PATCH: ITypeInfo::Invoke stack overwrite fix
Marcus Meissner
marcus at jet.franken.de
Tue Jan 10 23:58:52 CST 2006
Hi,
This patch fixes part of bug 3529. The code was overwriting the
"void*" space with a full VARIANT (vt was VT_VARIANT | VT_BYREF).
So we reserve a full VARIANT now. Make it completely empty
to get zeroed integers inside too.
Ciao, Marcus
Changelog:
Have enough stack space up to even VT_VARIANTs,
fixes a stack corruption.
Index: dlls/oleaut32/typelib.c
===================================================================
RCS file: /home/wine/wine/dlls/oleaut32/typelib.c,v
retrieving revision 1.205
diff -u -r1.205 typelib.c
--- dlls/oleaut32/typelib.c 6 Jan 2006 20:52:34 -0000 1.205
+++ dlls/oleaut32/typelib.c 11 Jan 2006 05:56:45 -0000
@@ -5205,7 +5232,7 @@
VARIANT varresult;
SHORT missing_param_offset = func_desc->cParams;
SHORT missing_params = 0;
- void *retval; /* pointer for storing byref retvals in */
+ VARIANT retval; /* pointer for storing byref retvals in */
hres = S_OK;
for (i = 0; i < func_desc->cParams; i++)
@@ -5238,7 +5265,7 @@
arg = prgpvarg[i] = &rgvarg[i];
memset(arg, 0, sizeof(*arg));
V_VT(arg) = rgvt[i];
- retval = NULL;
+ memset(&retval, 0, sizeof(retval));
V_BYREF(arg) = &retval;
}
else
More information about the wine-patches
mailing list