ReceiveTempSMS
/
Sweden-Number
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

rpcrt4: Allocate memory based on MaxCount, not ActualCount in NdrConformantStringUnmarshall.

This commit is contained in:
Robert Shearman 2006-07-24 11:45:15 +01:00 committed by Alexandre Julliard
parent 98c26a81fe
commit 4c4fc14fe9
1 changed files with 9 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
dlls/rpcrt4/ndr_marshall.c
View File

@ -650,7 +650,7 @@ unsigned long WINAPI NdrConformantStringMemorySize( PMIDL_STUB_MESSAGE pStubMsg,
{ {
unsigned long rslt = 0; unsigned long rslt = 0;
TRACE("(pStubMsg == ^%p, pFormat == ^%p)\n", pStubMsg, pFormat); FIXME("(pStubMsg == ^%p, pFormat == ^%p)\n", pStubMsg, pFormat);
assert(pStubMsg && pFormat); assert(pStubMsg && pFormat);
@ -679,7 +679,7 @@ unsigned long WINAPI NdrConformantStringMemorySize( PMIDL_STUB_MESSAGE pStubMsg,
unsigned char *WINAPI NdrConformantStringUnmarshall( PMIDL_STUB_MESSAGE pStubMsg, unsigned char *WINAPI NdrConformantStringUnmarshall( PMIDL_STUB_MESSAGE pStubMsg,
unsigned char** ppMemory, PFORMAT_STRING pFormat, unsigned char fMustAlloc ) unsigned char** ppMemory, PFORMAT_STRING pFormat, unsigned char fMustAlloc )
{ {
ULONG size, esize, i; ULONG bufsize, memsize, esize, i;
TRACE("(pStubMsg == ^%p, *pMemory == ^%p, pFormat == ^%p, fMustAlloc == %u)\n", TRACE("(pStubMsg == ^%p, *pMemory == ^%p, pFormat == ^%p, fMustAlloc == %u)\n",
pStubMsg, *ppMemory, pFormat, fMustAlloc); pStubMsg, *ppMemory, pFormat, fMustAlloc);
@ -697,16 +697,17 @@ unsigned char *WINAPI NdrConformantStringUnmarshall( PMIDL_STUB_MESSAGE pStubMsg
esize = 0; esize = 0;
} }
size = safe_multiply(esize, pStubMsg->ActualCount); memsize = safe_multiply(esize, pStubMsg->MaxCount);
bufsize = safe_multiply(esize, pStubMsg->ActualCount);
/* strings must always have null terminating bytes */ /* strings must always have null terminating bytes */
if (size < esize) if (bufsize < esize)
{ {
ERR("invalid string length of %ld\n", pStubMsg->ActualCount); ERR("invalid string length of %ld\n", pStubMsg->ActualCount);
RpcRaiseException(RPC_S_INVALID_BOUND); RpcRaiseException(RPC_S_INVALID_BOUND);
return NULL; return NULL;
} }
for (i = size - esize; i < size; i++) for (i = bufsize - esize; i < bufsize; i++)
if (pStubMsg->Buffer[i] != 0) if (pStubMsg->Buffer[i] != 0)
{ {
ERR("string not null-terminated at byte position %ld, data is 0x%x\n", ERR("string not null-terminated at byte position %ld, data is 0x%x\n",
@ -716,11 +717,11 @@ unsigned char *WINAPI NdrConformantStringUnmarshall( PMIDL_STUB_MESSAGE pStubMsg
} }
if (fMustAlloc || !*ppMemory) if (fMustAlloc || !*ppMemory)
*ppMemory = NdrAllocate(pStubMsg, size); *ppMemory = NdrAllocate(pStubMsg, memsize);
memcpy(*ppMemory, pStubMsg->Buffer, size); memcpy(*ppMemory, pStubMsg->Buffer, bufsize);
pStubMsg->Buffer += size; pStubMsg->Buffer += bufsize;
if (*pFormat == RPC_FC_C_CSTRING) { if (*pFormat == RPC_FC_C_CSTRING) {
TRACE("string=%s\n", debugstr_a((char*)*ppMemory)); TRACE("string=%s\n", debugstr_a((char*)*ppMemory));