From 59158fb25ce0b8d8f75fd44137085908a53bbafa Mon Sep 17 00:00:00 2001 From: Rob Shearman Date: Sat, 10 Jan 2009 22:17:15 +0000 Subject: [PATCH] rpcrt4: Unmarshalling functions should always set fMustAlloc when allocating memory. The memory is uninitialised and so further unmarshalling shouldn't try to reuse any memory. fMustAlloc is always set to TRUE when allocating memory so that it is clear that the unmarshalling is safe and to avoid future problems with change or the code being copied. --- dlls/rpcrt4/ndr_marshall.c | 43 +++++++++++++++++++++++++++++--------- 1 file changed, 33 insertions(+), 10 deletions(-) diff --git a/dlls/rpcrt4/ndr_marshall.c b/dlls/rpcrt4/ndr_marshall.c index f0a13de930c..37d286d1725 100644 --- a/dlls/rpcrt4/ndr_marshall.c +++ b/dlls/rpcrt4/ndr_marshall.c @@ -2440,7 +2440,9 @@ unsigned char * WINAPI NdrNonConformantStringUnmarshall(PMIDL_STUB_MESSAGE pStu validate_string_data(pStubMsg, bufsize, esize); - if (fMustAlloc || !*ppMemory) + if (!fMustAlloc && !*ppMemory) + fMustAlloc = TRUE; + if (fMustAlloc) *ppMemory = NdrAllocate(pStubMsg, memsize); safe_copy_from_buffer(pStubMsg, *ppMemory, bufsize); @@ -3380,7 +3382,9 @@ unsigned char * WINAPI NdrComplexStructUnmarshall(PMIDL_STUB_MESSAGE pStubMsg, offset = pStubMsg->Offset; } - if (fMustAlloc || !*ppMemory) + if (!fMustAlloc && !*ppMemory) + fMustAlloc = TRUE; + if (fMustAlloc) *ppMemory = NdrAllocate(pStubMsg, size); pMemory = ComplexUnmarshall(pStubMsg, *ppMemory, pFormat, pointer_desc, fMustAlloc); @@ -3921,7 +3925,9 @@ unsigned char * WINAPI NdrComplexArrayUnmarshall(PMIDL_STUB_MESSAGE pStubMsg, pFormat = ReadConformance(pStubMsg, pFormat); pFormat = ReadVariance(pStubMsg, pFormat, pStubMsg->MaxCount); - if (fMustAlloc || !*ppMemory) + if (!fMustAlloc && !*ppMemory) + fMustAlloc = TRUE; + if (fMustAlloc) *ppMemory = NdrAllocate(pStubMsg, size); ALIGN_POINTER(pStubMsg->Buffer, alignment); @@ -4193,8 +4199,13 @@ unsigned char * WINAPI NdrUserMarshalUnmarshall(PMIDL_STUB_MESSAGE pStubMsg, else ALIGN_POINTER(pStubMsg->Buffer, (flags & 0xf) + 1); - if (fMustAlloc || !*ppMemory) + if (!fMustAlloc && !*ppMemory) + fMustAlloc = TRUE; + if (fMustAlloc) + { *ppMemory = NdrAllocate(pStubMsg, memsize); + memset(*ppMemory, 0, memsize); + } pStubMsg->Buffer = pStubMsg->StubDesc->aUserMarshalQuadruple[index].pfnUnmarshall( @@ -4662,7 +4673,9 @@ unsigned char * WINAPI NdrConformantVaryingStructUnmarshall(PMIDL_STUB_MESSAGE TRACE("memory_size = %d\n", pCVStructFormat->memory_size); /* work out how much memory to allocate if we need to do so */ - if (!*ppMemory || fMustAlloc) + if (!fMustAlloc && !*ppMemory) + fMustAlloc = TRUE; + if (fMustAlloc) { SIZE_T size = pCVStructFormat->memory_size + memsize; *ppMemory = NdrAllocate(pStubMsg, size); @@ -5149,7 +5162,9 @@ unsigned char * WINAPI NdrVaryingArrayUnmarshall(PMIDL_STUB_MESSAGE pStubMsg, bufsize = safe_multiply(esize, pStubMsg->ActualCount); offset = pStubMsg->Offset; - if (!*ppMemory || fMustAlloc) + if (!fMustAlloc && !*ppMemory) + fMustAlloc = TRUE; + if (fMustAlloc) *ppMemory = NdrAllocate(pStubMsg, size); saved_buffer = pStubMsg->BufferMark = pStubMsg->Buffer; safe_buffer_increment(pStubMsg, bufsize); @@ -5707,7 +5722,9 @@ unsigned char * WINAPI NdrEncapsulatedUnionUnmarshall(PMIDL_STUB_MESSAGE pStubM TRACE("got switch value 0x%x\n", switch_value); size = *(const unsigned short*)pFormat + increment; - if(!*ppMemory || fMustAlloc) + if (!fMustAlloc && !*ppMemory) + fMustAlloc = TRUE; + if (fMustAlloc) *ppMemory = NdrAllocate(pStubMsg, size); NdrBaseTypeUnmarshall(pStubMsg, ppMemory, &switch_type, FALSE); @@ -5887,7 +5904,9 @@ unsigned char * WINAPI NdrNonEncapsulatedUnionUnmarshall(PMIDL_STUB_MESSAGE pSt size = *(const unsigned short*)pFormat; - if(!*ppMemory || fMustAlloc) + if (!fMustAlloc && !*ppMemory) + fMustAlloc = TRUE; + if (fMustAlloc) *ppMemory = NdrAllocate(pStubMsg, size); return union_arm_unmarshall(pStubMsg, ppMemory, discriminant, pFormat, fMustAlloc); @@ -6109,7 +6128,9 @@ unsigned char *WINAPI NdrRangeUnmarshall( do \ { \ ALIGN_POINTER(pStubMsg->Buffer, sizeof(type)); \ - if (fMustAlloc || !*ppMemory) \ + if (!fMustAlloc && !*ppMemory) \ + fMustAlloc = TRUE; \ + if (fMustAlloc) \ *ppMemory = NdrAllocate(pStubMsg, sizeof(type)); \ if (pStubMsg->Buffer + sizeof(type) > pStubMsg->BufferEnd) \ { \ @@ -6363,7 +6384,9 @@ static unsigned char *WINAPI NdrBaseTypeUnmarshall( break; case RPC_FC_ENUM16: ALIGN_POINTER(pStubMsg->Buffer, sizeof(USHORT)); - if (fMustAlloc || !*ppMemory) + if (!fMustAlloc && !*ppMemory) + fMustAlloc = TRUE; + if (fMustAlloc) *ppMemory = NdrAllocate(pStubMsg, sizeof(UINT)); if (pStubMsg->Buffer + sizeof(USHORT) > pStubMsg->BufferEnd) RpcRaiseException(RPC_X_BAD_STUB_DATA);