Rob Shearman : rpcrt4: Don' t reserve space in the buffer for reference pointers embedded in complex types .
Alexandre Julliard
julliard at winehq.org
Fri Jul 4 13:59:18 CDT 2008
Module: wine
Branch: master
Commit: 620d783680cc1b867da348500a0f4f5c6b441d42
URL: http://source.winehq.org/git/wine.git/?a=commit;h=620d783680cc1b867da348500a0f4f5c6b441d42
Author: Rob Shearman <robertshearman at gmail.com>
Date: Thu Jul 3 23:28:02 2008 +0100
rpcrt4: Don't reserve space in the buffer for reference pointers embedded in complex types.
Ref pointers don't need a pointer ID and reserving space would render
the code incompatible with other clients. Note that the pointer
marshalling/unmarshalling functions didn't actually read/write pointer
IDs to/from the reserved space in the buffer.
---
dlls/rpcrt4/ndr_marshall.c | 53 ++++++++++++++++++++-----------------------
1 files changed, 25 insertions(+), 28 deletions(-)
diff --git a/dlls/rpcrt4/ndr_marshall.c b/dlls/rpcrt4/ndr_marshall.c
index 3b4f332..4dcd500 100644
--- a/dlls/rpcrt4/ndr_marshall.c
+++ b/dlls/rpcrt4/ndr_marshall.c
@@ -2253,7 +2253,9 @@ static unsigned char * ComplexMarshall(PMIDL_STUB_MESSAGE pStubMsg,
unsigned char *saved_buffer;
int pointer_buffer_mark_set = 0;
TRACE("pointer=%p <= %p\n", *(unsigned char**)pMemory, pMemory);
- ALIGN_POINTER_CLEAR(pStubMsg->Buffer, 4);
+ TRACE("pStubMsg->Buffer before %p\n", pStubMsg->Buffer);
+ if (*pPointer != RPC_FC_RP)
+ ALIGN_POINTER_CLEAR(pStubMsg->Buffer, 4);
saved_buffer = pStubMsg->Buffer;
if (pStubMsg->PointerBufferMark)
{
@@ -2261,21 +2263,18 @@ static unsigned char * ComplexMarshall(PMIDL_STUB_MESSAGE pStubMsg,
pStubMsg->PointerBufferMark = NULL;
pointer_buffer_mark_set = 1;
}
- else
+ else if (*pPointer != RPC_FC_RP)
safe_buffer_increment(pStubMsg, 4); /* for pointer ID */
PointerMarshall(pStubMsg, saved_buffer, *(unsigned char**)pMemory, pPointer);
if (pointer_buffer_mark_set)
{
STD_OVERFLOW_CHECK(pStubMsg);
pStubMsg->PointerBufferMark = pStubMsg->Buffer;
- if (saved_buffer + 4 > (unsigned char *)pStubMsg->RpcMsg->Buffer + pStubMsg->BufferLength)
- {
- ERR("buffer overflow - saved_buffer = %p, BufferEnd = %p\n",
- saved_buffer, (unsigned char *)pStubMsg->RpcMsg->Buffer + pStubMsg->BufferLength);
- RpcRaiseException(RPC_X_BAD_STUB_DATA);
- }
- pStubMsg->Buffer = saved_buffer + 4;
+ pStubMsg->Buffer = saved_buffer;
+ if (*pPointer != RPC_FC_RP)
+ safe_buffer_increment(pStubMsg, 4); /* for pointer ID */
}
+ TRACE("pStubMsg->Buffer after %p\n", pStubMsg->Buffer);
pPointer += 4;
pMemory += 4;
break;
@@ -2380,7 +2379,8 @@ static unsigned char * ComplexUnmarshall(PMIDL_STUB_MESSAGE pStubMsg,
unsigned char *saved_buffer;
int pointer_buffer_mark_set = 0;
TRACE("pointer => %p\n", pMemory);
- ALIGN_POINTER(pStubMsg->Buffer, 4);
+ if (*pPointer != RPC_FC_RP)
+ ALIGN_POINTER(pStubMsg->Buffer, 4);
saved_buffer = pStubMsg->Buffer;
if (pStubMsg->PointerBufferMark)
{
@@ -2388,7 +2388,7 @@ static unsigned char * ComplexUnmarshall(PMIDL_STUB_MESSAGE pStubMsg,
pStubMsg->PointerBufferMark = NULL;
pointer_buffer_mark_set = 1;
}
- else
+ else if (*pPointer != RPC_FC_RP)
safe_buffer_increment(pStubMsg, 4); /* for pointer ID */
PointerUnmarshall(pStubMsg, saved_buffer, (unsigned char**)pMemory, *(unsigned char**)pMemory, pPointer, fMustAlloc);
@@ -2396,13 +2396,9 @@ static unsigned char * ComplexUnmarshall(PMIDL_STUB_MESSAGE pStubMsg,
{
STD_OVERFLOW_CHECK(pStubMsg);
pStubMsg->PointerBufferMark = pStubMsg->Buffer;
- if (saved_buffer + 4 > (unsigned char *)pStubMsg->RpcMsg->Buffer + pStubMsg->BufferLength)
- {
- ERR("buffer overflow - saved_buffer = %p, BufferEnd = %p\n",
- saved_buffer, (unsigned char *)pStubMsg->RpcMsg->Buffer + pStubMsg->BufferLength);
- RpcRaiseException(RPC_X_BAD_STUB_DATA);
- }
- pStubMsg->Buffer = saved_buffer + 4;
+ pStubMsg->Buffer = saved_buffer;
+ if (*pPointer != RPC_FC_RP)
+ safe_buffer_increment(pStubMsg, 4); /* for pointer ID */
}
pPointer += 4;
pMemory += 4;
@@ -2507,7 +2503,11 @@ static unsigned char * ComplexBufferSize(PMIDL_STUB_MESSAGE pStubMsg,
pStubMsg->PointerLength = pStubMsg->BufferLength;
pStubMsg->BufferLength = saved_buffer_length;
}
- safe_buffer_length_increment(pStubMsg, 4);
+ if (*pPointer != RPC_FC_RP)
+ {
+ ALIGN_LENGTH(pStubMsg->BufferLength, 4);
+ safe_buffer_length_increment(pStubMsg, 4);
+ }
pPointer += 4;
pMemory += 4;
break;
@@ -2680,7 +2680,8 @@ static unsigned long ComplexStructMemorySize(PMIDL_STUB_MESSAGE pStubMsg,
{
unsigned char *saved_buffer;
int pointer_buffer_mark_set = 0;
- ALIGN_POINTER(pStubMsg->Buffer, 4);
+ if (*pPointer != RPC_FC_RP)
+ ALIGN_POINTER(pStubMsg->Buffer, 4);
saved_buffer = pStubMsg->Buffer;
if (pStubMsg->PointerBufferMark)
{
@@ -2688,7 +2689,7 @@ static unsigned long ComplexStructMemorySize(PMIDL_STUB_MESSAGE pStubMsg,
pStubMsg->PointerBufferMark = NULL;
pointer_buffer_mark_set = 1;
}
- else
+ else if (*pPointer != RPC_FC_RP)
safe_buffer_increment(pStubMsg, 4); /* for pointer ID */
if (!pStubMsg->IgnoreEmbeddedPointers)
@@ -2697,13 +2698,9 @@ static unsigned long ComplexStructMemorySize(PMIDL_STUB_MESSAGE pStubMsg,
{
STD_OVERFLOW_CHECK(pStubMsg);
pStubMsg->PointerBufferMark = pStubMsg->Buffer;
- if (saved_buffer + 4 > (unsigned char *)pStubMsg->RpcMsg->Buffer + pStubMsg->BufferLength)
- {
- ERR("buffer overflow - saved_buffer = %p, BufferEnd = %p\n",
- saved_buffer, (unsigned char *)pStubMsg->RpcMsg->Buffer + pStubMsg->BufferLength);
- RpcRaiseException(RPC_X_BAD_STUB_DATA);
- }
- pStubMsg->Buffer = saved_buffer + 4;
+ pStubMsg->Buffer = saved_buffer;
+ if (*pPointer != RPC_FC_RP)
+ safe_buffer_increment(pStubMsg, 4); /* for pointer ID */
}
pPointer += 4;
size += 4;
More information about the wine-cvs
mailing list