rpcrt4: Clear the memory of embedded complex types in ComplexUnmarshall when fMustAlloc is TRUE to avoid passing uninitialised memory to the unmarshaller.

Rob Shearman robertshearman at gmail.com
Sun Jul 6 05:55:59 CDT 2008


Found by Valgrind.
---
 dlls/rpcrt4/ndr_marshall.c |    7 +++++++
 1 files changed, 7 insertions(+), 0 deletions(-)

Should fix this and similar Valgrind warnings:
+ Conditional jump or move depends on uninitialised value(s)
+    at  VARIANT_ValidateType (variant.c:545)
+    by  VariantClear (variant.c:598)
+    by  VARIANT_UserUnmarshal (usrmarshal.c:594)
+    by  NdrUserMarshalUnmarshall (ndr_marshall.c:3772)
+    by  ComplexUnmarshall (ndr_marshall.c:2439)
+    by  NdrComplexArrayUnmarshall (ndr_marshall.c:3505)
+    by  PointerUnmarshall (ndr_marshall.c:1302)
+    by  EmbeddedPointerUnmarshall (ndr_marshall.c:1622)
+    by  NdrSimpleStructUnmarshall (ndr_marshall.c:2059)
+    by  PointerUnmarshall (ndr_marshall.c:1302)
+    by  NdrPointerUnmarshall (ndr_marshall.c:1886)
+    by  IDispatch_RemoteInvoke_Stub (oleaut32_oaidl_p.c:838)
+    by  CStdStubBuffer_Invoke (cstub.c:433)
+    by  RPC_ExecuteCall (rpc.c:1392)
+    by  apartment_wndproc (compobj.c:547)
+    by  ??? (library.h:163)
+    by  call_window_proc (winproc.c:457)
+    by  WINPROC_CallProcAtoW (winproc.c:1011)
+    by  WINPROC_call_window (winproc.c:2209)
+    by  DispatchMessageA (message.c:3067)
+  Uninitialised value was created by a client request
+    at  mark_block_uninitialized (heap.c:164)
+    by  RtlAllocateHeap (heap.c:1239)
+    by  IMalloc_fnAlloc (ifs.c:186)
+    by  CoTaskMemAlloc (ifs.c:562)
+    by  NdrOleAllocate (ndr_ole.c:359)
+    by  NdrAllocate (ndr_marshall.c:381)
+    by  NdrComplexArrayUnmarshall (ndr_marshall.c:3498)
+    by  PointerUnmarshall (ndr_marshall.c:1302)
+    by  EmbeddedPointerUnmarshall (ndr_marshall.c:1622)
+    by  NdrSimpleStructUnmarshall (ndr_marshall.c:2059)
+    by  PointerUnmarshall (ndr_marshall.c:1302)
+    by  NdrPointerUnmarshall (ndr_marshall.c:1886)
+    by  IDispatch_RemoteInvoke_Stub (oleaut32_oaidl_p.c:838)
+    by  CStdStubBuffer_Invoke (cstub.c:433)
+    by  RPC_ExecuteCall (rpc.c:1392)
+    by  apartment_wndproc (compobj.c:547)
+    by  ??? (library.h:163)
+    by  call_window_proc (winproc.c:457)
+    by  WINPROC_CallProcAtoW (winproc.c:1011)
+    by  WINPROC_call_window (winproc.c:2209)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 4259b4ff7949132e665620e4397cc19ecbbb9b1f.diff
Type: text/x-patch
Size: 949 bytes
Desc: not available
Url : http://www.winehq.org/pipermail/wine-patches/attachments/20080706/d39c110f/attachment-0001.bin 


More information about the wine-patches mailing list