From b75828fc90a28470694d1d7695bfed66f8f0b854 Mon Sep 17 00:00:00 2001
From: Rob Shearman <robertshearman@gmail.com>
Date: Sun, 6 Jul 2008 11:55:59 +0100
Subject: [PATCH] rpcrt4: Clear the memory of embedded complex types in
 ComplexUnmarshall when fMustAlloc is TRUE to avoid passing uninitialised
 memory to the unmarshaller.

Found by Valgrind.
---
 dlls/rpcrt4/ndr_marshall.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/dlls/rpcrt4/ndr_marshall.c b/dlls/rpcrt4/ndr_marshall.c
index 4dcd500f32c..3d06cf1ce4d 100644
--- a/dlls/rpcrt4/ndr_marshall.c
+++ b/dlls/rpcrt4/ndr_marshall.c
@@ -2426,6 +2426,13 @@ static unsigned char * ComplexUnmarshall(PMIDL_STUB_MESSAGE pStubMsg,
       desc = pFormat + *(const SHORT*)pFormat;
       size = EmbeddedComplexSize(pStubMsg, desc);
       TRACE("embedded complex (size=%ld) => %p\n", size, pMemory);
+      if (fMustAlloc)
+        /* we can't pass fMustAlloc=TRUE into the marshaller for this type
+         * since the type is part of the memory block that is encompassed by
+         * the whole complex type. Memory is forced to allocate when pointers
+         * are set to NULL, so we emulate that part of fMustAlloc=TRUE by
+         * clearing the memory we pass in to the unmarshaller */
+        memset(pMemory, 0, size);
       m = NdrUnmarshaller[*desc & NDR_TABLE_MASK];
       if (m)
       {