Robert Shearman : rpcrt4: Use safe_mutiply in conformant array
functions.
Alexandre Julliard
julliard at wine.codeweavers.com
Mon Jun 12 07:09:33 CDT 2006
Module: wine
Branch: refs/heads/master
Commit: 539b48bff444364cf43154aaf6383a3dce42d11e
URL: http://source.winehq.org/git/?p=wine.git;a=commit;h=539b48bff444364cf43154aaf6383a3dce42d11e
Author: Robert Shearman <rob at codeweavers.com>
Date: Sat Jun 10 12:33:01 2006 +0100
rpcrt4: Use safe_mutiply in conformant array functions.
---
dlls/rpcrt4/ndr_marshall.c | 32 ++++++++++++++++----------------
1 files changed, 16 insertions(+), 16 deletions(-)
diff --git a/dlls/rpcrt4/ndr_marshall.c b/dlls/rpcrt4/ndr_marshall.c
index 50d3871..2b6e096 100644
--- a/dlls/rpcrt4/ndr_marshall.c
+++ b/dlls/rpcrt4/ndr_marshall.c
@@ -26,7 +26,7 @@
* - transmit_as/represent as
* - Multi-dimensional arrays
* - Conversion functions (NdrConvert)
- * - Checks for integer overflow when calculating array sizes
+ * - Checks for integer addition overflow
* - Checks for out-of-memory conditions
*/
@@ -2196,15 +2196,15 @@ unsigned char * WINAPI NdrConformantArra
if (pFormat[0] != RPC_FC_CARRAY) FIXME("format=%d\n", pFormat[0]);
pFormat = ComputeConformance(pStubMsg, pMemory, pFormat+4, 0);
- size = pStubMsg->MaxCount;
WriteConformance(pStubMsg);
ALIGN_POINTER(pStubMsg->Buffer, alignment);
- memcpy(pStubMsg->Buffer, pMemory, size*esize);
+ size = safe_multiply(esize, pStubMsg->MaxCount);
+ memcpy(pStubMsg->Buffer, pMemory, size);
pStubMsg->BufferMark = pStubMsg->Buffer;
- pStubMsg->Buffer += size*esize;
+ pStubMsg->Buffer += size;
EmbeddedPointerMarshall(pStubMsg, pMemory, pFormat);
@@ -2221,24 +2221,25 @@ unsigned char * WINAPI NdrConformantArra
PFORMAT_STRING pFormat,
unsigned char fMustAlloc)
{
- DWORD size = 0, esize = *(const WORD*)(pFormat+2);
+ DWORD size, esize = *(const WORD*)(pFormat+2);
unsigned char alignment = pFormat[1] + 1;
TRACE("(%p,%p,%p,%d)\n", pStubMsg, ppMemory, pFormat, fMustAlloc);
if (pFormat[0] != RPC_FC_CARRAY) FIXME("format=%d\n", pFormat[0]);
pFormat = ReadConformance(pStubMsg, pFormat+4);
- size = pStubMsg->MaxCount;
+
+ size = safe_multiply(esize, pStubMsg->MaxCount);
if (fMustAlloc || !*ppMemory)
- *ppMemory = NdrAllocate(pStubMsg, size*esize);
+ *ppMemory = NdrAllocate(pStubMsg, size);
ALIGN_POINTER(pStubMsg->Buffer, alignment);
- memcpy(*ppMemory, pStubMsg->Buffer, size*esize);
+ memcpy(*ppMemory, pStubMsg->Buffer, size);
pStubMsg->BufferMark = pStubMsg->Buffer;
- pStubMsg->Buffer += size*esize;
+ pStubMsg->Buffer += size;
EmbeddedPointerUnmarshall(pStubMsg, ppMemory, pFormat, fMustAlloc);
@@ -2252,21 +2253,21 @@ void WINAPI NdrConformantArrayBufferSize
unsigned char *pMemory,
PFORMAT_STRING pFormat)
{
- DWORD size = 0, esize = *(const WORD*)(pFormat+2);
+ DWORD size, esize = *(const WORD*)(pFormat+2);
unsigned char alignment = pFormat[1] + 1;
TRACE("(%p,%p,%p)\n", pStubMsg, pMemory, pFormat);
if (pFormat[0] != RPC_FC_CARRAY) FIXME("format=%d\n", pFormat[0]);
pFormat = ComputeConformance(pStubMsg, pMemory, pFormat+4, 0);
- size = pStubMsg->MaxCount;
SizeConformance(pStubMsg);
ALIGN_LENGTH(pStubMsg->BufferLength, alignment);
+ size = safe_multiply(esize, pStubMsg->MaxCount);
/* conformance value plus array */
- pStubMsg->BufferLength += size*esize;
+ pStubMsg->BufferLength += size;
EmbeddedPointerBufferSize(pStubMsg, pMemory, pFormat);
}
@@ -2284,12 +2285,12 @@ unsigned long WINAPI NdrConformantArrayM
if (pFormat[0] != RPC_FC_CARRAY) FIXME("format=%d\n", pFormat[0]);
pFormat = ReadConformance(pStubMsg, pFormat+4);
- size = pStubMsg->MaxCount;
- pStubMsg->MemorySize += size*esize;
+ size = safe_multiply(esize, pStubMsg->MaxCount);
+ pStubMsg->MemorySize += size;
ALIGN_POINTER(pStubMsg->Buffer, alignment);
pStubMsg->BufferMark = pStubMsg->Buffer;
- pStubMsg->Buffer += size*esize;
+ pStubMsg->Buffer += size;
EmbeddedPointerMemorySize(pStubMsg, pFormat);
@@ -2379,7 +2380,6 @@ unsigned char* WINAPI NdrConformantVaryi
ALIGN_POINTER(pStubMsg->Buffer, alignment);
bufsize = safe_multiply(esize, pStubMsg->ActualCount);
- TRACE("esize = %ld, pStubMsg->MaxCount = %ld, result = %ld\n", esize, pStubMsg->MaxCount, esize * pStubMsg->MaxCount);
memsize = safe_multiply(esize, pStubMsg->MaxCount);
if (!*ppMemory || fMustAlloc)
More information about the wine-cvs
mailing list