 6378
{
    FIXME("stub\n");
    return 0;
}

/***********************************************************************
 *           NdrByteCountPointerFree [RPCRT4.@]
 */
void WINAPI NdrByteCountPointerFree(PMIDL_STUB_MESSAGE pStubMsg,
                                unsigned char *pMemory,
                                PFORMAT_STRING pFormat)
{
    FIXME("stub\n");
}

/***********************************************************************
 *           NdrXmitOrRepAsMarshall [RPCRT4.@]
 */
unsigned char *  WINAPI NdrXmitOrRepAsMarshall(PMIDL_STUB_MESSAGE pStubMsg,
                                unsigned char *pMemory,
                                PFORMAT_STRING pFormat)
{
    FIXME("stub\n");
    return NULL;
}

/***********************************************************************
 *           NdrXmitOrRepAsUnmarshall [RPCRT4.@]
 */
unsigned char *  WINAPI NdrXmitOrRepAsUnmarshall(PMIDL_STUB_MESSAGE pStubMsg,
                                unsigned char **ppMemory,
                                PFORMAT_STRING pFormat,
                                unsigned char fMustAlloc)
{
    FIXME("stub\n");
    return NULL;
}

/***********************************************************************
 *           NdrXmitOrRepAsBufferSize [RPCRT4.@]
 */
void WINAPI NdrXmitOrRepAsBufferSize(PMIDL_STUB_MESSAGE pStubMsg,
                                unsigned char *pMemory,
                                PFORMAT_STRING pFormat)
{
    FIXME("stub\n");
}

/***********************************************************************
 *           NdrXmitOrRepAsMemorySize [RPCRT4.@]
 */
6379
ULONG WINAPI NdrXmitOrRepAsMemorySize(PMIDL_STUB_MESSAGE pStubMsg,
6380 6381 6382 6383 6384 6385 6386 6387 6388 6389 6390 6391 6392 6393 6394 6395
                                PFORMAT_STRING pFormat)
{
    FIXME("stub\n");
    return 0;
}

/***********************************************************************
 *           NdrXmitOrRepAsFree [RPCRT4.@]
 */
void WINAPI NdrXmitOrRepAsFree(PMIDL_STUB_MESSAGE pStubMsg,
                                unsigned char *pMemory,
                                PFORMAT_STRING pFormat)
{
    FIXME("stub\n");
}

6396 6397 6398
/***********************************************************************
 *           NdrRangeMarshall [internal]
 */
6399
static unsigned char *WINAPI NdrRangeMarshall(
6400 6401 6402 6403
    PMIDL_STUB_MESSAGE pStubMsg,
    unsigned char *pMemory,
    PFORMAT_STRING pFormat)
{
6404
    const NDR_RANGE *pRange = (const NDR_RANGE *)pFormat;
6405 6406 6407 6408 6409 6410 6411 6412 6413 6414 6415 6416 6417 6418 6419 6420 6421
    unsigned char base_type;

    TRACE("pStubMsg %p, pMemory %p, type 0x%02x\n", pStubMsg, pMemory, *pFormat);

    if (pRange->type != RPC_FC_RANGE)
    {
        ERR("invalid format type %x\n", pRange->type);
        RpcRaiseException(RPC_S_INTERNAL_ERROR);
        return NULL;
    }

    base_type = pRange->flags_type & 0xf;

    return NdrBaseTypeMarshall(pStubMsg, pMemory, &base_type);
}

/***********************************************************************
6422
 *           NdrRangeUnmarshall [RPCRT4.@]
6423 6424 6425 6426 6427 6428 6429
 */
unsigned char *WINAPI NdrRangeUnmarshall(
    PMIDL_STUB_MESSAGE pStubMsg,
    unsigned char **ppMemory,
    PFORMAT_STRING pFormat,
    unsigned char fMustAlloc)
{
6430
    const NDR_RANGE *pRange = (const NDR_RANGE *)pFormat;
6431 6432 6433 6434 6435 6436 6437 6438 6439 6440 6441 6442 6443 6444 6445
    unsigned char base_type;

    TRACE("pStubMsg: %p, ppMemory: %p, type: 0x%02x, fMustAlloc: %s\n", pStubMsg, ppMemory, *pFormat, fMustAlloc ? "true" : "false");

    if (pRange->type != RPC_FC_RANGE)
    {
        ERR("invalid format type %x\n", pRange->type);
        RpcRaiseException(RPC_S_INTERNAL_ERROR);
        return NULL;
    }
    base_type = pRange->flags_type & 0xf;

    TRACE("base_type = 0x%02x, low_value = %d, high_value = %d\n",
        base_type, pRange->low_value, pRange->high_value);

6446
#define RANGE_UNMARSHALL(mem_type, wire_type, format_spec) \
6447 6448
    do \
    { \
6449
        align_pointer(&pStubMsg->Buffer, sizeof(wire_type)); \
6450 6451 6452
        if (!fMustAlloc && !*ppMemory) \
            fMustAlloc = TRUE; \
        if (fMustAlloc) \
6453 6454
            *ppMemory = NdrAllocate(pStubMsg, sizeof(mem_type)); \
        if (pStubMsg->Buffer + sizeof(wire_type) > pStubMsg->BufferEnd) \
6455 6456 6457 6458 6459
        { \
            ERR("buffer overflow - Buffer = %p, BufferEnd = %p\n", \
                pStubMsg->Buffer, (unsigned char *)pStubMsg->RpcMsg->Buffer + pStubMsg->BufferLength); \
            RpcRaiseException(RPC_X_BAD_STUB_DATA); \
        } \
6460 6461
        if ((*(wire_type *)pStubMsg->Buffer < (mem_type)pRange->low_value) || \
            (*(wire_type *)pStubMsg->Buffer > (mem_type)pRange->high_value)) \
6462 6463
        { \
            ERR("value exceeded bounds: " format_spec ", low: " format_spec ", high: " format_spec "\n", \
6464 6465
                *(wire_type *)pStubMsg->Buffer, (mem_type)pRange->low_value, \
                (mem_type)pRange->high_value); \
6466 6467 6468 6469
            RpcRaiseException(RPC_S_INVALID_BOUND); \
            return NULL; \
        } \
        TRACE("*ppMemory: %p\n", *ppMemory); \
6470 6471
        **(mem_type **)ppMemory = *(wire_type *)pStubMsg->Buffer; \
        pStubMsg->Buffer += sizeof(wire_type); \
6472 6473 6474 6475 6476 6477
    } while (0)

