ReceiveTempSMS
/
Sweden-Number
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

rpcrt4: Use safe_multiply when multiplying anything by pStubMsg->ActualCount or pStubMsg->MaxCount.

This commit is contained in:
Robert Shearman 2006-06-10 12:32:24 +01:00 committed by Alexandre Julliard
parent cec6092aa2
commit a946eb420b
1 changed files with 54 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

88
dlls/rpcrt4/ndr_marshall.c
View File

@ -2308,6 +2308,7 @@ unsigned char* WINAPI NdrConformantVaryingArrayMarshall( PMIDL_STUB_MESSAGE pStu
unsigned char* pMemory, unsigned char* pMemory,
PFORMAT_STRING pFormat ) PFORMAT_STRING pFormat )
{ {
ULONG bufsize;
unsigned char alignment = pFormat[1] + 1; unsigned char alignment = pFormat[1] + 1;
DWORD esize = *(const WORD*)(pFormat+2); DWORD esize = *(const WORD*)(pFormat+2);
@ -2328,9 +2329,11 @@ unsigned char* WINAPI NdrConformantVaryingArrayMarshall( PMIDL_STUB_MESSAGE pStu
ALIGN_POINTER(pStubMsg->Buffer, alignment); ALIGN_POINTER(pStubMsg->Buffer, alignment);
memcpy(pStubMsg->Buffer, pMemory + pStubMsg->Offset, pStubMsg->ActualCount*esize); bufsize = safe_multiply(esize, pStubMsg->ActualCount);
memcpy(pStubMsg->Buffer, pMemory + pStubMsg->Offset, bufsize);
pStubMsg->BufferMark = pStubMsg->Buffer; pStubMsg->BufferMark = pStubMsg->Buffer;
pStubMsg->Buffer += pStubMsg->ActualCount*esize; pStubMsg->Buffer += bufsize;
EmbeddedPointerMarshall(pStubMsg, pMemory, pFormat); EmbeddedPointerMarshall(pStubMsg, pMemory, pFormat);
@ -2348,6 +2351,7 @@ unsigned char* WINAPI NdrConformantVaryingArrayUnmarshall( PMIDL_STUB_MESSAGE pS
PFORMAT_STRING pFormat, PFORMAT_STRING pFormat,
unsigned char fMustAlloc ) unsigned char fMustAlloc )
{ {
ULONG bufsize, memsize;
unsigned char alignment = pFormat[1] + 1; unsigned char alignment = pFormat[1] + 1;
DWORD esize = *(const WORD*)(pFormat+2); DWORD esize = *(const WORD*)(pFormat+2);
@ -2365,10 +2369,13 @@ unsigned char* WINAPI NdrConformantVaryingArrayUnmarshall( PMIDL_STUB_MESSAGE pS
ALIGN_POINTER(pStubMsg->Buffer, alignment); ALIGN_POINTER(pStubMsg->Buffer, alignment);
bufsize = safe_multiply(esize, pStubMsg->ActualCount);
memsize = safe_multiply(esize, pStubMsg->MaxCount);
if (!*ppMemory || fMustAlloc) if (!*ppMemory || fMustAlloc)
*ppMemory = NdrAllocate(pStubMsg, pStubMsg->MaxCount * esize); *ppMemory = NdrAllocate(pStubMsg, memsize);
memcpy(*ppMemory + pStubMsg->Offset, pStubMsg->Buffer, pStubMsg->ActualCount * esize); memcpy(*ppMemory + pStubMsg->Offset, pStubMsg->Buffer, bufsize);
pStubMsg->Buffer += pStubMsg->ActualCount * esize; pStubMsg->Buffer += bufsize;
EmbeddedPointerUnmarshall(pStubMsg, ppMemory, pFormat, fMustAlloc); EmbeddedPointerUnmarshall(pStubMsg, ppMemory, pFormat, fMustAlloc);
@ -2427,7 +2434,7 @@ void WINAPI NdrConformantVaryingArrayBufferSize( PMIDL_STUB_MESSAGE pStubMsg,
ALIGN_LENGTH(pStubMsg->BufferLength, alignment); ALIGN_LENGTH(pStubMsg->BufferLength, alignment);
pStubMsg->BufferLength += pStubMsg->ActualCount*esize; pStubMsg->BufferLength += safe_multiply(esize, pStubMsg->ActualCount);
EmbeddedPointerBufferSize(pStubMsg, pMemory, pFormat); EmbeddedPointerBufferSize(pStubMsg, pMemory, pFormat);
