From 4d25edc2981b4c2d6be6b1f0cb921e731552b5ee Mon Sep 17 00:00:00 2001
From: Robert Shearman <rob@codeweavers.com>
Date: Fri, 3 Feb 2006 18:46:40 +0100
Subject: [PATCH] rpcrt4: Restrict stubless FC types to the range of the type
 function table.

---
 dlls/rpcrt4/ndr_stubless.c | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/dlls/rpcrt4/ndr_stubless.c b/dlls/rpcrt4/ndr_stubless.c
index 7c10621d51..1a452755ea 100644
--- a/dlls/rpcrt4/ndr_stubless.c
+++ b/dlls/rpcrt4/ndr_stubless.c
@@ -47,9 +47,11 @@
 
 WINE_DEFAULT_DEBUG_CHANNEL(rpc);
 
+#define NDR_TABLE_MASK 127
+
 static inline void call_buffer_sizer(PMIDL_STUB_MESSAGE pStubMsg, unsigned char *pMemory, PFORMAT_STRING pFormat)
 {
-    NDR_BUFFERSIZE m = NdrBufferSizer[pFormat[0]];
+    NDR_BUFFERSIZE m = NdrBufferSizer[pFormat[0] & NDR_TABLE_MASK];
     if (m) m(pStubMsg, pMemory, pFormat);
     else
     {
@@ -60,7 +62,7 @@ static inline void call_buffer_sizer(PMIDL_STUB_MESSAGE pStubMsg, unsigned char
 
 static inline unsigned char *call_marshaller(PMIDL_STUB_MESSAGE pStubMsg, unsigned char *pMemory, PFORMAT_STRING pFormat)
 {
-    NDR_MARSHALL m = NdrMarshaller[pFormat[0]];
+    NDR_MARSHALL m = NdrMarshaller[pFormat[0] & NDR_TABLE_MASK];
     if (m) return m(pStubMsg, pMemory, pFormat);
     else
     {
@@ -72,7 +74,7 @@ static inline unsigned char *call_marshaller(PMIDL_STUB_MESSAGE pStubMsg, unsign
 
 static inline unsigned char *call_unmarshaller(PMIDL_STUB_MESSAGE pStubMsg, unsigned char **ppMemory, PFORMAT_STRING pFormat, unsigned char fMustAlloc)
 {
-    NDR_UNMARSHALL m = NdrUnmarshaller[pFormat[0]];
+    NDR_UNMARSHALL m = NdrUnmarshaller[pFormat[0] & NDR_TABLE_MASK];
     if (m) return m(pStubMsg, ppMemory, pFormat, fMustAlloc);
     else
     {
@@ -84,7 +86,7 @@ static inline unsigned char *call_unmarshaller(PMIDL_STUB_MESSAGE pStubMsg, unsi
 
 static inline void call_freer(PMIDL_STUB_MESSAGE pStubMsg, unsigned char *pMemory, PFORMAT_STRING pFormat)
 {
-    NDR_FREE m = NdrFreer[pFormat[0]];
+    NDR_FREE m = NdrFreer[pFormat[0] & NDR_TABLE_MASK];
     if (m) m(pStubMsg, pMemory, pFormat);
     else
     {
@@ -95,7 +97,7 @@ static inline void call_freer(PMIDL_STUB_MESSAGE pStubMsg, unsigned char *pMemor
 
 static inline unsigned long call_memory_sizer(PMIDL_STUB_MESSAGE pStubMsg, PFORMAT_STRING pFormat)
 {
-    NDR_MEMORYSIZE m = NdrMemorySizer[pFormat[0]];
+    NDR_MEMORYSIZE m = NdrMemorySizer[pFormat[0] & NDR_TABLE_MASK];
     if (m) return m(pStubMsg, pFormat);
     else
     {