From c735a14788011a139b55751c051809d14df9dde8 Mon Sep 17 00:00:00 2001
From: Rob Shearman <rob@codeweavers.com>
Date: Thu, 29 Nov 2007 17:35:40 +0000
Subject: [PATCH] rpcrt4: Fix NdrSimpleStructUnmarshall to cope with [in, out]
 embedded pointers.

---
 dlls/rpcrt4/ndr_marshall.c | 26 +++++++++++++-------------
 dlls/rpcrt4/tests/server.c |  1 -
 2 files changed, 13 insertions(+), 14 deletions(-)

diff --git a/dlls/rpcrt4/ndr_marshall.c b/dlls/rpcrt4/ndr_marshall.c
index f895376272c..8300b640e11 100644
--- a/dlls/rpcrt4/ndr_marshall.c
+++ b/dlls/rpcrt4/ndr_marshall.c
@@ -1715,28 +1715,28 @@ unsigned char * WINAPI NdrSimpleStructUnmarshall(PMIDL_STUB_MESSAGE pStubMsg,
                                                  unsigned char fMustAlloc)
 {
   unsigned size = *(const WORD*)(pFormat+2);
+  unsigned char *saved_buffer;
   TRACE("(%p,%p,%p,%d)\n", pStubMsg, ppMemory, pFormat, fMustAlloc);
 
   ALIGN_POINTER(pStubMsg->Buffer, pFormat[1] + 1);
 
-  pStubMsg->BufferMark = pStubMsg->Buffer;
-
-  if (fMustAlloc) {
+  if (fMustAlloc)
     *ppMemory = NdrAllocate(pStubMsg, size);
-    safe_copy_from_buffer(pStubMsg, *ppMemory, size);
-  } else {
-    if (!pStubMsg->IsClient && !*ppMemory) {
+  else
+  {
+    if (!pStubMsg->IsClient && !*ppMemory)
       /* for servers, we just point straight into the RPC buffer */
       *ppMemory = pStubMsg->Buffer;
-      safe_buffer_increment(pStubMsg, size);
-    }
-    else
-      /* for clients, memory should be provided by caller */
-      safe_copy_from_buffer(pStubMsg, *ppMemory, size);
   }
 
-  if (pFormat[0] != RPC_FC_STRUCT)
-    EmbeddedPointerUnmarshall(pStubMsg, *ppMemory, *ppMemory, pFormat+4, TRUE /* FIXME */);
+  saved_buffer = pStubMsg->BufferMark = pStubMsg->Buffer;
+  safe_buffer_increment(pStubMsg, size);
+  if (pFormat[0] == RPC_FC_PSTRUCT)
+      EmbeddedPointerUnmarshall(pStubMsg, saved_buffer, *ppMemory, pFormat+4, fMustAlloc);
+
+  TRACE("copying %p to %p\n", saved_buffer, *ppMemory);
+  if (*ppMemory != saved_buffer)
+      memcpy(*ppMemory, saved_buffer, size);
 
   return NULL;
 }
diff --git a/dlls/rpcrt4/tests/server.c b/dlls/rpcrt4/tests/server.c
index ad0dd73c560..20e6033fe66 100644
--- a/dlls/rpcrt4/tests/server.c
+++ b/dlls/rpcrt4/tests/server.c
@@ -876,7 +876,6 @@ pointer_tests(void)
   name.size = 10;
   name.name = buffer = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, name.size);
   get_name(&name);
-  todo_wine
   ok(name.name == buffer, "[in,out] pointer should have stayed as %p but instead changed to %p\n", name.name, buffer);
   HeapFree(GetProcessHeap(), 0, name.name);