} }
@ -2499,7 +2506,7 @@ unsigned char * WINAPI NdrComplexArrayUnmarshall(PMIDL_STUB_MESSAGE pStubMsg,
PFORMAT_STRING pFormat, PFORMAT_STRING pFormat,
unsigned char fMustAlloc) unsigned char fMustAlloc)
{ {
ULONG i, count, esize; ULONG i, count, esize, memsize;
unsigned char alignment; unsigned char alignment;
unsigned char *pMemory; unsigned char *pMemory;
unsigned char *Buffer; unsigned char *Buffer;
@ -2524,10 +2531,12 @@ unsigned char * WINAPI NdrComplexArrayUnmarshall(PMIDL_STUB_MESSAGE pStubMsg,
esize = ComplexStructMemorySize(pStubMsg, pFormat); esize = ComplexStructMemorySize(pStubMsg, pFormat);
pStubMsg->Buffer = Buffer; pStubMsg->Buffer = Buffer;
/* do multiply here instead of inside if block to verify MaxCount */
memsize = safe_multiply(esize, pStubMsg->MaxCount);
if (fMustAlloc || !*ppMemory) if (fMustAlloc || !*ppMemory)
{ {
*ppMemory = NdrAllocate(pStubMsg, pStubMsg->MaxCount * esize); *ppMemory = NdrAllocate(pStubMsg, memsize);
memset(*ppMemory, 0, pStubMsg->MaxCount * esize); memset(*ppMemory, 0, memsize);
} }
ALIGN_POINTER(pStubMsg->Buffer, alignment); ALIGN_POINTER(pStubMsg->Buffer, alignment);
@ -2620,7 +2629,7 @@ unsigned long WINAPI NdrComplexArrayMemorySize(PMIDL_STUB_MESSAGE pStubMsg,
esize = ComplexStructMemorySize(pStubMsg, pFormat); esize = ComplexStructMemorySize(pStubMsg, pFormat);
pStubMsg->Buffer = Buffer; pStubMsg->Buffer = Buffer;
MemorySize = esize * pStubMsg->MaxCount; MemorySize = safe_multiply(pStubMsg->MaxCount, esize);
count = pStubMsg->ActualCount; count = pStubMsg->ActualCount;
for (i = 0; i < count; i++) for (i = 0; i < count; i++)
@ -2872,7 +2881,7 @@ unsigned char * WINAPI NdrConformantStructMarshall(PMIDL_STUB_MESSAGE pStubMsg,
{ {
const NDR_CSTRUCT_FORMAT * pCStructFormat = (NDR_CSTRUCT_FORMAT*)pFormat; const NDR_CSTRUCT_FORMAT * pCStructFormat = (NDR_CSTRUCT_FORMAT*)pFormat;
PFORMAT_STRING pCArrayFormat; PFORMAT_STRING pCArrayFormat;
ULONG esize; ULONG esize, bufsize;
TRACE("(%p, %p, %p)\n", pStubMsg, pMemory, pFormat); TRACE("(%p, %p, %p)\n", pStubMsg, pMemory, pFormat);
@ -2903,10 +2912,11 @@ unsigned char * WINAPI NdrConformantStructMarshall(PMIDL_STUB_MESSAGE pStubMsg,
TRACE("memory_size = %d\n", pCStructFormat->memory_size); TRACE("memory_size = %d\n", pCStructFormat->memory_size);
bufsize = safe_multiply(esize, pStubMsg->MaxCount);
/* copy constant sized part of struct */ /* copy constant sized part of struct */
pStubMsg->BufferMark = pStubMsg->Buffer; pStubMsg->BufferMark = pStubMsg->Buffer;
memcpy(pStubMsg->Buffer, pMemory, pCStructFormat->memory_size + pStubMsg->MaxCount * esize); memcpy(pStubMsg->Buffer, pMemory, pCStructFormat->memory_size + bufsize);
pStubMsg->Buffer += pCStructFormat->memory_size + pStubMsg->MaxCount * esize; pStubMsg->Buffer += pCStructFormat->memory_size + bufsize;
if (pCStructFormat->type == RPC_FC_CPSTRUCT) if (pCStructFormat->type == RPC_FC_CPSTRUCT)
EmbeddedPointerMarshall(pStubMsg, pMemory, pFormat); EmbeddedPointerMarshall(pStubMsg, pMemory, pFormat);
@ -2926,7 +2936,7 @@ unsigned char * WINAPI NdrConformantStructUnmarshall(PMIDL_STUB_MESSAGE pStubMs
{ {
const NDR_CSTRUCT_FORMAT * pCStructFormat = (NDR_CSTRUCT_FORMAT*)pFormat; const NDR_CSTRUCT_FORMAT * pCStructFormat = (NDR_CSTRUCT_FORMAT*)pFormat;
PFORMAT_STRING pCArrayFormat; PFORMAT_STRING pCArrayFormat;
ULONG esize; ULONG esize, bufsize;
TRACE("(%p, %p, %p, %d)\n", pStubMsg, ppMemory, pFormat, fMustAlloc); TRACE("(%p, %p, %p, %d)\n", pStubMsg, ppMemory, pFormat, fMustAlloc);
@ -2953,17 +2963,18 @@ unsigned char * WINAPI NdrConformantStructUnmarshall(PMIDL_STUB_MESSAGE pStubMs
TRACE("memory_size = %d\n", pCStructFormat->memory_size); TRACE("memory_size = %d\n", pCStructFormat->memory_size);
bufsize = safe_multiply(esize, pStubMsg->MaxCount);
/* work out how much memory to allocate if we need to do so */ /* work out how much memory to allocate if we need to do so */
if (!*ppMemory || fMustAlloc) if (!*ppMemory || fMustAlloc)
{ {
SIZE_T size = pCStructFormat->memory_size + pStubMsg->MaxCount * esize; SIZE_T size = pCStructFormat->memory_size + bufsize;
*ppMemory = NdrAllocate(pStubMsg, size); *ppMemory = NdrAllocate(pStubMsg, size);
} }
/* now copy the data */ /* now copy the data */
pStubMsg->BufferMark = pStubMsg->Buffer; pStubMsg->BufferMark = pStubMsg->Buffer;
memcpy(*ppMemory, pStubMsg->Buffer, pCStructFormat->memory_size + pStubMsg->MaxCount * esize); memcpy(*ppMemory, pStubMsg->Buffer, pCStructFormat->memory_size + bufsize);
pStubMsg->Buffer += pCStructFormat->memory_size + pStubMsg->MaxCount * esize; pStubMsg->Buffer += pCStructFormat->memory_size + bufsize;
if (pCStructFormat->type == RPC_FC_CPSTRUCT) if (pCStructFormat->type == RPC_FC_CPSTRUCT)
EmbeddedPointerUnmarshall(pStubMsg, ppMemory, pFormat, fMustAlloc); EmbeddedPointerUnmarshall(pStubMsg, ppMemory, pFormat, fMustAlloc);
@ -3008,7 +3019,8 @@ void WINAPI NdrConformantStructBufferSize(PMIDL_STUB_MESSAGE pStubMsg,
TRACE("memory_size = %d\n", pCStructFormat->memory_size); TRACE("memory_size = %d\n", pCStructFormat->memory_size);
pStubMsg->BufferLength += pCStructFormat->memory_size + esize * pStubMsg->MaxCount; pStubMsg->BufferLength += pCStructFormat->memory_size +
safe_multiply(pStubMsg->MaxCount, esize);
if (pCStructFormat->type == RPC_FC_CPSTRUCT) if (pCStructFormat->type == RPC_FC_CPSTRUCT)
EmbeddedPointerBufferSize(pStubMsg, pMemory, pFormat); EmbeddedPointerBufferSize(pStubMsg, pMemory, pFormat);
@ -3043,7 +3055,7 @@ unsigned char * WINAPI NdrConformantVaryingStructMarshall(PMIDL_STUB_MESSAGE pS
{ {
const NDR_CVSTRUCT_FORMAT * pCVStructFormat = (NDR_CVSTRUCT_FORMAT*)pFormat; const NDR_CVSTRUCT_FORMAT * pCVStructFormat = (NDR_CVSTRUCT_FORMAT*)pFormat;
PFORMAT_STRING pCVArrayFormat; PFORMAT_STRING pCVArrayFormat;
ULONG esize; ULONG esize, bufsize;
TRACE("(%p, %p, %p)\n", pStubMsg, pMemory, pFormat); TRACE("(%p, %p, %p)\n", pStubMsg, pMemory, pFormat);
@ -3106,9 +3118,11 @@ unsigned char * WINAPI NdrConformantVaryingStructMarshall(PMIDL_STUB_MESSAGE pS
WriteVariance(pStubMsg); WriteVariance(pStubMsg);
bufsize = safe_multiply(esize, pStubMsg->ActualCount);
/* write array part */ /* write array part */
memcpy(pStubMsg->Buffer, pMemory + pCVStructFormat->memory_size, pStubMsg->ActualCount * esize); memcpy(pStubMsg->Buffer, pMemory + pCVStructFormat->memory_size, bufsize);
