Rob Shearman : widl: Make the offset of conformant string types point to the start of the conformant string format chars , not the pointer type.

Mon Jan 7 08:39:01 CST 2008

Module: wine
Branch: master
Commit: 13f9c71960495c3696c40622653f9d59d18bd72c
URL:    http://source.winehq.org/git/wine.git/?a=commit;h=13f9c71960495c3696c40622653f9d59d18bd72c

Author: Rob Shearman <rob at codeweavers.com>
Date:   Fri Jan  4 16:24:42 2008 +0000

widl: Make the offset of conformant string types point to the start of the conformant string format chars, not the pointer type.

Otherwise, writing a type at top-level could cause the pointer format 
string to be used in non-top-level places which may cause memory 
corruption during freeing.

---

 tools/widl/typegen.c |   12 +++++++-----
 1 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/tools/widl/typegen.c b/tools/widl/typegen.c
index f40399f..55fb3fa 100644
--- a/tools/widl/typegen.c
+++ b/tools/widl/typegen.c
@@ -1472,11 +1472,9 @@ static size_t write_string_tfs(FILE *file, const attr_list_t *attrs,
                                const char *name, unsigned int *typestring_offset,
                                int toplevel)
 {
-    size_t start_offset = *typestring_offset;
+    size_t start_offset;
     unsigned char rtype;
 
-    update_tfsoff(type, start_offset, file);
-
     if (toplevel && is_declptr(type))
     {
         unsigned char flag = is_conformant_array(type) ? 0 : RPC_FC_P_SIMPLEPOINTER;
@@ -1494,6 +1492,9 @@ static size_t write_string_tfs(FILE *file, const attr_list_t *attrs,
         }
     }
 
+    start_offset = *typestring_offset;
+    update_tfsoff(type, start_offset, file);
+
     rtype = type->ref->type;
 
     if ((rtype != RPC_FC_BYTE) && (rtype != RPC_FC_CHAR) && (rtype != RPC_FC_WCHAR))
@@ -2743,10 +2744,11 @@ static void write_remoting_arg(FILE *file, int indent, const func_t *func,
             }
 
             if ((phase == PHASE_FREE) || (pointer_type == RPC_FC_UP))
-                print_phase_function(file, indent, "Pointer", phase, var, start_offset);
+                print_phase_function(file, indent, "Pointer", phase, var,
+                                     start_offset - (type->size_is ? 4 : 2));
             else
                 print_phase_function(file, indent, "ConformantString", phase, var,
-                                     start_offset + (type->size_is ? 4 : 2));
+                                     start_offset);
         }
     }
     else if (is_array(type))


