Rob Shearman : rpcrt4: Unmarshalling functions should always set fMustAlloc when allocating memory .

Alexandre Julliard julliard at winehq.org
Mon Jan 12 10:40:41 CST 2009


Module: wine
Branch: master
Commit: 59158fb25ce0b8d8f75fd44137085908a53bbafa
URL:    http://source.winehq.org/git/wine.git/?a=commit;h=59158fb25ce0b8d8f75fd44137085908a53bbafa

Author: Rob Shearman <robertshearman at gmail.com>
Date:   Sat Jan 10 22:17:15 2009 +0000

rpcrt4: Unmarshalling functions should always set fMustAlloc when allocating memory.

The memory is uninitialised and so further unmarshalling shouldn't try
to reuse any memory. fMustAlloc is always set to TRUE when allocating
memory so that it is clear that the unmarshalling is safe and to avoid
future problems with change or the code being copied.

---

 dlls/rpcrt4/ndr_marshall.c |   43 +++++++++++++++++++++++++++++++++----------
 1 files changed, 33 insertions(+), 10 deletions(-)

diff --git a/dlls/rpcrt4/ndr_marshall.c b/dlls/rpcrt4/ndr_marshall.c
index f0a13de..37d286d 100644
--- a/dlls/rpcrt4/ndr_marshall.c
+++ b/dlls/rpcrt4/ndr_marshall.c
@@ -2440,7 +2440,9 @@ unsigned char *  WINAPI NdrNonConformantStringUnmarshall(PMIDL_STUB_MESSAGE pStu
 
   validate_string_data(pStubMsg, bufsize, esize);
 
-  if (fMustAlloc || !*ppMemory)
+  if (!fMustAlloc && !*ppMemory)
+    fMustAlloc = TRUE;
+  if (fMustAlloc)
     *ppMemory = NdrAllocate(pStubMsg, memsize);
 
   safe_copy_from_buffer(pStubMsg, *ppMemory, bufsize);
@@ -3380,7 +3382,9 @@ unsigned char * WINAPI NdrComplexStructUnmarshall(PMIDL_STUB_MESSAGE pStubMsg,
     offset = pStubMsg->Offset;
   }
 
-  if (fMustAlloc || !*ppMemory)
+  if (!fMustAlloc && !*ppMemory)
+    fMustAlloc = TRUE;
+  if (fMustAlloc)
     *ppMemory = NdrAllocate(pStubMsg, size);
 
   pMemory = ComplexUnmarshall(pStubMsg, *ppMemory, pFormat, pointer_desc, fMustAlloc);
@@ -3921,7 +3925,9 @@ unsigned char * WINAPI NdrComplexArrayUnmarshall(PMIDL_STUB_MESSAGE pStubMsg,
   pFormat = ReadConformance(pStubMsg, pFormat);
   pFormat = ReadVariance(pStubMsg, pFormat, pStubMsg->MaxCount);
 
-  if (fMustAlloc || !*ppMemory)
+  if (!fMustAlloc && !*ppMemory)
+    fMustAlloc = TRUE;
+  if (fMustAlloc)
     *ppMemory = NdrAllocate(pStubMsg, size);
 
   ALIGN_POINTER(pStubMsg->Buffer, alignment);
@@ -4193,8 +4199,13 @@ unsigned char * WINAPI NdrUserMarshalUnmarshall(PMIDL_STUB_MESSAGE pStubMsg,
   else
     ALIGN_POINTER(pStubMsg->Buffer, (flags & 0xf) + 1);
 
-  if (fMustAlloc || !*ppMemory)
+  if (!fMustAlloc && !*ppMemory)
+    fMustAlloc = TRUE;
+  if (fMustAlloc)
+  {
     *ppMemory = NdrAllocate(pStubMsg, memsize);
+    memset(*ppMemory, 0, memsize);
+  }
 
   pStubMsg->Buffer =
     pStubMsg->StubDesc->aUserMarshalQuadruple[index].pfnUnmarshall(
@@ -4662,7 +4673,9 @@ unsigned char *  WINAPI NdrConformantVaryingStructUnmarshall(PMIDL_STUB_MESSAGE
     TRACE("memory_size = %d\n", pCVStructFormat->memory_size);
 
     /* work out how much memory to allocate if we need to do so */
-    if (!*ppMemory || fMustAlloc)
+    if (!fMustAlloc && !*ppMemory)
+        fMustAlloc = TRUE;
+    if (fMustAlloc)
     {
         SIZE_T size = pCVStructFormat->memory_size + memsize;
         *ppMemory = NdrAllocate(pStubMsg, size);
@@ -5149,7 +5162,9 @@ unsigned char *  WINAPI NdrVaryingArrayUnmarshall(PMIDL_STUB_MESSAGE pStubMsg,
     bufsize = safe_multiply(esize, pStubMsg->ActualCount);
     offset = pStubMsg->Offset;
 
-    if (!*ppMemory || fMustAlloc)
+    if (!fMustAlloc && !*ppMemory)
+        fMustAlloc = TRUE;
+    if (fMustAlloc)
         *ppMemory = NdrAllocate(pStubMsg, size);
     saved_buffer = pStubMsg->BufferMark = pStubMsg->Buffer;
     safe_buffer_increment(pStubMsg, bufsize);
@@ -5707,7 +5722,9 @@ unsigned char *  WINAPI NdrEncapsulatedUnionUnmarshall(PMIDL_STUB_MESSAGE pStubM
     TRACE("got switch value 0x%x\n", switch_value);
 
     size = *(const unsigned short*)pFormat + increment;
-    if(!*ppMemory || fMustAlloc)
+    if (!fMustAlloc && !*ppMemory)
+        fMustAlloc = TRUE;
+    if (fMustAlloc)
         *ppMemory = NdrAllocate(pStubMsg, size);
 
     NdrBaseTypeUnmarshall(pStubMsg, ppMemory, &switch_type, FALSE);
@@ -5887,7 +5904,9 @@ unsigned char *  WINAPI NdrNonEncapsulatedUnionUnmarshall(PMIDL_STUB_MESSAGE pSt
 
     size = *(const unsigned short*)pFormat;
 
-    if(!*ppMemory || fMustAlloc)
+    if (!fMustAlloc && !*ppMemory)
+        fMustAlloc = TRUE;
+    if (fMustAlloc)
         *ppMemory = NdrAllocate(pStubMsg, size);
 
     return union_arm_unmarshall(pStubMsg, ppMemory, discriminant, pFormat, fMustAlloc);
@@ -6109,7 +6128,9 @@ unsigned char *WINAPI NdrRangeUnmarshall(
     do \
     { \
         ALIGN_POINTER(pStubMsg->Buffer, sizeof(type)); \
-        if (fMustAlloc || !*ppMemory) \
+        if (!fMustAlloc && !*ppMemory) \
+            fMustAlloc = TRUE; \
+        if (fMustAlloc) \
             *ppMemory = NdrAllocate(pStubMsg, sizeof(type)); \
         if (pStubMsg->Buffer + sizeof(type) > pStubMsg->BufferEnd) \
         { \
@@ -6363,7 +6384,9 @@ static unsigned char *WINAPI NdrBaseTypeUnmarshall(
         break;
     case RPC_FC_ENUM16:
         ALIGN_POINTER(pStubMsg->Buffer, sizeof(USHORT));
-        if (fMustAlloc || !*ppMemory)
+        if (!fMustAlloc && !*ppMemory)
+            fMustAlloc = TRUE;
+        if (fMustAlloc)
             *ppMemory = NdrAllocate(pStubMsg, sizeof(UINT));
         if (pStubMsg->Buffer + sizeof(USHORT) > pStubMsg->BufferEnd)
             RpcRaiseException(RPC_X_BAD_STUB_DATA);




More information about the wine-cvs mailing list