    switch(base_type)
    {
    case RPC_FC_CHAR:
    case RPC_FC_SMALL:
6478
        RANGE_UNMARSHALL(UCHAR, UCHAR, "%d");
6479
        TRACE("value: 0x%02x\n", **ppMemory);
6480 6481 6482
        break;
    case RPC_FC_BYTE:
    case RPC_FC_USMALL:
6483
        RANGE_UNMARSHALL(CHAR, CHAR, "%u");
6484
        TRACE("value: 0x%02x\n", **ppMemory);
6485 6486 6487
        break;
    case RPC_FC_WCHAR: /* FIXME: valid? */
    case RPC_FC_USHORT:
6488
        RANGE_UNMARSHALL(USHORT, USHORT, "%u");
6489 6490 6491
        TRACE("value: 0x%04x\n", **(USHORT **)ppMemory);
        break;
    case RPC_FC_SHORT:
6492
        RANGE_UNMARSHALL(SHORT, SHORT, "%d");
6493 6494 6495
        TRACE("value: 0x%04x\n", **(USHORT **)ppMemory);
        break;
    case RPC_FC_LONG:
6496 6497
    case RPC_FC_ENUM32:
        RANGE_UNMARSHALL(LONG, LONG, "%d");
6498 6499 6500
        TRACE("value: 0x%08x\n", **(ULONG **)ppMemory);
        break;
    case RPC_FC_ULONG:
6501
        RANGE_UNMARSHALL(ULONG, ULONG, "%u");
6502 6503 6504
        TRACE("value: 0x%08x\n", **(ULONG **)ppMemory);
        break;
    case RPC_FC_ENUM16:
6505 6506
        RANGE_UNMARSHALL(UINT, USHORT, "%u");
        TRACE("value: 0x%08x\n", **(UINT **)ppMemory);
6507 6508 6509 6510 6511 6512 6513 6514 6515 6516 6517 6518 6519 6520 6521
        break;
    case RPC_FC_FLOAT:
    case RPC_FC_DOUBLE:
    case RPC_FC_HYPER:
    default:
        ERR("invalid range base type: 0x%02x\n", base_type);
        RpcRaiseException(RPC_S_INTERNAL_ERROR);
    }

    return NULL;
}

/***********************************************************************
 *           NdrRangeBufferSize [internal]
 */
6522
static void WINAPI NdrRangeBufferSize(
6523 6524 6525 6526
    PMIDL_STUB_MESSAGE pStubMsg,
    unsigned char *pMemory,
    PFORMAT_STRING pFormat)
{
6527
    const NDR_RANGE *pRange = (const NDR_RANGE *)pFormat;
6528 6529 6530 6531 6532 6533 6534 6535 6536 6537 6538 6539 6540 6541 6542 6543 6544
    unsigned char base_type;

    TRACE("pStubMsg %p, pMemory %p, type 0x%02x\n", pStubMsg, pMemory, *pFormat);

    if (pRange->type != RPC_FC_RANGE)
    {
        ERR("invalid format type %x\n", pRange->type);
        RpcRaiseException(RPC_S_INTERNAL_ERROR);
    }
    base_type = pRange->flags_type & 0xf;

    NdrBaseTypeBufferSize(pStubMsg, pMemory, &base_type);
}

/***********************************************************************
 *           NdrRangeMemorySize [internal]
 */
6545
static ULONG WINAPI NdrRangeMemorySize(
6546 6547 6548
    PMIDL_STUB_MESSAGE pStubMsg,
    PFORMAT_STRING pFormat)
{
6549
    const NDR_RANGE *pRange = (const NDR_RANGE *)pFormat;
6550 6551 6552 6553 6554 6555 6556 6557 6558 6559 6560 6561 6562 6563 6564 6565
    unsigned char base_type;

    if (pRange->type != RPC_FC_RANGE)
    {
        ERR("invalid format type %x\n", pRange->type);
        RpcRaiseException(RPC_S_INTERNAL_ERROR);
        return 0;
    }
    base_type = pRange->flags_type & 0xf;

    return NdrBaseTypeMemorySize(pStubMsg, &base_type);
}

/***********************************************************************
 *           NdrRangeFree [internal]
 */
6566
static void WINAPI NdrRangeFree(PMIDL_STUB_MESSAGE pStubMsg,
6567 6568 6569 6570 6571 6572 6573 6574
                                unsigned char *pMemory,
                                PFORMAT_STRING pFormat)
{
   TRACE("pStubMsg %p pMemory %p type 0x%02x\n", pStubMsg, pMemory, *pFormat);

