[PATCH 3/6] ole32, propsys: Rework PROPVARIANT (de)serialization
madewokherd at gmail.com
Thu Jul 16 14:00:56 CDT 2015
>> I remember being concerned that StgConvertPropertyToVariant does not
>> accept a size for the serialized value. This is not good when we don't
>> trust the data we're reading.
>> So, at least for deserialization I don't think we should use the public
> Yes, I agree, it would be nice to have buffer length. Maybe the idea is to
> check some kind of a header first, could be that first DWORD is actually
> stream length, if that's the case it's not that bad.
Sadly, no, the size and how/if it's encoded depends on the type, which
is the first thing in the structure.
More information about the wine-devel