ReceiveTempSMS
/
Sweden-Number
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

rpcrt4: Partially revert commit 18faf3184b2ea263d77c2a7ad92eef27bc4ba08f. 

Tests show that NdrPointerFree (and hence NdrFree) don't check whether 
the memory was allocated with NdrAllocate before freeing it. This makes 
sense as servers don't need to use NdrAllocate to allocate memory being 
returned and so this commit caused that memory to be leaked.

NdrAllocate hasn't been changed as the tests show it is correct and it 
appears that the memory list is used to implement the RpcSs memory model.
This commit is contained in:
Rob Shearman 2007-12-13 16:13:59 +00:00 committed by Alexandre Julliard
parent ce220e2b5f
commit c7261b732b
2 changed files with 1 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
dlls/rpcrt4/ndr_marshall.c
View File

@ -373,32 +373,9 @@ void * WINAPI NdrAllocate(MIDL_STUB_MESSAGE *pStubMsg, size_t len)
static void WINAPI NdrFree(MIDL_STUB_MESSAGE *pStubMsg, unsigned char *Pointer) static void WINAPI NdrFree(MIDL_STUB_MESSAGE *pStubMsg, unsigned char *Pointer)
{ {
NDR_MEMORY_LIST *mem_list, *prev_mem_list;
TRACE("(%p, %p)\n", pStubMsg, Pointer); TRACE("(%p, %p)\n", pStubMsg, Pointer);
for (prev_mem_list = NULL, mem_list = pStubMsg->pMemoryList; pStubMsg->pfnFree(Pointer);
mem_list;
prev_mem_list = mem_list, mem_list = mem_list->next)
{
const unsigned char *base_pointer = (unsigned char *)mem_list - mem_list->size;
if (base_pointer == Pointer)
{
if (mem_list->magic != MEML_MAGIC)
{
ERR("memory linked list corrupted, magic changed to 0x%08x\n", mem_list->magic);
break;
}
/* fixup next pointers */
if (prev_mem_list)
prev_mem_list->next = mem_list->next;
else
pStubMsg->pMemoryList = mem_list->next;
pStubMsg->pfnFree(Pointer);
break;
}
}
} }
static inline BOOL IsConformanceOrVariancePresent(PFORMAT_STRING pFormat) static inline BOOL IsConformanceOrVariancePresent(PFORMAT_STRING pFormat)

6
dlls/rpcrt4/tests/ndr_marshall.c
View File

@ -1193,17 +1193,13 @@ todo_wine {
my_free_called = 0; my_free_called = 0;
StubMsg.Buffer = StubMsg.BufferStart; StubMsg.Buffer = StubMsg.BufferStart;
NdrPointerFree( &StubMsg, mem, fmtstr_conf_str ); NdrPointerFree( &StubMsg, mem, fmtstr_conf_str );
todo_wine {
ok(my_free_called == 1, "free called %d\n", my_free_called); ok(my_free_called == 1, "free called %d\n", my_free_called);
}
mem = my_alloc(10); mem = my_alloc(10);
my_free_called = 0; my_free_called = 0;
StubMsg.Buffer = StubMsg.BufferStart; StubMsg.Buffer = StubMsg.BufferStart;
NdrPointerFree( &StubMsg, mem, fmtstr_conf_str ); NdrPointerFree( &StubMsg, mem, fmtstr_conf_str );
todo_wine {
ok(my_free_called == 1, "free called %d\n", my_free_called); ok(my_free_called == 1, "free called %d\n", my_free_called);
}
/* Server */ /* Server */
my_alloc_called = 0; my_alloc_called = 0;
@ -1246,9 +1242,7 @@ todo_wine {
my_free_called = 0; my_free_called = 0;
StubMsg.Buffer = StubMsg.BufferStart; StubMsg.Buffer = StubMsg.BufferStart;
NdrPointerFree( &StubMsg, mem, fmtstr_conf_str ); NdrPointerFree( &StubMsg, mem, fmtstr_conf_str );
todo_wine {
ok(my_free_called == 1, "free called %d\n", my_free_called); ok(my_free_called == 1, "free called %d\n", my_free_called);
}
HeapFree(GetProcessHeap(), 0, mem_orig); HeapFree(GetProcessHeap(), 0, mem_orig);
HeapFree(GetProcessHeap(), 0, StubMsg.RpcMsg->Buffer); HeapFree(GetProcessHeap(), 0, StubMsg.RpcMsg->Buffer);