From 8348f0413d398248c932b852087e2095b661105c Mon Sep 17 00:00:00 2001
From: Rob Shearman <rob@codeweavers.com>
Date: Sat, 8 Dec 2007 17:14:24 +0000
Subject: [PATCH] rpcrt4: Fix NdrConformantStructUnmarshall to use buffer
 memory if applicable and to reuse memory for embedded pointers.

---
 dlls/rpcrt4/ndr_marshall.c | 23 ++++++++++++++++-------
 1 file changed, 16 insertions(+), 7 deletions(-)

diff --git a/dlls/rpcrt4/ndr_marshall.c b/dlls/rpcrt4/ndr_marshall.c
index 0a5bd9c0797..73bf08a676a 100644
--- a/dlls/rpcrt4/ndr_marshall.c
+++ b/dlls/rpcrt4/ndr_marshall.c
@@ -3457,6 +3457,7 @@ unsigned char *  WINAPI NdrConformantStructUnmarshall(PMIDL_STUB_MESSAGE pStubMs
     const NDR_CSTRUCT_FORMAT *pCStructFormat = (const NDR_CSTRUCT_FORMAT *)pFormat;
     PFORMAT_STRING pCArrayFormat;
     ULONG esize, bufsize;
+    unsigned char *saved_buffer;
 
     TRACE("(%p, %p, %p, %d)\n", pStubMsg, ppMemory, pFormat, fMustAlloc);
 
@@ -3490,19 +3491,27 @@ unsigned char *  WINAPI NdrConformantStructUnmarshall(PMIDL_STUB_MESSAGE pStubMs
             pCStructFormat->memory_size, bufsize);
         RpcRaiseException(RPC_X_BAD_STUB_DATA);
     }
-    /* work out how much memory to allocate if we need to do so */
-    if (!*ppMemory || fMustAlloc)
+
+    if (fMustAlloc)
     {
         SIZE_T size = pCStructFormat->memory_size + bufsize;
         *ppMemory = NdrAllocate(pStubMsg, size);
     }
+    else
+    {
+        if (!pStubMsg->IsClient && !*ppMemory)
+            /* for servers, we just point straight into the RPC buffer */
+            *ppMemory = pStubMsg->Buffer;
+    }
 
-    /* now copy the data */
-    pStubMsg->BufferMark = pStubMsg->Buffer;
-    safe_copy_from_buffer(pStubMsg, *ppMemory, pCStructFormat->memory_size + bufsize);
-
+    saved_buffer = pStubMsg->BufferMark = pStubMsg->Buffer;
+    safe_buffer_increment(pStubMsg, pCStructFormat->memory_size + bufsize);
     if (pCStructFormat->type == RPC_FC_CPSTRUCT)
-        EmbeddedPointerUnmarshall(pStubMsg, *ppMemory, *ppMemory, pFormat, TRUE /* FIXME */);
+        EmbeddedPointerUnmarshall(pStubMsg, saved_buffer, *ppMemory, pFormat, fMustAlloc);
+
+    TRACE("copying %p to %p\n", saved_buffer, *ppMemory);
+    if (*ppMemory != saved_buffer)
+        memcpy(*ppMemory, saved_buffer, pCStructFormat->memory_size + bufsize);
 
     return NULL;
 }