[PATCH] rpcrt4: Fixed array_compute_and_size_conformance on strings (Coverity)
Marcus Meissner
marcus at jet.franken.de
Sun Dec 6 16:33:56 CST 2009
Hi,
Coverity found this suspicious and dead code ...
and it is a real bug.
Introduced by the rewrite in commit b2305adc
Ciao, Marcus
---
dlls/rpcrt4/ndr_marshall.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/dlls/rpcrt4/ndr_marshall.c b/dlls/rpcrt4/ndr_marshall.c
index 8db45b8..4511164 100644
--- a/dlls/rpcrt4/ndr_marshall.c
+++ b/dlls/rpcrt4/ndr_marshall.c
@@ -1778,7 +1778,7 @@ static inline void array_compute_and_size_conformance(
break;
case RPC_FC_C_CSTRING:
case RPC_FC_C_WSTRING:
- if (pFormat[0] == RPC_FC_C_CSTRING)
+ if (fc == RPC_FC_C_CSTRING)
{
TRACE("string=%s\n", debugstr_a((const char *)pMemory));
pStubMsg->ActualCount = strlen((const char *)pMemory)+1;
@@ -1789,7 +1789,7 @@ static inline void array_compute_and_size_conformance(
pStubMsg->ActualCount = strlenW((LPCWSTR)pMemory)+1;
}
- if (fc == RPC_FC_STRING_SIZED)
+ if (pFormat[1] == RPC_FC_STRING_SIZED)
pFormat = ComputeConformance(pStubMsg, pMemory, pFormat + 2, 0);
else
pStubMsg->MaxCount = pStubMsg->ActualCount;
--
1.5.6
More information about the wine-patches
mailing list