From 678ad6286c8a4b833f5b27ce323bbbb54ebabe61 Mon Sep 17 00:00:00 2001
From: Robert Shearman <rob@codeweavers.com>
Date: Fri, 2 Jun 2006 20:25:44 +0100
Subject: [PATCH] rpcrt4: Fix the pointer count used when handling embedded
 pointers in varying arrays.

---
 dlls/rpcrt4/ndr_marshall.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/dlls/rpcrt4/ndr_marshall.c b/dlls/rpcrt4/ndr_marshall.c
index 83fc9be2b12..5a1f057445f 100644
--- a/dlls/rpcrt4/ndr_marshall.c
+++ b/dlls/rpcrt4/ndr_marshall.c
@@ -1073,7 +1073,7 @@ static unsigned char * EmbeddedPointerMarshall(PMIDL_STUB_MESSAGE pStubMsg,
       pFormat += 10;
       break;
     case RPC_FC_VARIABLE_REPEAT:
-      rep = pStubMsg->MaxCount;
+      rep = (pFormat[1] == RPC_FC_VARIABLE_OFFSET) ? pStubMsg->ActualCount : pStubMsg->MaxCount;
       stride = *(const WORD*)&pFormat[2];
       ofs = *(const WORD*)&pFormat[4];
       count = *(const WORD*)&pFormat[6];
@@ -1145,7 +1145,7 @@ static unsigned char * EmbeddedPointerUnmarshall(PMIDL_STUB_MESSAGE pStubMsg,
       pFormat += 10;
       break;
     case RPC_FC_VARIABLE_REPEAT:
-      rep = pStubMsg->MaxCount;
+      rep = (pFormat[1] == RPC_FC_VARIABLE_OFFSET) ? pStubMsg->ActualCount : pStubMsg->MaxCount;
       stride = *(const WORD*)&pFormat[2];
       ofs = *(const WORD*)&pFormat[4];
       count = *(const WORD*)&pFormat[6];
@@ -1210,7 +1210,7 @@ static void EmbeddedPointerBufferSize(PMIDL_STUB_MESSAGE pStubMsg,
       pFormat += 10;
       break;
     case RPC_FC_VARIABLE_REPEAT:
-      rep = pStubMsg->MaxCount;
+      rep = (pFormat[1] == RPC_FC_VARIABLE_OFFSET) ? pStubMsg->ActualCount : pStubMsg->MaxCount;
       stride = *(const WORD*)&pFormat[2];
       ofs = *(const WORD*)&pFormat[4];
       count = *(const WORD*)&pFormat[6];
@@ -1273,7 +1273,7 @@ static unsigned long EmbeddedPointerMemorySize(PMIDL_STUB_MESSAGE pStubMsg,
       pFormat += 10;
       break;
     case RPC_FC_VARIABLE_REPEAT:
-      rep = pStubMsg->MaxCount;
+      rep = (pFormat[1] == RPC_FC_VARIABLE_OFFSET) ? pStubMsg->ActualCount : pStubMsg->MaxCount;
       stride = *(const WORD*)&pFormat[2];
       ofs = *(const WORD*)&pFormat[4];
       count = *(const WORD*)&pFormat[6];
@@ -1333,7 +1333,7 @@ static void EmbeddedPointerFree(PMIDL_STUB_MESSAGE pStubMsg,
       pFormat += 10;
       break;
     case RPC_FC_VARIABLE_REPEAT:
-      rep = pStubMsg->MaxCount;
+      rep = (pFormat[1] == RPC_FC_VARIABLE_OFFSET) ? pStubMsg->ActualCount : pStubMsg->MaxCount;
       stride = *(const WORD*)&pFormat[2];
       ofs = *(const WORD*)&pFormat[4];
       count = *(const WORD*)&pFormat[6];