Skip to content

W
wine-winehq
Commit cf173911 authored by Marcus Meissner's avatar Marcus Meissner Committed by Alexandre Julliard
Browse files
Options

ole: ITypeInfo::Invoke stack overwrite fix.

Have enough stack space up to even VT_VARIANTs, fixes a stack corruption.
parent bce90cfb
Hide whitespace changes
Inline Side-by-side
Showing with 2 additions and 2 deletions
dlls/oleaut32/typelib.c
View file @ cf173911
...@@ -5205,7 +5205,7 @@ static HRESULT WINAPI ITypeInfo_fnInvoke( ...@@ -5205,7 +5205,7 @@ static HRESULT WINAPI ITypeInfo_fnInvoke(
VARIANT varresult; VARIANT varresult;
SHORT missing_param_offset = func_desc->cParams; SHORT missing_param_offset = func_desc->cParams;
SHORT missing_params = 0; SHORT missing_params = 0;
void *retval; /* pointer for storing byref retvals in */ VARIANT retval; /* pointer for storing byref retvals in */
hres = S_OK; hres = S_OK;
for (i = 0; i < func_desc->cParams; i++) for (i = 0; i < func_desc->cParams; i++)
...@@ -5238,7 +5238,7 @@ static HRESULT WINAPI ITypeInfo_fnInvoke( ...@@ -5238,7 +5238,7 @@ static HRESULT WINAPI ITypeInfo_fnInvoke(
arg = prgpvarg[i] = &rgvarg[i]; arg = prgpvarg[i] = &rgvarg[i];
memset(arg, 0, sizeof(*arg)); memset(arg, 0, sizeof(*arg));
V_VT(arg) = rgvt[i]; V_VT(arg) = rgvt[i];
retval = NULL; memset(&retval, 0, sizeof(retval));
V_BYREF(arg) = &retval; V_BYREF(arg) = &retval;
} }
else else
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment