From 9a888e6465b79b5c3daec2723987aec3120888a6 Mon Sep 17 00:00:00 2001 From: Rob Shearman Date: Thu, 20 Dec 2007 09:51:47 +0000 Subject: [PATCH] rpcrt4: Fix NdrConformantStringUnmarshall to always increment the buffer during unmarshalling. safe_copy_from_buffer has the side-effect of incrementing the buffer and this still needs to be done when we point the memory into the buffer. (Thanks to Maarten Lankhorst for finding the mistake and suggesting a fix.) --- dlls/rpcrt4/ndr_marshall.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/dlls/rpcrt4/ndr_marshall.c b/dlls/rpcrt4/ndr_marshall.c index 0167bcfa3fb..2322c78a793 100644 --- a/dlls/rpcrt4/ndr_marshall.c +++ b/dlls/rpcrt4/ndr_marshall.c @@ -890,7 +890,9 @@ unsigned char *WINAPI NdrConformantStringUnmarshall( PMIDL_STUB_MESSAGE pStubMsg *ppMemory = NdrAllocate(pStubMsg, memsize); } - if (*ppMemory != pStubMsg->Buffer) + if (*ppMemory == pStubMsg->Buffer) + safe_buffer_increment(pStubMsg, bufsize); + else safe_copy_from_buffer(pStubMsg, *ppMemory, bufsize); if (*pFormat == RPC_FC_C_CSTRING) {