rpcrt4: Set the destination pointer in PointerUnmarshall before calling the referenced type's unmarshalling routine.
Robert Shearman
rob at codeweavers.com
Tue Dec 4 07:22:56 CST 2007
When a pointer that is dereferenced is encountered then this can result
in a stale pointer (i.e. the one that is marshalled into the buffer for
the embedded pointer unmarshalling case) being used instead of the one
that was intended.
Rethinking the logic for the server case, it can be determined that
there will always be space to store the pointer when we are
unmarshalling an embedded pointer, since non-complex types must be able
to be memcpy'd from the buffer (and so must have exactly 4-bytes
available for the pointer to be unmarshalled into). If there will not be
4-bytes available, then the type should be complex (and so we don't need
to cope with this case since pointers are unmarshalled individually and
not into the buffer). As long as we don't try to use buffer space for
dereferenced pointers (which we don't) then we won't overwrite any data
in the buffer.
---
dlls/rpcrt4/ndr_marshall.c | 17 +++++------------
dlls/rpcrt4/tests/server.c | 1 -
2 files changed, 5 insertions(+), 13 deletions(-)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 469ca774e5c3c2fc794a805575faa976f069a614.diff
Type: text/x-patch
Size: 2893 bytes
Desc: not available
Url : http://www.winehq.org/pipermail/wine-patches/attachments/20071204/b2a5a941/attachment.bin
More information about the wine-patches
mailing list