Fix Annoying SafeArrayCreateVector Bug

[Robert Shearman]

This bug manifested itself as heap corruption in IE when you selected a
folder from the "Favorites" menu. It had eluded me for weeks, even after
narrowing down which module it was in. Then Valgrind spotted it when I was
running random programs off my harddrive through it (IE won't run under
Valgrind).

ChangeLog:
- Use correct type of pointer in SafeArrayCreateVector to avoid memory
corruption
- Add traces
-------------- next part --------------
Index: wine/dlls/oleaut32/safearray.c
===================================================================
RCS file: /home/wine/wine/dlls/oleaut32/safearray.c,v
retrieving revision 1.23
diff -u -r1.23 safearray.c
--- wine/dlls/oleaut32/safearray.c	23 Jan 2003 21:32:36 -0000	1.23
+++ wine/dlls/oleaut32/safearray.c	19 May 2003 00:11:22 -0000
@@ -262,6 +262,8 @@
   HRESULT   hRes;
   USHORT    cDim;
 
+  TRACE("(%d, %d, %p)\n", vt, cDims, rgsabound);
+
   /* Validate supported VARTYPE */
   if ( (vt >= LAST_VARTYPE) ||
        ( VARTYPE_SIZE[vt] == VARTYPE_NOT_SUPPORTED ) )
@@ -861,6 +863,8 @@
   SAFEARRAY *psa;
   LPVOID    *ptr;
 
+  TRACE("%d, %ld, %ld\n", vt, lLbound, cElements);
+
   /* Validate supported VARTYPE */
   if ( (vt >= LAST_VARTYPE) ||
        ( VARTYPE_SIZE[vt] == VARTYPE_NOT_SUPPORTED ) )
@@ -872,7 +876,7 @@
                       (sizeof(GUID)+sizeof(*psa)+(VARTYPE_SIZE[vt]*cElements)));
   if (!ptr)
     return NULL;
-  psa = (SAFEARRAY*)(ptr+sizeof(GUID));
+  psa = (SAFEARRAY*)((BYTE*)ptr+sizeof(GUID));
 
   /* setup data members... */
   psa->cDims      = 1; /* always and forever */