[Bug 20759] Read buffer overflow in NdrConformantArrayMarshall?
wine-bugs at winehq.org
wine-bugs at winehq.org
Fri Nov 20 17:15:41 CST 2009
http://bugs.winehq.org/show_bug.cgi?id=20759
--- Comment #1 from Rob Shearman <robertshearman at gmail.com> 2009-11-20 17:15:41 ---
The bug is in type_memsize in widl. The calculated size/alignment of
REMQIRESULT/STDOBJREF in widl doesn't match that of the C compiler:
C:
fixme:ole:RemUnknown_RemQueryInterface sizeof(REMQIRESULT) = 44,
__alignof__(REMQIRESULT) = 4
fixme:ole:RemUnknown_RemQueryInterface sizeof(STDOBJREF) = 40,
__alignof__(STDOBJREF) = 4
fixme:ole:RemUnknown_RemQueryInterface sizeof(IPID) = 16, __alignof__(IPID) = 4
fixme:ole:RemUnknown_RemQueryInterface sizeof(OID) = 8, __alignof__(OID) = 8
widl:
sizeof(STDOBJREF) = 40, __alignof__(STDOBJREF) = 8
sizeof(REMQIRESULT) = 48, __alignof__(REMQIRESULT) = 8
sizeof(IPID) = 16, __alignof__(IPID) = 4
sizeof(OID) = 8, __alignof__(OID) = 8
The C standard doesn't help. From 6.7.2.1:
"12 Each non-bit-field member of a structure or union object is aligned in an
implementation-
defined manner appropriate to its type."
--
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.
More information about the wine-bugs
mailing list