From 552f18211d95bb2fb5ab0660e6852bf9958d65b9 Mon Sep 17 00:00:00 2001 From: Robert Shearman Date: Tue, 29 Nov 2005 10:41:17 +0100 Subject: [PATCH] Fix the overflow check to not depend on pStubMsg->BufferStart and pStubMsg->BufferEnd being valid, because they aren't filled in when using MIDL-generated server stubs. Don't set the pointer to NULL on unmarshaling because we may want to unmarshal the value to an existing pointer instead of allocating a new one. --- dlls/rpcrt4/ndr_marshall.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/dlls/rpcrt4/ndr_marshall.c b/dlls/rpcrt4/ndr_marshall.c index 89a8dfdaea..adf330f57c 100644 --- a/dlls/rpcrt4/ndr_marshall.c +++ b/dlls/rpcrt4/ndr_marshall.c @@ -97,8 +97,9 @@ WINE_DEFAULT_DEBUG_CHANNEL(ole); #define ALIGN_POINTER(_Ptr, _Align) _Ptr = ALIGNED_POINTER(_Ptr, _Align) #define STD_OVERFLOW_CHECK(_Msg) do { \ - TRACE("buffer=%d/%ld\n", _Msg->Buffer - _Msg->BufferStart, _Msg->BufferLength); \ - if (_Msg->Buffer > _Msg->BufferEnd) ERR("buffer overflow %d bytes\n", _Msg->Buffer - _Msg->BufferEnd); \ + TRACE("buffer=%d/%ld\n", _Msg->Buffer - (unsigned char *)_Msg->RpcMsg->Buffer, _Msg->BufferLength); \ + if (_Msg->Buffer > (unsigned char *)_Msg->RpcMsg->Buffer + _Msg->BufferLength) \ + ERR("buffer overflow %d bytes\n", _Msg->Buffer - ((unsigned char *)_Msg->RpcMsg->Buffer + _Msg->BufferLength)); \ } while (0) #define NDR_TABLE_SIZE 128 @@ -752,8 +753,6 @@ void WINAPI PointerUnmarshall(PMIDL_STUB_MESSAGE pStubMsg, RpcRaiseException(RPC_X_BAD_STUB_DATA); } - *pPointer = NULL; - if (pointer_id) { m = NdrUnmarshaller[*desc & NDR_TABLE_MASK]; if (m) m(pStubMsg, pPointer, desc, fMustAlloc);