Commit 620d7836 authored by Rob Shearman's avatar Rob Shearman Committed by Alexandre Julliard

rpcrt4: Don't reserve space in the buffer for reference pointers embedded in complex types.

Ref pointers don't need a pointer ID and reserving space would render the code incompatible with other clients. Note that the pointer marshalling/unmarshalling functions didn't actually read/write pointer IDs to/from the reserved space in the buffer.
parent 5887be57
......@@ -2253,6 +2253,8 @@ static unsigned char * ComplexMarshall(PMIDL_STUB_MESSAGE pStubMsg,
unsigned char *saved_buffer;
int pointer_buffer_mark_set = 0;
TRACE("pointer=%p <= %p\n", *(unsigned char**)pMemory, pMemory);
TRACE("pStubMsg->Buffer before %p\n", pStubMsg->Buffer);
if (*pPointer != RPC_FC_RP)
ALIGN_POINTER_CLEAR(pStubMsg->Buffer, 4);
saved_buffer = pStubMsg->Buffer;
if (pStubMsg->PointerBufferMark)
......@@ -2261,21 +2263,18 @@ static unsigned char * ComplexMarshall(PMIDL_STUB_MESSAGE pStubMsg,
pStubMsg->PointerBufferMark = NULL;
pointer_buffer_mark_set = 1;
}
else
else if (*pPointer != RPC_FC_RP)
safe_buffer_increment(pStubMsg, 4); /* for pointer ID */
PointerMarshall(pStubMsg, saved_buffer, *(unsigned char**)pMemory, pPointer);
if (pointer_buffer_mark_set)
{
STD_OVERFLOW_CHECK(pStubMsg);
pStubMsg->PointerBufferMark = pStubMsg->Buffer;
if (saved_buffer + 4 > (unsigned char *)pStubMsg->RpcMsg->Buffer + pStubMsg->BufferLength)
{
ERR("buffer overflow - saved_buffer = %p, BufferEnd = %p\n",
saved_buffer, (unsigned char *)pStubMsg->RpcMsg->Buffer + pStubMsg->BufferLength);
RpcRaiseException(RPC_X_BAD_STUB_DATA);
}
pStubMsg->Buffer = saved_buffer + 4;
pStubMsg->Buffer = saved_buffer;
if (*pPointer != RPC_FC_RP)
safe_buffer_increment(pStubMsg, 4); /* for pointer ID */
}
TRACE("pStubMsg->Buffer after %p\n", pStubMsg->Buffer);
pPointer += 4;
pMemory += 4;
break;
......@@ -2380,6 +2379,7 @@ static unsigned char * ComplexUnmarshall(PMIDL_STUB_MESSAGE pStubMsg,
unsigned char *saved_buffer;
int pointer_buffer_mark_set = 0;
TRACE("pointer => %p\n", pMemory);
if (*pPointer != RPC_FC_RP)
ALIGN_POINTER(pStubMsg->Buffer, 4);
saved_buffer = pStubMsg->Buffer;
if (pStubMsg->PointerBufferMark)
......@@ -2388,7 +2388,7 @@ static unsigned char * ComplexUnmarshall(PMIDL_STUB_MESSAGE pStubMsg,
pStubMsg->PointerBufferMark = NULL;
pointer_buffer_mark_set = 1;
}
else
else if (*pPointer != RPC_FC_RP)
safe_buffer_increment(pStubMsg, 4); /* for pointer ID */
PointerUnmarshall(pStubMsg, saved_buffer, (unsigned char**)pMemory, *(unsigned char**)pMemory, pPointer, fMustAlloc);
......@@ -2396,13 +2396,9 @@ static unsigned char * ComplexUnmarshall(PMIDL_STUB_MESSAGE pStubMsg,
{
STD_OVERFLOW_CHECK(pStubMsg);
pStubMsg->PointerBufferMark = pStubMsg->Buffer;
if (saved_buffer + 4 > (unsigned char *)pStubMsg->RpcMsg->Buffer + pStubMsg->BufferLength)
{
ERR("buffer overflow - saved_buffer = %p, BufferEnd = %p\n",
saved_buffer, (unsigned char *)pStubMsg->RpcMsg->Buffer + pStubMsg->BufferLength);
RpcRaiseException(RPC_X_BAD_STUB_DATA);
}
pStubMsg->Buffer = saved_buffer + 4;
pStubMsg->Buffer = saved_buffer;
if (*pPointer != RPC_FC_RP)
safe_buffer_increment(pStubMsg, 4); /* for pointer ID */
}
pPointer += 4;
pMemory += 4;
......@@ -2507,7 +2503,11 @@ static unsigned char * ComplexBufferSize(PMIDL_STUB_MESSAGE pStubMsg,
pStubMsg->PointerLength = pStubMsg->BufferLength;
pStubMsg->BufferLength = saved_buffer_length;
}
if (*pPointer != RPC_FC_RP)
{
ALIGN_LENGTH(pStubMsg->BufferLength, 4);
safe_buffer_length_increment(pStubMsg, 4);
}
pPointer += 4;
pMemory += 4;
break;
......@@ -2680,6 +2680,7 @@ static unsigned long ComplexStructMemorySize(PMIDL_STUB_MESSAGE pStubMsg,
{
unsigned char *saved_buffer;
int pointer_buffer_mark_set = 0;
if (*pPointer != RPC_FC_RP)
ALIGN_POINTER(pStubMsg->Buffer, 4);
saved_buffer = pStubMsg->Buffer;
if (pStubMsg->PointerBufferMark)
......@@ -2688,7 +2689,7 @@ static unsigned long ComplexStructMemorySize(PMIDL_STUB_MESSAGE pStubMsg,
pStubMsg->PointerBufferMark = NULL;
pointer_buffer_mark_set = 1;
}
else
else if (*pPointer != RPC_FC_RP)
safe_buffer_increment(pStubMsg, 4); /* for pointer ID */
if (!pStubMsg->IgnoreEmbeddedPointers)
......@@ -2697,13 +2698,9 @@ static unsigned long ComplexStructMemorySize(PMIDL_STUB_MESSAGE pStubMsg,
{
STD_OVERFLOW_CHECK(pStubMsg);
pStubMsg->PointerBufferMark = pStubMsg->Buffer;
if (saved_buffer + 4 > (unsigned char *)pStubMsg->RpcMsg->Buffer + pStubMsg->BufferLength)
{
ERR("buffer overflow - saved_buffer = %p, BufferEnd = %p\n",
saved_buffer, (unsigned char *)pStubMsg->RpcMsg->Buffer + pStubMsg->BufferLength);
RpcRaiseException(RPC_X_BAD_STUB_DATA);
}
pStubMsg->Buffer = saved_buffer + 4;
pStubMsg->Buffer = saved_buffer;
if (*pPointer != RPC_FC_RP)
safe_buffer_increment(pStubMsg, 4); /* for pointer ID */
}
pPointer += 4;
size += 4;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment