Nikolay Sivov : oleaut32: Fix AddFuncDesc() to ignore scodes array length when NULL array pointer is passed.

Alexandre Julliard julliard at winehq.org
Fri Aug 26 10:18:11 CDT 2016 

Module: wine
Branch: master
Commit: 37745b093d87596fc85902d4a911c8cd77b8536f
URL:    http://source.winehq.org/git/wine.git/?a=commit;h=37745b093d87596fc85902d4a911c8cd77b8536f

Author: Nikolay Sivov <nsivov at codeweavers.com>
Date:   Thu Aug 25 20:57:16 2016 +0300

oleaut32: Fix AddFuncDesc() to ignore scodes array length when NULL array pointer is passed.

Signed-off-by: Nikolay Sivov <nsivov at codeweavers.com>
Signed-off-by: Huw Davies <huw at codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard at winehq.org>

---

 dlls/oleaut32/tests/typelib.c | 2 ++
 dlls/oleaut32/typelib.c       | 6 ++++--
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/dlls/oleaut32/tests/typelib.c b/dlls/oleaut32/tests/typelib.c
index 4f43cfe..3fdd245 100644
--- a/dlls/oleaut32/tests/typelib.c
+++ b/dlls/oleaut32/tests/typelib.c
@@ -2033,6 +2033,8 @@ static void test_CreateTypeLib(SYSKIND sys) {
     funcdesc.lprgelemdescParam = NULL;
     funcdesc.invkind = INVOKE_FUNC;
     funcdesc.cParams = 0;
+    funcdesc.cScodes = 1;
+    funcdesc.lprgscode = NULL;
     hres = ICreateTypeInfo_AddFuncDesc(createti, 1, &funcdesc);
     ok(hres == S_OK, "got %08x\n", hres);
 
diff --git a/dlls/oleaut32/typelib.c b/dlls/oleaut32/typelib.c
index b0ee5f2..4fdfbeb 100644
--- a/dlls/oleaut32/typelib.c
+++ b/dlls/oleaut32/typelib.c
@@ -10431,11 +10431,13 @@ static HRESULT WINAPI ICreateTypeInfo2_fnAddFuncDesc(ICreateTypeInfo2 *iface,
     if (tmp_func_desc.funcdesc.oVft != 0)
         tmp_func_desc.funcdesc.oVft |= 1;
 
-    if (funcDesc->cScodes) {
+    if (funcDesc->cScodes && funcDesc->lprgscode) {
         tmp_func_desc.funcdesc.lprgscode = heap_alloc(sizeof(SCODE) * funcDesc->cScodes);
         memcpy(tmp_func_desc.funcdesc.lprgscode, funcDesc->lprgscode, sizeof(SCODE) * funcDesc->cScodes);
-    } else
+    } else {
         tmp_func_desc.funcdesc.lprgscode = NULL;
+        tmp_func_desc.funcdesc.cScodes = 0;
+    }
 
     buf_size = TLB_SizeElemDesc(&funcDesc->elemdescFunc);
     for (i = 0; i < funcDesc->cParams; ++i) {

More information about the wine-cvs mailing list