[PATCH 3/6] ole32, propsys: Rework PROPVARIANT (de)serialization

Nikolay Sivov bunglehead at gmail.com
Thu Jul 16 13:49:49 CDT 2015

On 16.07.2015 21:23, Vincent Povirk wrote:
>>        * The only interface to property (de)serialization provided by
>>          ole32.dll, the StgConvertVariantToProperty()/
>>          StgConvertPropertyToVariant() functions, are poorly documented,
>>          hard to implement (HRESULTs need to be converted to NTSTATUS
>>          exceptions) and even more unpleasant to use (because one would
>>          need to catch the NTSTATUS exception and convert it back to a
>>          HRESULT). This is rather crazy and cumbersome.
> I remember being concerned that StgConvertPropertyToVariant does not
> accept a size for the serialized value. This is not good when we don't
> trust the data we're reading.
> So, at least for deserialization I don't think we should use the public API.

Yes, I agree, it would be nice to have buffer length. Maybe the idea is 
to check some kind of a header first, could be that first DWORD is 
actually stream length, if that's the case it's not that bad.

More information about the wine-devel mailing list