   /* nothing to do */
}

6575 6576 6577 6578 6579 6580 6581 6582 6583 6584 6585 6586 6587 6588 6589 6590
/***********************************************************************
 *           NdrBaseTypeMarshall [internal]
 */
static unsigned char *WINAPI NdrBaseTypeMarshall(
    PMIDL_STUB_MESSAGE pStubMsg,
    unsigned char *pMemory,
    PFORMAT_STRING pFormat)
{
    TRACE("pStubMsg %p, pMemory %p, type 0x%02x\n", pStubMsg, pMemory, *pFormat);

    switch(*pFormat)
    {
    case RPC_FC_BYTE:
    case RPC_FC_CHAR:
    case RPC_FC_SMALL:
    case RPC_FC_USMALL:
6591
        safe_copy_to_buffer(pStubMsg, pMemory, sizeof(UCHAR));
6592
        TRACE("value: 0x%02x\n", *pMemory);
6593 6594 6595 6596
        break;
    case RPC_FC_WCHAR:
    case RPC_FC_SHORT:
    case RPC_FC_USHORT:
6597
        align_pointer_clear(&pStubMsg->Buffer, sizeof(USHORT));
6598
        safe_copy_to_buffer(pStubMsg, pMemory, sizeof(USHORT));
6599 6600 6601 6602 6603
        TRACE("value: 0x%04x\n", *(USHORT *)pMemory);
        break;
    case RPC_FC_LONG:
    case RPC_FC_ULONG:
    case RPC_FC_ERROR_STATUS_T:
6604
    case RPC_FC_ENUM32:
6605
        align_pointer_clear(&pStubMsg->Buffer, sizeof(ULONG));
6606
        safe_copy_to_buffer(pStubMsg, pMemory, sizeof(ULONG));
6607
        TRACE("value: 0x%08x\n", *(ULONG *)pMemory);
6608 6609
        break;
    case RPC_FC_FLOAT:
6610
        align_pointer_clear(&pStubMsg->Buffer, sizeof(float));
6611
        safe_copy_to_buffer(pStubMsg, pMemory, sizeof(float));
6612 6613
        break;
    case RPC_FC_DOUBLE:
6614
        align_pointer_clear(&pStubMsg->Buffer, sizeof(double));
6615
        safe_copy_to_buffer(pStubMsg, pMemory, sizeof(double));
6616 6617
        break;
    case RPC_FC_HYPER:
6618
        align_pointer_clear(&pStubMsg->Buffer, sizeof(ULONGLONG));
6619
        safe_copy_to_buffer(pStubMsg, pMemory, sizeof(ULONGLONG));
6620 6621 6622
        TRACE("value: %s\n", wine_dbgstr_longlong(*(ULONGLONG*)pMemory));
        break;
    case RPC_FC_ENUM16:
6623 6624
    {
        USHORT val = *(UINT *)pMemory;
6625
        /* only 16-bits on the wire, so do a sanity check */
6626
        if (*(UINT *)pMemory > SHRT_MAX)
6627
            RpcRaiseException(RPC_X_ENUM_VALUE_OUT_OF_RANGE);
6628
        align_pointer_clear(&pStubMsg->Buffer, sizeof(USHORT));
6629
        safe_copy_to_buffer(pStubMsg, &val, sizeof(val));
6630 6631
        TRACE("value: 0x%04x\n", *(UINT *)pMemory);
        break;
6632
    }
6633 6634 6635 6636 6637 6638 6639 6640
    case RPC_FC_INT3264:
    case RPC_FC_UINT3264:
    {
        UINT val = *(UINT_PTR *)pMemory;
        align_pointer_clear(&pStubMsg->Buffer, sizeof(UINT));
        safe_copy_to_buffer(pStubMsg, &val, sizeof(val));
        break;
    }
6641 6642
    case RPC_FC_IGNORE:
        break;
6643 6644 6645 6646 6647 6648 6649 6650 6651 6652 6653 6654 6655 6656 6657 6658 6659 6660 6661
    default:
        FIXME("Unhandled base type: 0x%02x\n", *pFormat);
    }

    /* FIXME: what is the correct return value? */
    return NULL;
}

/***********************************************************************
 *           NdrBaseTypeUnmarshall [internal]
 */
static unsigned char *WINAPI NdrBaseTypeUnmarshall(
    PMIDL_STUB_MESSAGE pStubMsg,
    unsigned char **ppMemory,
    PFORMAT_STRING pFormat,
    unsigned char fMustAlloc)
{
    TRACE("pStubMsg: %p, ppMemory: %p, type: 0x%02x, fMustAlloc: %s\n", pStubMsg, ppMemory, *pFormat, fMustAlloc ? "true" : "false");

6662
#define BASE_TYPE_UNMARSHALL(type) do { \
6663
        align_pointer(&pStubMsg->Buffer, sizeof(type)); \
6664 6665 6666 6667
        if (!fMustAlloc && !pStubMsg->IsClient && !*ppMemory) \
        { \
            *ppMemory = pStubMsg->Buffer; \
            TRACE("*ppMemory: %p\n", *ppMemory); \
6668
            safe_buffer_increment(pStubMsg, sizeof(type)); \
6669 6670 6671 6672 6673 6674
        } \
        else \
        {  \
            if (fMustAlloc) \
                *ppMemory = NdrAllocate(pStubMsg, sizeof(type)); \
            TRACE("*ppMemory: %p\n", *ppMemory); \
6675
            safe_copy_from_buffer(pStubMsg, *ppMemory, sizeof(type)); \
6676 6677
        } \
    } while (0)
6678

