rpcrt4: Clear the memory of embedded complex types in ComplexUnmarshall when fMustAlloc is TRUE to avoid passing uninitialised memory to the unmarshaller.
Rob Shearman
robertshearman at gmail.com
Sun Jul 6 05:55:59 CDT 2008
Found by Valgrind.
---
dlls/rpcrt4/ndr_marshall.c | 7 +++++++
1 files changed, 7 insertions(+), 0 deletions(-)
Should fix this and similar Valgrind warnings:
+ Conditional jump or move depends on uninitialised value(s)
+ at VARIANT_ValidateType (variant.c:545)
+ by VariantClear (variant.c:598)
+ by VARIANT_UserUnmarshal (usrmarshal.c:594)
+ by NdrUserMarshalUnmarshall (ndr_marshall.c:3772)
+ by ComplexUnmarshall (ndr_marshall.c:2439)
+ by NdrComplexArrayUnmarshall (ndr_marshall.c:3505)
+ by PointerUnmarshall (ndr_marshall.c:1302)
+ by EmbeddedPointerUnmarshall (ndr_marshall.c:1622)
+ by NdrSimpleStructUnmarshall (ndr_marshall.c:2059)
+ by PointerUnmarshall (ndr_marshall.c:1302)
+ by NdrPointerUnmarshall (ndr_marshall.c:1886)
+ by IDispatch_RemoteInvoke_Stub (oleaut32_oaidl_p.c:838)
+ by CStdStubBuffer_Invoke (cstub.c:433)
+ by RPC_ExecuteCall (rpc.c:1392)
+ by apartment_wndproc (compobj.c:547)
+ by ??? (library.h:163)
+ by call_window_proc (winproc.c:457)
+ by WINPROC_CallProcAtoW (winproc.c:1011)
+ by WINPROC_call_window (winproc.c:2209)
+ by DispatchMessageA (message.c:3067)
+ Uninitialised value was created by a client request
+ at mark_block_uninitialized (heap.c:164)
+ by RtlAllocateHeap (heap.c:1239)
+ by IMalloc_fnAlloc (ifs.c:186)
+ by CoTaskMemAlloc (ifs.c:562)
+ by NdrOleAllocate (ndr_ole.c:359)
+ by NdrAllocate (ndr_marshall.c:381)
+ by NdrComplexArrayUnmarshall (ndr_marshall.c:3498)
+ by PointerUnmarshall (ndr_marshall.c:1302)
+ by EmbeddedPointerUnmarshall (ndr_marshall.c:1622)
+ by NdrSimpleStructUnmarshall (ndr_marshall.c:2059)
+ by PointerUnmarshall (ndr_marshall.c:1302)
+ by NdrPointerUnmarshall (ndr_marshall.c:1886)
+ by IDispatch_RemoteInvoke_Stub (oleaut32_oaidl_p.c:838)
+ by CStdStubBuffer_Invoke (cstub.c:433)
+ by RPC_ExecuteCall (rpc.c:1392)
+ by apartment_wndproc (compobj.c:547)
+ by ??? (library.h:163)
+ by call_window_proc (winproc.c:457)
+ by WINPROC_CallProcAtoW (winproc.c:1011)
+ by WINPROC_call_window (winproc.c:2209)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 4259b4ff7949132e665620e4397cc19ecbbb9b1f.diff
Type: text/x-patch
Size: 949 bytes
Desc: not available
Url : http://www.winehq.org/pipermail/wine-patches/attachments/20080706/d39c110f/attachment-0001.bin
More information about the wine-patches
mailing list