- Use I_RpcGetBuffer, instead of our own buffer routines to fix an

occasional test crash caused by heap corruption.
- Zero the memory block passed to RpcServerRegisterIfEx so we don't
  pass garbage in some of the fields we don't fill in.
- Return the correct error code from create_server and fix two handle
  leaks.
- TODO update.

dlls/ole32/compobj.c

@@ -30,9 +30,12 @@
  *
  *   - Implement the service control manager (in rpcss) to keep track
  *     of registered class objects: ISCM::ServerRegisterClsid et al
- *   - Implement the OXID resolver so we don't need magic pipe names for
+ *   - Implement the OXID resolver so we don't need magic endpoint names for
  *     clients and servers to meet up
  *
+ *   - Pump the message loop during RPC calls.
+ *   - Call IMessageFilter functions.
+ *
  *   - Make all ole interface marshaling use NDR to be wire compatible with
  *     native DCOM
  *   - Use & interpret ORPCTHIS & ORPCTHAT.

dlls/ole32/oleproxy.c

@@ -190,10 +190,8 @@ CFStub_Invoke(
 
 	msg->cbBuffer = ststg.cbSize.u.LowPart;
 
-	if (msg->Buffer)
+        I_RpcGetBuffer((RPC_MESSAGE *)msg);
-	    msg->Buffer = HeapReAlloc(GetProcessHeap(),0,msg->Buffer,ststg.cbSize.u.LowPart);
+        if (hres) return hres;
-	else
-	    msg->Buffer = HeapAlloc(GetProcessHeap(),0,ststg.cbSize.u.LowPart);
 
 	seekto.u.LowPart = 0;seekto.u.HighPart = 0;
 	hres = IStream_Seek(pStm,seekto,SEEK_SET,&newpos);
@@ -546,10 +544,10 @@ static HRESULT WINAPI RemUnkStub_Invoke(LPRPCSTUBBUFFER iface,
 
     /* out */
     pMsg->cbBuffer = cIids * sizeof(REMQIRESULT);
-    if (pMsg->Buffer)
+
-        pMsg->Buffer = HeapReAlloc(GetProcessHeap(), 0, pMsg->Buffer, pMsg->cbBuffer);
+    I_RpcGetBuffer((RPC_MESSAGE *)pMsg);
-	else
+    if (hr) return hr;
-        pMsg->Buffer = HeapAlloc(GetProcessHeap(), 0, pMsg->cbBuffer);
+
     buf = pMsg->Buffer;
     /* FIXME: pQIResults is a unique pointer so pQIResults can be NULL! */
     memcpy(buf, pQIResults, cIids * sizeof(REMQIRESULT));
@@ -573,12 +571,13 @@ static HRESULT WINAPI RemUnkStub_Invoke(LPRPCSTUBBUFFER iface,
 
     /* out */
     pMsg->cbBuffer = cIids * sizeof(HRESULT);
-    if (pMsg->Buffer)
+
-        pMsg->Buffer = HeapReAlloc(GetProcessHeap(), 0, pMsg->Buffer, pMsg->cbBuffer);
+    I_RpcGetBuffer((RPC_MESSAGE *)pMsg);
-	else
+    if (!hr)
-        pMsg->Buffer = HeapAlloc(GetProcessHeap(), 0, pMsg->cbBuffer);
+    {
         buf = pMsg->Buffer;
         memcpy(buf, pResults, cIids * sizeof(HRESULT));
+    }
 
     CoTaskMemFree(pResults);
 

dlls/ole32/rpc.c

@@ -410,7 +410,7 @@ HRESULT RPC_RegisterInterface(REFIID riid)
     {
         TRACE("Creating new interface\n");
 
-        rif = HeapAlloc(GetProcessHeap(), 0, sizeof(*rif));
+        rif = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, sizeof(*rif));
         if (rif)
         {
             RPC_STATUS status;
@@ -419,10 +419,9 @@ HRESULT RPC_RegisterInterface(REFIID riid)
             rif->If.Length = sizeof(RPC_SERVER_INTERFACE);
             /* RPC interface ID = COM interface ID */
             rif->If.InterfaceId.SyntaxGUID = *riid;
-            /* COM objects always have a version of 0.0 */
-            rif->If.InterfaceId.SyntaxVersion.MajorVersion = 0;
-            rif->If.InterfaceId.SyntaxVersion.MinorVersion = 0;
             rif->If.DispatchTable = &rpc_dispatch;
+            /* all other fields are 0, including the version asCOM objects
+             * always have a version of 0.0 */
             status = RpcServerRegisterIfEx(
                 (RPC_IF_HANDLE)&rif->If,
                 NULL, NULL,
@@ -539,8 +538,10 @@ static HRESULT create_server(REFCLSID rclsid)
 
     if (!CreateProcessW(exe, command, NULL, NULL, FALSE, 0, NULL, NULL, &sinfo, &pinfo)) {
         WARN("failed to run local server %s\n", debugstr_w(exe));
-        return E_FAIL;
+        return HRESULT_FROM_WIN32(GetLastError());
     }
+    CloseHandle(pinfo.hProcess);
+    CloseHandle(pinfo.hThread);
 
     return S_OK;
 }