[PATCH 3/6] ole32, propsys: Rework PROPVARIANT (de)serialization
Nikolay Sivov
bunglehead at gmail.com
Thu Jul 16 13:49:49 CDT 2015
On 16.07.2015 21:23, Vincent Povirk wrote:
>> * The only interface to property (de)serialization provided by
>> ole32.dll, the StgConvertVariantToProperty()/
>> StgConvertPropertyToVariant() functions, are poorly documented,
>> hard to implement (HRESULTs need to be converted to NTSTATUS
>> exceptions) and even more unpleasant to use (because one would
>> need to catch the NTSTATUS exception and convert it back to a
>> HRESULT). This is rather crazy and cumbersome.
>
> I remember being concerned that StgConvertPropertyToVariant does not
> accept a size for the serialized value. This is not good when we don't
> trust the data we're reading.
>
> So, at least for deserialization I don't think we should use the public API.
>
Yes, I agree, it would be nice to have buffer length. Maybe the idea is
to check some kind of a header first, could be that first DWORD is
actually stream length, if that's the case it's not that bad.
More information about the wine-devel
mailing list