pStubMsg->Buffer += pStubMsg->ActualCount * esize; pStubMsg->Buffer += bufsize;
EmbeddedPointerMarshall(pStubMsg, pMemory, pFormat); EmbeddedPointerMarshall(pStubMsg, pMemory, pFormat);
@ -3127,7 +3141,7 @@ unsigned char * WINAPI NdrConformantVaryingStructUnmarshall(PMIDL_STUB_MESSAGE
{ {
const NDR_CVSTRUCT_FORMAT * pCVStructFormat = (NDR_CVSTRUCT_FORMAT*)pFormat; const NDR_CVSTRUCT_FORMAT * pCVStructFormat = (NDR_CVSTRUCT_FORMAT*)pFormat;
PFORMAT_STRING pCVArrayFormat; PFORMAT_STRING pCVArrayFormat;
ULONG esize; ULONG esize, bufsize;
unsigned char cvarray_type; unsigned char cvarray_type;
TRACE("(%p, %p, %p, %d)\n", pStubMsg, ppMemory, pFormat, fMustAlloc); TRACE("(%p, %p, %p, %d)\n", pStubMsg, ppMemory, pFormat, fMustAlloc);
@ -3176,7 +3190,7 @@ unsigned char * WINAPI NdrConformantVaryingStructUnmarshall(PMIDL_STUB_MESSAGE
/* work out how much memory to allocate if we need to do so */ /* work out how much memory to allocate if we need to do so */
if (!*ppMemory || fMustAlloc) if (!*ppMemory || fMustAlloc)
{ {
SIZE_T size = pCVStructFormat->memory_size + pStubMsg->MaxCount * esize; SIZE_T size = pCVStructFormat->memory_size + safe_multiply(esize, pStubMsg->MaxCount);
*ppMemory = NdrAllocate(pStubMsg, size); *ppMemory = NdrAllocate(pStubMsg, size);
} }
@ -3187,10 +3201,11 @@ unsigned char * WINAPI NdrConformantVaryingStructUnmarshall(PMIDL_STUB_MESSAGE
pCVArrayFormat = ReadVariance(pStubMsg, pCVArrayFormat); pCVArrayFormat = ReadVariance(pStubMsg, pCVArrayFormat);
bufsize = safe_multiply(esize, pStubMsg->ActualCount);
/* copy the array data */ /* copy the array data */
memcpy(*ppMemory + pCVStructFormat->memory_size, pStubMsg->Buffer, memcpy(*ppMemory + pCVStructFormat->memory_size, pStubMsg->Buffer,
pStubMsg->ActualCount * esize); bufsize);
pStubMsg->Buffer += pStubMsg->ActualCount * esize; pStubMsg->Buffer += bufsize;
if (cvarray_type == RPC_FC_C_CSTRING) if (cvarray_type == RPC_FC_C_CSTRING)
TRACE("string=%s\n", debugstr_a((char *)(*ppMemory + pCVStructFormat->memory_size))); TRACE("string=%s\n", debugstr_a((char *)(*ppMemory + pCVStructFormat->memory_size)));
@ -3269,7 +3284,7 @@ void WINAPI NdrConformantVaryingStructBufferSize(PMIDL_STUB_MESSAGE pStubMsg,
pStubMsg->BufferLength += pCVStructFormat->memory_size; pStubMsg->BufferLength += pCVStructFormat->memory_size;
SizeVariance(pStubMsg); SizeVariance(pStubMsg);
pStubMsg->BufferLength += esize * pStubMsg->MaxCount; pStubMsg->BufferLength += safe_multiply(pStubMsg->MaxCount, esize);
EmbeddedPointerBufferSize(pStubMsg, pMemory, pFormat); EmbeddedPointerBufferSize(pStubMsg, pMemory, pFormat);
} }
@ -3330,9 +3345,9 @@ unsigned long WINAPI NdrConformantVaryingStructMemorySize(PMIDL_STUB_MESSAGE pSt
pStubMsg->Buffer += pCVStructFormat->memory_size; pStubMsg->Buffer += pCVStructFormat->memory_size;
pCVArrayFormat = ReadVariance(pStubMsg, pCVArrayFormat); pCVArrayFormat = ReadVariance(pStubMsg, pCVArrayFormat);
pStubMsg->Buffer += pCVStructFormat->memory_size + pStubMsg->ActualCount * esize; pStubMsg->Buffer += pCVStructFormat->memory_size + safe_multiply(esize, pStubMsg->ActualCount);
