Skip to content

W
wine-winehq
Commit 71d663f1 authored by Nikolay Sivov's avatar Nikolay Sivov Committed by Alexandre Julliard
Browse files
Options

rpcrt4: Return buffer size directly to avoid accessing implementation fields.

parent e7a608a4
Hide whitespace changes
Inline Side-by-side
Showing with 10 additions and 6 deletions
dlls/rpcrt4/ndr_ole.c
View file @ 71d663f1
...@@ -212,21 +212,23 @@ static const IStreamVtbl RpcStream_Vtbl = ...@@ -212,21 +212,23 @@ static const IStreamVtbl RpcStream_Vtbl =
NULL /* Clone */ NULL /* Clone */
}; };
static HRESULT RpcStream_Create(PMIDL_STUB_MESSAGE pStubMsg, BOOL init, IStream **stream) static HRESULT RpcStream_Create(PMIDL_STUB_MESSAGE pStubMsg, BOOL init, ULONG *size, IStream **stream)
{ {
RpcStreamImpl *This; RpcStreamImpl *This;
*stream = NULL; *stream = NULL;
This = HeapAlloc(GetProcessHeap(),HEAP_ZERO_MEMORY,sizeof(RpcStreamImpl)); This = HeapAlloc(GetProcessHeap(), 0, sizeof(RpcStreamImpl));
if (!This) return E_OUTOFMEMORY; if (!This) return E_OUTOFMEMORY;
This->IStream_iface.lpVtbl = &RpcStream_Vtbl; This->IStream_iface.lpVtbl = &RpcStream_Vtbl;
This->RefCount = 1; This->RefCount = 1;
This->pMsg = pStubMsg; This->pMsg = pStubMsg;
This->size = (LPDWORD)pStubMsg->Buffer; This->size = (LPDWORD)pStubMsg->Buffer;
This->data = (unsigned char*)(This->size + 1); This->data = pStubMsg->Buffer + sizeof(DWORD);
This->pos = 0; This->pos = 0;
if (init) *This->size = 0; if (init) *This->size = 0;
TRACE("init size=%d\n", *This->size); TRACE("init size=%d\n", *This->size);
if (size) *size = *This->size;
*stream = &This->IStream_iface; *stream = &This->IStream_iface;
return S_OK; return S_OK;
} }
...@@ -263,7 +265,7 @@ unsigned char * WINAPI NdrInterfacePointerMarshall(PMIDL_STUB_MESSAGE pStubMsg, ...@@ -263,7 +265,7 @@ unsigned char * WINAPI NdrInterfacePointerMarshall(PMIDL_STUB_MESSAGE pStubMsg,
pStubMsg->MaxCount = 0; pStubMsg->MaxCount = 0;
if (!LoadCOM()) return NULL; if (!LoadCOM()) return NULL;
if (pStubMsg->Buffer + sizeof(DWORD) <= (unsigned char *)pStubMsg->RpcMsg->Buffer + pStubMsg->BufferLength) { if (pStubMsg->Buffer + sizeof(DWORD) <= (unsigned char *)pStubMsg->RpcMsg->Buffer + pStubMsg->BufferLength) {
hr = RpcStream_Create(pStubMsg, TRUE, &stream); hr = RpcStream_Create(pStubMsg, TRUE, NULL, &stream);
if (hr == S_OK) { if (hr == S_OK) {
if (pMemory) if (pMemory)
hr = COM_MarshalInterface(stream, riid, (LPUNKNOWN)pMemory, hr = COM_MarshalInterface(stream, riid, (LPUNKNOWN)pMemory,
...@@ -293,9 +295,11 @@ unsigned char * WINAPI NdrInterfacePointerUnmarshall(PMIDL_STUB_MESSAGE pStubMsg ...@@ -293,9 +295,11 @@ unsigned char * WINAPI NdrInterfacePointerUnmarshall(PMIDL_STUB_MESSAGE pStubMsg
if (!LoadCOM()) return NULL; if (!LoadCOM()) return NULL;
*(LPVOID*)ppMemory = NULL; *(LPVOID*)ppMemory = NULL;
if (pStubMsg->Buffer + sizeof(DWORD) < (unsigned char *)pStubMsg->RpcMsg->Buffer + pStubMsg->BufferLength) { if (pStubMsg->Buffer + sizeof(DWORD) < (unsigned char *)pStubMsg->RpcMsg->Buffer + pStubMsg->BufferLength) {
hr = RpcStream_Create(pStubMsg, FALSE, &stream); ULONG size;
hr = RpcStream_Create(pStubMsg, FALSE, &size, &stream);
if (hr == S_OK) { if (hr == S_OK) {
if (*((RpcStreamImpl *)stream)->size != 0) if (size != 0)
hr = COM_UnmarshalInterface(stream, &IID_NULL, (LPVOID*)ppMemory); hr = COM_UnmarshalInterface(stream, &IID_NULL, (LPVOID*)ppMemory);
IStream_Release(stream); IStream_Release(stream);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment