Rob Shearman : rpcrt4: Improve PointerFree to not free buffer memory.

Alexandre Julliard julliard at winehq.org
Fri Dec 7 11:01:58 CST 2007 

Module: wine
Branch: master
Commit: 2ebee18198cc2f288cdc79c88cc9daf46b67b256
URL:    http://source.winehq.org/git/wine.git/?a=commit;h=2ebee18198cc2f288cdc79c88cc9daf46b67b256

Author: Rob Shearman <rob at codeweavers.com>
Date:   Fri Dec  7 14:13:45 2007 +0000

rpcrt4: Improve PointerFree to not free buffer memory.

---

 dlls/rpcrt4/ndr_marshall.c       |   25 +++++--------------------
 dlls/rpcrt4/tests/ndr_marshall.c |    2 ++
 2 files changed, 7 insertions(+), 20 deletions(-)

diff --git a/dlls/rpcrt4/ndr_marshall.c b/dlls/rpcrt4/ndr_marshall.c
index 3f991ce..d7da092 100644
--- a/dlls/rpcrt4/ndr_marshall.c
+++ b/dlls/rpcrt4/ndr_marshall.c
@@ -1187,28 +1187,13 @@ static void PointerFree(PMIDL_STUB_MESSAGE pStubMsg,
   m = NdrFreer[*desc & NDR_TABLE_MASK];
   if (m) m(pStubMsg, Pointer, desc);
 
-  /* hmm... is this sensible?
-   * perhaps we should check if the memory comes from NdrAllocate,
+  /* we should check if the memory comes from NdrAllocate,
    * and deallocate only if so - checking if the pointer is between
-   * BufferStart and BufferEnd is probably no good since the buffer
+   * BufferStart and BufferEnd will not always work since the buffer
    * may be reallocated when the server wants to marshal the reply */
-  switch (*desc) {
-  case RPC_FC_BOGUS_STRUCT:
-  case RPC_FC_BOGUS_ARRAY:
-  case RPC_FC_USER_MARSHAL:
-  case RPC_FC_CARRAY:
-  case RPC_FC_CVARRAY:
-    break;
-  default:
-    FIXME("unhandled data type=%02x\n", *desc);
-    break;
-  case RPC_FC_C_CSTRING:
-  case RPC_FC_C_WSTRING:
-    if (pStubMsg->ReuseBuffer) goto notfree;
-    break;
-  case RPC_FC_IP:
-    goto notfree;
-  }
+  if (Pointer >= (unsigned char *)pStubMsg->RpcMsg->Buffer ||
+      Pointer <= (unsigned char *)pStubMsg->RpcMsg->Buffer + pStubMsg->BufferLength)
+      goto notfree;
 
   if (attr & RPC_FC_P_ONSTACK) {
     TRACE("not freeing stack ptr %p\n", Pointer);
diff --git a/dlls/rpcrt4/tests/ndr_marshall.c b/dlls/rpcrt4/tests/ndr_marshall.c
index d2ea543..e4e2399 100644
--- a/dlls/rpcrt4/tests/ndr_marshall.c
+++ b/dlls/rpcrt4/tests/ndr_marshall.c
@@ -1167,7 +1167,9 @@ todo_wine {
     my_free_called = 0;
     StubMsg.Buffer = StubMsg.BufferStart;
     NdrPointerFree( &StubMsg, mem, fmtstr_conf_str );
+todo_wine {
     ok(my_free_called == 1, "free called %d\n", my_free_called);
+}
 
     /* Server */
     my_alloc_called = 0;

More information about the wine-cvs mailing list