pStubMsg->MemorySize += pCVStructFormat->memory_size + pStubMsg->MaxCount * esize; pStubMsg->MemorySize += pCVStructFormat->memory_size + safe_multiply(esize, pStubMsg->MaxCount);
EmbeddedPointerMemorySize(pStubMsg, pFormat); EmbeddedPointerMemorySize(pStubMsg, pFormat);
@ -3620,6 +3635,7 @@ unsigned char * WINAPI NdrVaryingArrayMarshall(PMIDL_STUB_MESSAGE pStubMsg,
{ {
unsigned char alignment; unsigned char alignment;
DWORD elements, esize; DWORD elements, esize;
ULONG bufsize;
TRACE("(%p, %p, %p)\n", pStubMsg, pMemory, pFormat); TRACE("(%p, %p, %p)\n", pStubMsg, pMemory, pFormat);
@ -3663,9 +3679,10 @@ unsigned char * WINAPI NdrVaryingArrayMarshall(PMIDL_STUB_MESSAGE pStubMsg,
ALIGN_POINTER(pStubMsg->Buffer, alignment); ALIGN_POINTER(pStubMsg->Buffer, alignment);
memcpy(pStubMsg->Buffer, pMemory + pStubMsg->Offset, pStubMsg->ActualCount*esize); bufsize = safe_multiply(esize, pStubMsg->ActualCount);
memcpy(pStubMsg->Buffer, pMemory + pStubMsg->Offset, bufsize);
pStubMsg->BufferMark = pStubMsg->Buffer; pStubMsg->BufferMark = pStubMsg->Buffer;
pStubMsg->Buffer += pStubMsg->ActualCount*esize; pStubMsg->Buffer += bufsize;
EmbeddedPointerMarshall(pStubMsg, pMemory, pFormat); EmbeddedPointerMarshall(pStubMsg, pMemory, pFormat);
@ -3684,6 +3701,7 @@ unsigned char * WINAPI NdrVaryingArrayUnmarshall(PMIDL_STUB_MESSAGE pStubMsg,
{ {
unsigned char alignment; unsigned char alignment;
DWORD size, elements, esize; DWORD size, elements, esize;
ULONG bufsize;
TRACE("(%p, %p, %p, %d)\n", pStubMsg, ppMemory, pFormat, fMustAlloc); TRACE("(%p, %p, %p, %d)\n", pStubMsg, ppMemory, pFormat, fMustAlloc);
@ -3727,10 +3745,12 @@ unsigned char * WINAPI NdrVaryingArrayUnmarshall(PMIDL_STUB_MESSAGE pStubMsg,
ALIGN_POINTER(pStubMsg->Buffer, alignment); ALIGN_POINTER(pStubMsg->Buffer, alignment);
bufsize = safe_multiply(esize, pStubMsg->ActualCount);
if (!*ppMemory || fMustAlloc) if (!*ppMemory || fMustAlloc)
*ppMemory = NdrAllocate(pStubMsg, size); *ppMemory = NdrAllocate(pStubMsg, size);
memcpy(*ppMemory + pStubMsg->Offset, pStubMsg->Buffer, pStubMsg->ActualCount * esize); memcpy(*ppMemory + pStubMsg->Offset, pStubMsg->Buffer, bufsize);
pStubMsg->Buffer += pStubMsg->ActualCount * esize; pStubMsg->Buffer += bufsize;
EmbeddedPointerUnmarshall(pStubMsg, ppMemory, pFormat, fMustAlloc); EmbeddedPointerUnmarshall(pStubMsg, ppMemory, pFormat, fMustAlloc);
@ -3789,7 +3809,7 @@ void WINAPI NdrVaryingArrayBufferSize(PMIDL_STUB_MESSAGE pStubMsg,
ALIGN_LENGTH(pStubMsg->BufferLength, alignment); ALIGN_LENGTH(pStubMsg->BufferLength, alignment);
pStubMsg->BufferLength += pStubMsg->ActualCount * esize; pStubMsg->BufferLength += safe_multiply(esize, pStubMsg->ActualCount);
EmbeddedPointerBufferSize(pStubMsg, pMemory, pFormat); EmbeddedPointerBufferSize(pStubMsg, pMemory, pFormat);
} }
@ -3845,7 +3865,7 @@ unsigned long WINAPI NdrVaryingArrayMemorySize(PMIDL_STUB_MESSAGE pStubMsg,
ALIGN_POINTER(pStubMsg->Buffer, alignment); ALIGN_POINTER(pStubMsg->Buffer, alignment);
pStubMsg->Buffer += pStubMsg->ActualCount * esize; pStubMsg->Buffer += safe_multiply(esize, pStubMsg->ActualCount);
pStubMsg->MemorySize += size; pStubMsg->MemorySize += size;
EmbeddedPointerMemorySize(pStubMsg, pFormat); EmbeddedPointerMemorySize(pStubMsg, pFormat);