6679 6680 6681 6682 6683 6684
    switch(*pFormat)
    {
    case RPC_FC_BYTE:
    case RPC_FC_CHAR:
    case RPC_FC_SMALL:
    case RPC_FC_USMALL:
6685
        BASE_TYPE_UNMARSHALL(UCHAR);
6686
        TRACE("value: 0x%02x\n", **ppMemory);
6687 6688 6689 6690
        break;
    case RPC_FC_WCHAR:
    case RPC_FC_SHORT:
    case RPC_FC_USHORT:
6691
        BASE_TYPE_UNMARSHALL(USHORT);
6692 6693 6694 6695 6696
        TRACE("value: 0x%04x\n", **(USHORT **)ppMemory);
        break;
    case RPC_FC_LONG:
    case RPC_FC_ULONG:
    case RPC_FC_ERROR_STATUS_T:
6697
    case RPC_FC_ENUM32:
6698
        BASE_TYPE_UNMARSHALL(ULONG);
6699
        TRACE("value: 0x%08x\n", **(ULONG **)ppMemory);
6700 6701
        break;
   case RPC_FC_FLOAT:
6702
        BASE_TYPE_UNMARSHALL(float);
6703 6704 6705
        TRACE("value: %f\n", **(float **)ppMemory);
        break;
    case RPC_FC_DOUBLE:
6706
        BASE_TYPE_UNMARSHALL(double);
6707 6708 6709
        TRACE("value: %f\n", **(double **)ppMemory);
        break;
    case RPC_FC_HYPER:
6710
        BASE_TYPE_UNMARSHALL(ULONGLONG);
6711 6712 6713
        TRACE("value: %s\n", wine_dbgstr_longlong(**(ULONGLONG **)ppMemory));
        break;
    case RPC_FC_ENUM16:
6714 6715
    {
        USHORT val;
6716
        align_pointer(&pStubMsg->Buffer, sizeof(USHORT));
6717 6718 6719
        if (!fMustAlloc && !*ppMemory)
            fMustAlloc = TRUE;
        if (fMustAlloc)
6720
            *ppMemory = NdrAllocate(pStubMsg, sizeof(UINT));
6721
        safe_copy_from_buffer(pStubMsg, &val, sizeof(USHORT));
6722
        /* 16-bits on the wire, but int in memory */
6723
        **(UINT **)ppMemory = val;
6724 6725
        TRACE("value: 0x%08x\n", **(UINT **)ppMemory);
        break;
6726
    }
6727 6728 6729 6730 6731 6732 6733 6734 6735 6736 6737 6738 6739 6740 6741 6742 6743 6744 6745 6746 6747 6748 6749 6750 6751 6752 6753 6754 6755 6756
    case RPC_FC_INT3264:
        if (sizeof(INT_PTR) == sizeof(INT)) BASE_TYPE_UNMARSHALL(INT);
        else
        {
            INT val;
            align_pointer(&pStubMsg->Buffer, sizeof(INT));
            if (!fMustAlloc && !*ppMemory)
                fMustAlloc = TRUE;
            if (fMustAlloc)
                *ppMemory = NdrAllocate(pStubMsg, sizeof(INT_PTR));
            safe_copy_from_buffer(pStubMsg, &val, sizeof(INT));
            **(INT_PTR **)ppMemory = val;
            TRACE("value: 0x%08lx\n", **(INT_PTR **)ppMemory);
        }
        break;
    case RPC_FC_UINT3264:
        if (sizeof(UINT_PTR) == sizeof(UINT)) BASE_TYPE_UNMARSHALL(UINT);
        else
        {
            UINT val;
            align_pointer(&pStubMsg->Buffer, sizeof(UINT));
            if (!fMustAlloc && !*ppMemory)
                fMustAlloc = TRUE;
            if (fMustAlloc)
                *ppMemory = NdrAllocate(pStubMsg, sizeof(UINT_PTR));
            safe_copy_from_buffer(pStubMsg, &val, sizeof(UINT));
            **(UINT_PTR **)ppMemory = val;
            TRACE("value: 0x%08lx\n", **(UINT_PTR **)ppMemory);
        }
        break;
6757 6758
    case RPC_FC_IGNORE:
        break;
6759 6760 6761
    default:
        FIXME("Unhandled base type: 0x%02x\n", *pFormat);
    }
6762
#undef BASE_TYPE_UNMARSHALL
6763 6764 6765 6766 6767 6768 6769 6770 6771 6772 6773 6774 6775 6776 6777 6778 6779 6780 6781 6782 6783 6784

    /* FIXME: what is the correct return value? */

    return NULL;
}

/***********************************************************************
 *           NdrBaseTypeBufferSize [internal]
 */
static void WINAPI NdrBaseTypeBufferSize(
    PMIDL_STUB_MESSAGE pStubMsg,
    unsigned char *pMemory,
    PFORMAT_STRING pFormat)
{
    TRACE("pStubMsg %p, pMemory %p, type 0x%02x\n", pStubMsg, pMemory, *pFormat);

    switch(*pFormat)
    {
    case RPC_FC_BYTE:
    case RPC_FC_CHAR:
    case RPC_FC_SMALL:
    case RPC_FC_USMALL:
6785
        safe_buffer_length_increment(pStubMsg, sizeof(UCHAR));
6786 6787 6788 6789
        break;
    case RPC_FC_WCHAR:
    case RPC_FC_SHORT:
    case RPC_FC_USHORT:
6790
    case RPC_FC_ENUM16:
6791
        align_length(&pStubMsg->BufferLength, sizeof(USHORT));
6792
        safe_buffer_length_increment(pStubMsg, sizeof(USHORT));
6793 6794 6795
        break;
    case RPC_FC_LONG:
    case RPC_FC_ULONG:
6796
    case RPC_FC_ENUM32:
6797 6798
    case RPC_FC_INT3264:
    case RPC_FC_UINT3264:
6799
        align_length(&pStubMsg->BufferLength, sizeof(ULONG));
6800
        safe_buffer_length_increment(pStubMsg, sizeof(ULONG));
6801 6802
        break;
    case RPC_FC_FLOAT:
6803
        align_length(&pStubMsg->BufferLength, sizeof(float));
6804
        safe_buffer_length_increment(pStubMsg, sizeof(float));
6805 6806
        break;
    case RPC_FC_DOUBLE:
6807
        align_length(&pStubMsg->BufferLength, sizeof(double));
6808
        safe_buffer_length_increment(pStubMsg, sizeof(double));
6809 6810
        break;
    case RPC_FC_HYPER:
6811
        align_length(&pStubMsg->BufferLength, sizeof(ULONGLONG));
6812
        safe_buffer_length_increment(pStubMsg, sizeof(ULONGLONG));
6813 6814
        break;
    case RPC_FC_ERROR_STATUS_T:
6815
        align_length(&pStubMsg->BufferLength, sizeof(error_status_t));
6816
        safe_buffer_length_increment(pStubMsg, sizeof(error_status_t));
6817
        break;
6818 6819
    case RPC_FC_IGNORE:
        break;
6820 6821 6822 6823 6824 6825 6826 6827
    default:
        FIXME("Unhandled base type: 0x%02x\n", *pFormat);
    }
}

