[PATCH 2/4] oleaut32: Fix AddFuncDesc() to ignore scodes array length when NULL array pointer is passed

Nikolay Sivov nsivov at codeweavers.com
Thu Aug 25 12:57:16 CDT 2016


Signed-off-by: Nikolay Sivov <nsivov at codeweavers.com>
---
 dlls/oleaut32/tests/typelib.c | 2 ++
 dlls/oleaut32/typelib.c       | 6 ++++--
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/dlls/oleaut32/tests/typelib.c b/dlls/oleaut32/tests/typelib.c
index 4f43cfe..3fdd245 100644
--- a/dlls/oleaut32/tests/typelib.c
+++ b/dlls/oleaut32/tests/typelib.c
@@ -2033,6 +2033,8 @@ static void test_CreateTypeLib(SYSKIND sys) {
     funcdesc.lprgelemdescParam = NULL;
     funcdesc.invkind = INVOKE_FUNC;
     funcdesc.cParams = 0;
+    funcdesc.cScodes = 1;
+    funcdesc.lprgscode = NULL;
     hres = ICreateTypeInfo_AddFuncDesc(createti, 1, &funcdesc);
     ok(hres == S_OK, "got %08x\n", hres);
 
diff --git a/dlls/oleaut32/typelib.c b/dlls/oleaut32/typelib.c
index b0ee5f2..4fdfbeb 100644
--- a/dlls/oleaut32/typelib.c
+++ b/dlls/oleaut32/typelib.c
@@ -10431,11 +10431,13 @@ static HRESULT WINAPI ICreateTypeInfo2_fnAddFuncDesc(ICreateTypeInfo2 *iface,
     if (tmp_func_desc.funcdesc.oVft != 0)
         tmp_func_desc.funcdesc.oVft |= 1;
 
-    if (funcDesc->cScodes) {
+    if (funcDesc->cScodes && funcDesc->lprgscode) {
         tmp_func_desc.funcdesc.lprgscode = heap_alloc(sizeof(SCODE) * funcDesc->cScodes);
         memcpy(tmp_func_desc.funcdesc.lprgscode, funcDesc->lprgscode, sizeof(SCODE) * funcDesc->cScodes);
-    } else
+    } else {
         tmp_func_desc.funcdesc.lprgscode = NULL;
+        tmp_func_desc.funcdesc.cScodes = 0;
+    }
 
     buf_size = TLB_SizeElemDesc(&funcDesc->elemdescFunc);
     for (i = 0; i < funcDesc->cParams; ++i) {
-- 
2.9.3




More information about the wine-patches mailing list