rpcrt4: Partially revert commit 18faf3184b2ea263d77c2a7ad92eef27bc4ba08f.

Tests show that NdrPointerFree (and hence NdrFree) don't check whether the memory was allocated with NdrAllocate before freeing it. This makes sense as servers don't need to use NdrAllocate to allocate memory being returned and so this commit caused that memory to be leaked. NdrAllocate hasn't been changed as the tests show it is correct and it appears that the memory list is used to implement the RpcSs memory model.

rpcrt4: Partially revert commit 18faf3184b2ea263d77c2a7ad92eef27bc4ba08f.
c7261b73 · Rob Shearman · Alexandre Julliard · ce220e2b · c7261b73 · c7261b73
Commit c7261b73 authored Dec 13, 2007 by Rob Shearman Committed by Alexandre Julliard Dec 14, 2007
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 30 deletions

ndr_marshall.c dlls/rpcrt4/ndr_marshall.c +1 -24

ndr_marshall.c dlls/rpcrt4/tests/ndr_marshall.c +0 -6

No files found.
--- a/dlls/rpcrt4/ndr_marshall.c
+++ b/dlls/rpcrt4/ndr_marshall.c
@@ -373,32 +373,9 @@ void * WINAPI NdrAllocate(MIDL_STUB_MESSAGE *pStubMsg, size_t len)
 static void WINAPI NdrFree(MIDL_STUB_MESSAGE *pStubMsg, unsigned char *Pointer)
 {
-    NDR_MEMORY_LIST *mem_list, *prev_mem_list;
    TRACE("(%p, %p)\n", pStubMsg, Pointer);
-    for (prev_mem_list = NULL, mem_list = pStubMsg->pMemoryList;
+    pStubMsg->pfnFree(Pointer);
-       mem_list;
-       prev_mem_list = mem_list, mem_list = mem_list->next)
-    {
-      const unsigned char *base_pointer = (unsigned char *)mem_list - mem_list->size;
-      if (base_pointer == Pointer)
-      {
-          if (mem_list->magic != MEML_MAGIC)
-          {
-              ERR("memory linked list corrupted, magic changed to 0x%08x\n", mem_list->magic);
-              break;
-          }
-          /* fixup next pointers */
-          if (prev_mem_list)
-              prev_mem_list->next = mem_list->next;
-          else
-              pStubMsg->pMemoryList = mem_list->next;
-          pStubMsg->pfnFree(Pointer);
-          break;
-      }
-    }
 }
 static inline BOOL IsConformanceOrVariancePresent(PFORMAT_STRING pFormat)

--- a/dlls/rpcrt4/tests/ndr_marshall.c
+++ b/dlls/rpcrt4/tests/ndr_marshall.c
@@ -1193,17 +1193,13 @@ todo_wine {
    my_free_called = 0;
    StubMsg.Buffer = StubMsg.BufferStart;
    NdrPointerFree( &StubMsg, mem, fmtstr_conf_str );
-todo_wine {
    ok(my_free_called == 1, "free called %d\n", my_free_called);
-}
    mem = my_alloc(10);
    my_free_called = 0;
    StubMsg.Buffer = StubMsg.BufferStart;
    NdrPointerFree( &StubMsg, mem, fmtstr_conf_str );
-todo_wine {
    ok(my_free_called == 1, "free called %d\n", my_free_called);
-}
    /* Server */
    my_alloc_called = 0;
@@ -1246,9 +1242,7 @@ todo_wine {
    my_free_called = 0;
    StubMsg.Buffer = StubMsg.BufferStart;
    NdrPointerFree( &StubMsg, mem, fmtstr_conf_str );
-todo_wine {
    ok(my_free_called == 1, "free called %d\n", my_free_called);
-}
    HeapFree(GetProcessHeap(), 0, mem_orig);
    HeapFree(GetProcessHeap(), 0, StubMsg.RpcMsg->Buffer);