/***********************************************************************
 *           NdrBaseTypeMemorySize [internal]
 */
6828
static ULONG WINAPI NdrBaseTypeMemorySize(
6829 6830 6831
    PMIDL_STUB_MESSAGE pStubMsg,
    PFORMAT_STRING pFormat)
{
6832 6833
    TRACE("pStubMsg %p, type 0x%02x\n", pStubMsg, *pFormat);

6834 6835 6836 6837 6838 6839
    switch(*pFormat)
    {
    case RPC_FC_BYTE:
    case RPC_FC_CHAR:
    case RPC_FC_SMALL:
    case RPC_FC_USMALL:
6840
        safe_buffer_increment(pStubMsg, sizeof(UCHAR));
6841
        pStubMsg->MemorySize += sizeof(UCHAR);
6842 6843 6844 6845
        return sizeof(UCHAR);
    case RPC_FC_WCHAR:
    case RPC_FC_SHORT:
    case RPC_FC_USHORT:
6846
        align_pointer(&pStubMsg->Buffer, sizeof(USHORT));
6847
        safe_buffer_increment(pStubMsg, sizeof(USHORT));
6848
        align_length(&pStubMsg->MemorySize, sizeof(USHORT));
6849
        pStubMsg->MemorySize += sizeof(USHORT);
6850 6851 6852
        return sizeof(USHORT);
    case RPC_FC_LONG:
    case RPC_FC_ULONG:
6853
    case RPC_FC_ENUM32:
6854
        align_pointer(&pStubMsg->Buffer, sizeof(ULONG));
6855
        safe_buffer_increment(pStubMsg, sizeof(ULONG));
6856
        align_length(&pStubMsg->MemorySize, sizeof(ULONG));
6857
        pStubMsg->MemorySize += sizeof(ULONG);
6858 6859
        return sizeof(ULONG);
    case RPC_FC_FLOAT:
6860
        align_pointer(&pStubMsg->Buffer, sizeof(float));
6861
        safe_buffer_increment(pStubMsg, sizeof(float));
6862
        align_length(&pStubMsg->MemorySize, sizeof(float));
6863
        pStubMsg->MemorySize += sizeof(float);
6864 6865
        return sizeof(float);
    case RPC_FC_DOUBLE:
6866
        align_pointer(&pStubMsg->Buffer, sizeof(double));
6867
        safe_buffer_increment(pStubMsg, sizeof(double));
6868
        align_length(&pStubMsg->MemorySize, sizeof(double));
6869
        pStubMsg->MemorySize += sizeof(double);
6870 6871
        return sizeof(double);
    case RPC_FC_HYPER:
6872
        align_pointer(&pStubMsg->Buffer, sizeof(ULONGLONG));
6873
        safe_buffer_increment(pStubMsg, sizeof(ULONGLONG));
6874
        align_length(&pStubMsg->MemorySize, sizeof(ULONGLONG));
6875
        pStubMsg->MemorySize += sizeof(ULONGLONG);
6876 6877
        return sizeof(ULONGLONG);
    case RPC_FC_ERROR_STATUS_T:
6878
        align_pointer(&pStubMsg->Buffer, sizeof(error_status_t));
6879
        safe_buffer_increment(pStubMsg, sizeof(error_status_t));
6880
        align_length(&pStubMsg->MemorySize, sizeof(error_status_t));
6881
        pStubMsg->MemorySize += sizeof(error_status_t);
6882 6883
        return sizeof(error_status_t);
    case RPC_FC_ENUM16:
6884
        align_pointer(&pStubMsg->Buffer, sizeof(USHORT));
6885
        safe_buffer_increment(pStubMsg, sizeof(USHORT));
6886
        align_length(&pStubMsg->MemorySize, sizeof(UINT));
6887 6888
        pStubMsg->MemorySize += sizeof(UINT);
        return sizeof(UINT);
6889 6890 6891 6892 6893 6894 6895
    case RPC_FC_INT3264:
    case RPC_FC_UINT3264:
        align_pointer(&pStubMsg->Buffer, sizeof(UINT));
        safe_buffer_increment(pStubMsg, sizeof(UINT));
        align_length(&pStubMsg->MemorySize, sizeof(UINT_PTR));
        pStubMsg->MemorySize += sizeof(UINT_PTR);
        return sizeof(UINT_PTR);
6896
    case RPC_FC_IGNORE:
6897
        align_length(&pStubMsg->MemorySize, sizeof(void *));
6898 6899
        pStubMsg->MemorySize += sizeof(void *);
        return sizeof(void *);
6900 6901 6902 6903 6904 6905 6906 6907 6908 6909 6910 6911 6912 6913 6914 6915 6916 6917
    default:
        FIXME("Unhandled base type: 0x%02x\n", *pFormat);
       return 0;
    }
}

/***********************************************************************
 *           NdrBaseTypeFree [internal]
 */
static void WINAPI NdrBaseTypeFree(PMIDL_STUB_MESSAGE pStubMsg,
                                unsigned char *pMemory,
                                PFORMAT_STRING pFormat)
{
   TRACE("pStubMsg %p pMemory %p type 0x%02x\n", pStubMsg, pMemory, *pFormat);

   /* nothing to do */
}

6918 6919 6920 6921 6922 6923 6924 6925 6926 6927 6928 6929 6930 6931 6932
/***********************************************************************
 *           NdrContextHandleBufferSize [internal]
 */
static void WINAPI NdrContextHandleBufferSize(
    PMIDL_STUB_MESSAGE pStubMsg,
    unsigned char *pMemory,
    PFORMAT_STRING pFormat)
{
    TRACE("pStubMsg %p, pMemory %p, type 0x%02x\n", pStubMsg, pMemory, *pFormat);

    if (*pFormat != RPC_FC_BIND_CONTEXT)
    {
        ERR("invalid format type %x\n", *pFormat);
        RpcRaiseException(RPC_S_INTERNAL_ERROR);
    }
6933
    align_length(&pStubMsg->BufferLength, 4);
6934
    safe_buffer_length_increment(pStubMsg, cbNDRContext);
6935 6936 6937 6938 6939 6940 6941 6942 6943 6944 6945 6946 6947 6948 6949 6950 6951
}

/***********************************************************************
 *           NdrContextHandleMarshall [internal]
 */
static unsigned char *WINAPI NdrContextHandleMarshall(
    PMIDL_STUB_MESSAGE pStubMsg,
    unsigned char *pMemory,
    PFORMAT_STRING pFormat)
{
    TRACE("pStubMsg %p, pMemory %p, type 0x%02x\n", pStubMsg, pMemory, *pFormat);

    if (*pFormat != RPC_FC_BIND_CONTEXT)
    {
        ERR("invalid format type %x\n", *pFormat);
        RpcRaiseException(RPC_S_INTERNAL_ERROR);
    }
6952
    TRACE("flags: 0x%02x\n", pFormat[1]);
6953

6954 6955 6956 6957 6958 6959 6960
    if (pStubMsg->IsClient)
    {
        if (pFormat[1] & HANDLE_PARAM_IS_VIA_PTR)
            NdrClientContextMarshall(pStubMsg, *(NDR_CCONTEXT **)pMemory, FALSE);
        else
            NdrClientContextMarshall(pStubMsg, pMemory, FALSE);
    }
6961
    else
6962 6963 6964 6965 6966
    {
        NDR_SCONTEXT ctxt = NDRSContextFromValue(pMemory);
        NDR_RUNDOWN rundown = pStubMsg->StubDesc->apfnNdrRundownRoutines[pFormat[2]];
        NdrServerContextNewMarshall(pStubMsg, ctxt, rundown, pFormat);
    }
6967 6968 6969 6970 6971 6972 6973 6974 6975 6976 6977 6978 6979

    return NULL;
}

/***********************************************************************
 *           NdrContextHandleUnmarshall [internal]
 */
static unsigned char *WINAPI NdrContextHandleUnmarshall(
    PMIDL_STUB_MESSAGE pStubMsg,
    unsigned char **ppMemory,
    PFORMAT_STRING pFormat,
    unsigned char fMustAlloc)
{
6980 6981 6982
    TRACE("pStubMsg %p, ppMemory %p, pFormat %p, fMustAlloc %s\n", pStubMsg,
        ppMemory, pFormat, fMustAlloc ? "TRUE": "FALSE");

6983 6984 6985 6986 6987
    if (*pFormat != RPC_FC_BIND_CONTEXT)
    {
        ERR("invalid format type %x\n", *pFormat);
        RpcRaiseException(RPC_S_INTERNAL_ERROR);
    }
6988
    TRACE("flags: 0x%02x\n", pFormat[1]);
6989

6990 6991 6992 6993 6994 6995 6996 6997 6998 6999 7000 7001 7002 7003 7004 7005
    if (pStubMsg->IsClient)
    {
        /* [out]-only or [ret] param */
        if ((pFormat[1] & (HANDLE_PARAM_IS_IN|HANDLE_PARAM_IS_OUT)) == HANDLE_PARAM_IS_OUT)
            **(NDR_CCONTEXT **)ppMemory = NULL;
        NdrClientContextUnmarshall(pStubMsg, *(NDR_CCONTEXT **)ppMemory, pStubMsg->RpcMsg->Handle);
    }
    else
    {
        NDR_SCONTEXT ctxt;
        ctxt = NdrServerContextNewUnmarshall(pStubMsg, pFormat);
        if (pFormat[1] & HANDLE_PARAM_IS_VIA_PTR)
            *(void **)ppMemory = NDRSContextValue(ctxt);
        else
            *(void **)ppMemory = *NDRSContextValue(ctxt);
    }
7006

7007
    return NULL;
7008 7009
}

7010
/***********************************************************************
7011
 *           NdrClientContextMarshall [RPCRT4.@]
7012
 */
7013 7014 7015
void WINAPI NdrClientContextMarshall(PMIDL_STUB_MESSAGE pStubMsg,
                                     NDR_CCONTEXT ContextHandle,
                                     int fCheck)
7016
{
7017 7018
    TRACE("(%p, %p, %d)\n", pStubMsg, ContextHandle, fCheck);

7019
    align_pointer_clear(&pStubMsg->Buffer, 4);
7020

7021 7022 7023 7024 7025 7026 7027
    if (pStubMsg->Buffer + cbNDRContext > (unsigned char *)pStubMsg->RpcMsg->Buffer + pStubMsg->BufferLength)
    {
        ERR("buffer overflow - Buffer = %p, BufferEnd = %p\n",
            pStubMsg->Buffer, (unsigned char *)pStubMsg->RpcMsg->Buffer + pStubMsg->BufferLength);
        RpcRaiseException(RPC_X_BAD_STUB_DATA);
    }

7028
    /* FIXME: what does fCheck do? */
7029 7030 7031 7032
    NDRCContextMarshall(ContextHandle,
                        pStubMsg->Buffer);

    pStubMsg->Buffer += cbNDRContext;
7033 7034 7035
}

/***********************************************************************
7036
 *           NdrClientContextUnmarshall [RPCRT4.@]
7037
 */
7038 7039 7040
void WINAPI NdrClientContextUnmarshall(PMIDL_STUB_MESSAGE pStubMsg,
                                       NDR_CCONTEXT * pContextHandle,
                                       RPC_BINDING_HANDLE BindHandle)
7041
{
7042 7043
    TRACE("(%p, %p, %p)\n", pStubMsg, pContextHandle, BindHandle);

7044
    align_pointer(&pStubMsg->Buffer, 4);
7045

7046 7047 7048
    if (pStubMsg->Buffer + cbNDRContext > pStubMsg->BufferEnd)
        RpcRaiseException(RPC_X_BAD_STUB_DATA);

7049 7050 7051 7052 7053 7054
    NDRCContextUnmarshall(pContextHandle,
                          BindHandle,
                          pStubMsg->Buffer,
                          pStubMsg->RpcMsg->DataRepresentation);

    pStubMsg->Buffer += cbNDRContext;
7055 7056 7057 7058
}

void WINAPI NdrServerContextMarshall(PMIDL_STUB_MESSAGE pStubMsg,
                                     NDR_SCONTEXT ContextHandle,
7059
                                     NDR_RUNDOWN RundownRoutine )
7060
{
7061 7062
    TRACE("(%p, %p, %p)\n", pStubMsg, ContextHandle, RundownRoutine);

7063
    align_pointer(&pStubMsg->Buffer, 4);
7064 7065 7066 7067 7068 7069 7070 7071 7072

    if (pStubMsg->Buffer + cbNDRContext > (unsigned char *)pStubMsg->RpcMsg->Buffer + pStubMsg->BufferLength)
    {
        ERR("buffer overflow - Buffer = %p, BufferEnd = %p\n",
            pStubMsg->Buffer, (unsigned char *)pStubMsg->RpcMsg->Buffer + pStubMsg->BufferLength);
        RpcRaiseException(RPC_X_BAD_STUB_DATA);
    }

    NDRSContextMarshall2(pStubMsg->RpcMsg->Handle, ContextHandle,
7073 7074
                         pStubMsg->Buffer, RundownRoutine, NULL,
                         RPC_CONTEXT_HANDLE_DEFAULT_FLAGS);
7075
    pStubMsg->Buffer += cbNDRContext;
7076 7077 7078 7079
}

NDR_SCONTEXT WINAPI NdrServerContextUnmarshall(PMIDL_STUB_MESSAGE pStubMsg)
{
7080 7081 7082 7083
    NDR_SCONTEXT ContextHandle;

    TRACE("(%p)\n", pStubMsg);

7084
    align_pointer(&pStubMsg->Buffer, 4);
7085 7086 7087 7088 7089 7090 7091 7092 7093 7094 7095

    if (pStubMsg->Buffer + cbNDRContext > (unsigned char *)pStubMsg->RpcMsg->Buffer + pStubMsg->BufferLength)
    {
        ERR("buffer overflow - Buffer = %p, BufferEnd = %p\n",
            pStubMsg->Buffer, (unsigned char *)pStubMsg->RpcMsg->Buffer + pStubMsg->BufferLength);
        RpcRaiseException(RPC_X_BAD_STUB_DATA);
    }

    ContextHandle = NDRSContextUnmarshall2(pStubMsg->RpcMsg->Handle,
                                           pStubMsg->Buffer,
                                           pStubMsg->RpcMsg->DataRepresentation,
7096
                                           NULL, RPC_CONTEXT_HANDLE_DEFAULT_FLAGS);
7097 7098 7099
    pStubMsg->Buffer += cbNDRContext;

    return ContextHandle;
7100 7101 7102 7103 7104 7105 7106 7107 7108 7109 7110 7111
}

void WINAPI NdrContextHandleSize(PMIDL_STUB_MESSAGE pStubMsg,
                                 unsigned char* pMemory,
                                 PFORMAT_STRING pFormat)
{
    FIXME("(%p, %p, %p): stub\n", pStubMsg, pMemory, pFormat);
}

NDR_SCONTEXT WINAPI NdrContextHandleInitialize(PMIDL_STUB_MESSAGE pStubMsg,
                                               PFORMAT_STRING pFormat)
{
7112
    RPC_SYNTAX_IDENTIFIER *if_id = NULL;
7113
    ULONG flags = RPC_CONTEXT_HANDLE_DEFAULT_FLAGS;
7114

7115
    TRACE("(%p, %p)\n", pStubMsg, pFormat);
7116

7117 7118 7119 7120
    if (pFormat[1] & NDR_CONTEXT_HANDLE_SERIALIZE)
        flags |= RPC_CONTEXT_HANDLE_SERIALIZE;
    if (pFormat[1] & NDR_CONTEXT_HANDLE_NO_SERIALIZE)
        flags |= RPC_CONTEXT_HANDLE_DONT_SERIALIZE;
7121 7122 7123 7124 7125 7126
    if (pFormat[1] & NDR_STRICT_CONTEXT_HANDLE)
    {
        RPC_SERVER_INTERFACE *sif = pStubMsg->StubDesc->RpcInterfaceInformation;
        if_id = &sif->InterfaceId;
    }

7127
    return NDRSContextUnmarshall2(pStubMsg->RpcMsg->Handle, NULL,
7128 7129
                                  pStubMsg->RpcMsg->DataRepresentation, if_id,
                                  flags);
7130 7131 7132 7133 7134 7135 7136
}

void WINAPI NdrServerContextNewMarshall(PMIDL_STUB_MESSAGE pStubMsg,
                                        NDR_SCONTEXT ContextHandle,
                                        NDR_RUNDOWN RundownRoutine,
                                        PFORMAT_STRING pFormat)
{
7137
    RPC_SYNTAX_IDENTIFIER *if_id = NULL;
7138
    ULONG flags = RPC_CONTEXT_HANDLE_DEFAULT_FLAGS;
7139

7140 7141
    TRACE("(%p, %p, %p, %p)\n", pStubMsg, ContextHandle, RundownRoutine, pFormat);

