Rob Shearman : rpcrt4: Clear the memory of embedded complex types in ComplexUnmarshall when fMustAlloc is TRUE to avoid passing uninitialised memory to the unmarshaller .

[Alexandre Julliard]

Module: wine
Branch: master
Commit: b75828fc90a28470694d1d7695bfed66f8f0b854
URL:    http://source.winehq.org/git/wine.git/?a=commit;h=b75828fc90a28470694d1d7695bfed66f8f0b854

Author: Rob Shearman <robertshearman at gmail.com>
Date:   Sun Jul  6 11:55:59 2008 +0100

rpcrt4: Clear the memory of embedded complex types in ComplexUnmarshall when fMustAlloc is TRUE to avoid passing uninitialised memory to the unmarshaller.

Found by Valgrind.

---

 dlls/rpcrt4/ndr_marshall.c |    7 +++++++
 1 files changed, 7 insertions(+), 0 deletions(-)

diff --git a/dlls/rpcrt4/ndr_marshall.c b/dlls/rpcrt4/ndr_marshall.c
index 4dcd500..3d06cf1 100644
--- a/dlls/rpcrt4/ndr_marshall.c
+++ b/dlls/rpcrt4/ndr_marshall.c
@@ -2426,6 +2426,13 @@ static unsigned char * ComplexUnmarshall(PMIDL_STUB_MESSAGE pStubMsg,
       desc = pFormat + *(const SHORT*)pFormat;
       size = EmbeddedComplexSize(pStubMsg, desc);
       TRACE("embedded complex (size=%ld) => %p\n", size, pMemory);
+      if (fMustAlloc)
+        /* we can't pass fMustAlloc=TRUE into the marshaller for this type
+         * since the type is part of the memory block that is encompassed by
+         * the whole complex type. Memory is forced to allocate when pointers
+         * are set to NULL, so we emulate that part of fMustAlloc=TRUE by
+         * clearing the memory we pass in to the unmarshaller */
+        memset(pMemory, 0, size);
       m = NdrUnmarshaller[*desc & NDR_TABLE_MASK];
       if (m)
       {