7142
    align_pointer(&pStubMsg->Buffer, 4);
7143 7144 7145 7146 7147 7148 7149 7150

    if (pStubMsg->Buffer + cbNDRContext > (unsigned char *)pStubMsg->RpcMsg->Buffer + pStubMsg->BufferLength)
    {
        ERR("buffer overflow - Buffer = %p, BufferEnd = %p\n",
            pStubMsg->Buffer, (unsigned char *)pStubMsg->RpcMsg->Buffer + pStubMsg->BufferLength);
        RpcRaiseException(RPC_X_BAD_STUB_DATA);
    }

7151 7152 7153 7154
    if (pFormat[1] & NDR_CONTEXT_HANDLE_SERIALIZE)
        flags |= RPC_CONTEXT_HANDLE_SERIALIZE;
    if (pFormat[1] & NDR_CONTEXT_HANDLE_NO_SERIALIZE)
        flags |= RPC_CONTEXT_HANDLE_DONT_SERIALIZE;
7155 7156 7157 7158 7159 7160
    if (pFormat[1] & NDR_STRICT_CONTEXT_HANDLE)
    {
        RPC_SERVER_INTERFACE *sif = pStubMsg->StubDesc->RpcInterfaceInformation;
        if_id = &sif->InterfaceId;
    }

7161
    NDRSContextMarshall2(pStubMsg->RpcMsg->Handle, ContextHandle,
7162
                          pStubMsg->Buffer, RundownRoutine, if_id, flags);
7163
    pStubMsg->Buffer += cbNDRContext;
7164 7165 7166 7167 7168
}

NDR_SCONTEXT WINAPI NdrServerContextNewUnmarshall(PMIDL_STUB_MESSAGE pStubMsg,
                                                  PFORMAT_STRING pFormat)
{
7169
    NDR_SCONTEXT ContextHandle;
7170
    RPC_SYNTAX_IDENTIFIER *if_id = NULL;
7171
    ULONG flags = RPC_CONTEXT_HANDLE_DEFAULT_FLAGS;
7172 7173 7174

    TRACE("(%p, %p)\n", pStubMsg, pFormat);

7175
    align_pointer(&pStubMsg->Buffer, 4);
7176 7177 7178 7179 7180 7181 7182 7183

    if (pStubMsg->Buffer + cbNDRContext > (unsigned char *)pStubMsg->RpcMsg->Buffer + pStubMsg->BufferLength)
    {
        ERR("buffer overflow - Buffer = %p, BufferEnd = %p\n",
            pStubMsg->Buffer, (unsigned char *)pStubMsg->RpcMsg->Buffer + pStubMsg->BufferLength);
        RpcRaiseException(RPC_X_BAD_STUB_DATA);
    }

7184 7185 7186 7187
    if (pFormat[1] & NDR_CONTEXT_HANDLE_SERIALIZE)
        flags |= RPC_CONTEXT_HANDLE_SERIALIZE;
    if (pFormat[1] & NDR_CONTEXT_HANDLE_NO_SERIALIZE)
        flags |= RPC_CONTEXT_HANDLE_DONT_SERIALIZE;
7188 7189 7190 7191 7192 7193
    if (pFormat[1] & NDR_STRICT_CONTEXT_HANDLE)
    {
        RPC_SERVER_INTERFACE *sif = pStubMsg->StubDesc->RpcInterfaceInformation;
        if_id = &sif->InterfaceId;
    }

7194 7195 7196
    ContextHandle = NDRSContextUnmarshall2(pStubMsg->RpcMsg->Handle,
                                           pStubMsg->Buffer,
                                           pStubMsg->RpcMsg->DataRepresentation,
7197
                                           if_id, flags);
7198 7199 7200
    pStubMsg->Buffer += cbNDRContext;

    return ContextHandle;
7201
}
7202 7203 7204 7205 7206 7207 7208 7209 7210 7211 7212 7213 7214 7215 7216 7217 7218 7219 7220 7221 7222 7223 7224 7225 7226 7227 7228 7229 7230 7231 7232 7233 7234 7235 7236 7237 7238 7239 7240 7241 7242 7243 7244 7245 7246 7247 7248 7249 7250 7251 7252 7253 7254

/***********************************************************************
 *           NdrCorrelationInitialize [RPCRT4.@]
 *
 * Initializes correlation validity checking.
 *
 * PARAMS
 *  pStubMsg    [I] MIDL_STUB_MESSAGE used during unmarshalling.
 *  pMemory     [I] Pointer to memory to use as a cache.
 *  CacheSize   [I] Size of the memory pointed to by pMemory.
 *  Flags       [I] Reserved. Set to zero.
 *
 * RETURNS
 *  Nothing.
 */
void WINAPI NdrCorrelationInitialize(PMIDL_STUB_MESSAGE pStubMsg, void *pMemory, ULONG CacheSize, ULONG Flags)
{
    FIXME("(%p, %p, %d, 0x%x): stub\n", pStubMsg, pMemory, CacheSize, Flags);
    pStubMsg->fHasNewCorrDesc = TRUE;
}

/***********************************************************************
 *           NdrCorrelationPass [RPCRT4.@]
 *
 * Performs correlation validity checking.
 *
 * PARAMS
 *  pStubMsg    [I] MIDL_STUB_MESSAGE used during unmarshalling.
 *
 * RETURNS
 *  Nothing.
 */
void WINAPI NdrCorrelationPass(PMIDL_STUB_MESSAGE pStubMsg)
{
    FIXME("(%p): stub\n", pStubMsg);
}

/***********************************************************************
 *           NdrCorrelationFree [RPCRT4.@]
 *
 * Frees any resources used while unmarshalling parameters that need
 * correlation validity checking.
 *
 * PARAMS
 *  pStubMsg    [I] MIDL_STUB_MESSAGE used during unmarshalling.
 *
 * RETURNS
 *  Nothing.
 */
void WINAPI NdrCorrelationFree(PMIDL_STUB_MESSAGE pStubMsg)
{
    FIXME("(%p): stub\n", pStubMsg);
}