Added patch to free RPC parameters allocated by application before anything else.

2024-11-21 16:46:54 -08:00 · 2015-05-16 04:29:53 +02:00 · 2015-05-16 04:29:53 +02:00 · 1bbf522c01
commit 1bbf522c01
parent 95496eedab
5 changed files with 89 additions and 13 deletions
--- a/README.md
+++ b/README.md
@ -39,7 +39,7 @@ Wine. All those differences are also documented on the
 Included bug fixes and improvements
 -----------------------------------

-**Bug fixes and features included in the next upcoming release [15]:**
+**Bug fixes and features included in the next upcoming release [16]:**

 * Add HTTP Host header in HttpSendRequest instead of HttpOpenRequest ([Wine Bug #28911](https://bugs.winehq.org/show_bug.cgi?id=28911))
 * Add IEnumString stub interface for ACLShellSource ([Wine Bug #18019](https://bugs.winehq.org/show_bug.cgi?id=18019))
@ -51,6 +51,7 @@ Included bug fixes and improvements
 * Create stub files for system32/drivers/etc/{services,hosts,networks,protocol} ([Wine Bug #12076](https://bugs.winehq.org/show_bug.cgi?id=12076))
 * Dirtify vertex shader on transformed update to fix graphical corruption ([Wine Bug #38539](https://bugs.winehq.org/show_bug.cgi?id=38539))
 * Do not create foreign thread queues for attach_thread_input requests ([Wine Bug #38562](https://bugs.winehq.org/show_bug.cgi?id=38562))
+* Free RPC parameters allocated by application before anything else ([Wine Bug #36743](https://bugs.winehq.org/show_bug.cgi?id=36743))
 * Implement kernel32.GetSystemTimePreciseAsFileTime ([Wine Bug #38513](https://bugs.winehq.org/show_bug.cgi?id=38513))
 * Improve ReadDataAvailable handling in FilePipeLocalInformation class
 * Return default palette entries from GetSystemPaletteEntries for non-palette-based devices
--- a/debian/changelog
+++ b/debian/changelog
@ -41,6 +41,8 @@ wine-staging (1.7.43) UNRELEASED; urgency=low
  * Added patch to add HTTP Host header in HttpSendRequest instead of
    HttpOpenRequest.
  * Added various additional fixes for wininet header handling.
+  * Added patch to free RPC parameters allocated by application before anything
+    else.
  * Removed patch to use lockfree implementation for FD cache (accepted
    upstream).
  * Removed patch to properly handle closing sockets during a select call
--- a/patches/patchinstall.sh
+++ b/patches/patchinstall.sh
@ -197,6 +197,7 @@ patch_enable_all ()
 	enable_quartz_MediaSeeking_Positions="$1"
 	enable_regedit_String_Termination="$1"
 	enable_riched20_IText_Interface="$1"
+	enable_rpcrt4_Use_After_Free="$1"
 	enable_secur32_ANSI_NTLM_Credentials="$1"
 	enable_server_ACL_Compat="$1"
 	enable_server_Address_List_Change="$1"
@ -658,6 +659,9 @@ patch_enable ()
 		riched20-IText_Interface)
 			enable_riched20_IText_Interface="$2"
 			;;
+		rpcrt4-Use_After_Free)
+			enable_rpcrt4_Use_After_Free="$2"
+			;;
 		secur32-ANSI_NTLM_Credentials)
 			enable_secur32_ANSI_NTLM_Credentials="$2"
 			;;
@ -2515,6 +2519,18 @@ if test "$enable_wined3d_CSMT_Helper" -eq 1; then
 	) >> "$patchlist"
 fi

+# Patchset wined3d-resource_check_usage
+# |
+# | Modified files:
+# |   *	dlls/wined3d/resource.c
+# |
+if test "$enable_wined3d_resource_check_usage" -eq 1; then
+	patch_apply wined3d-resource_check_usage/0001-wined3d-Silence-repeated-resource_check_usage-FIXME.patch
+	(
+		echo '+    { "Erich E. Hoover", "wined3d: Silence repeated resource_check_usage FIXME.", 2 },';
+	) >> "$patchlist"
+fi
+
 # Patchset wined3d-wined3d_swapchain_present
 # |
 # | Modified files:
@ -2603,18 +2619,6 @@ if test "$enable_wined3d_UnhandledBlendFactor" -eq 1; then
 	) >> "$patchlist"
 fi

-# Patchset wined3d-resource_check_usage
-# |
-# | Modified files:
-# |   *	dlls/wined3d/resource.c
-# |
-if test "$enable_wined3d_resource_check_usage" -eq 1; then
-	patch_apply wined3d-resource_check_usage/0001-wined3d-Silence-repeated-resource_check_usage-FIXME.patch
-	(
-		echo '+    { "Erich E. Hoover", "wined3d: Silence repeated resource_check_usage FIXME.", 2 },';
-	) >> "$patchlist"
-fi
-
 # Patchset wined3d-CSMT_Main
 # |
 # | This patchset fixes the following Wine bugs:
@ -4404,6 +4408,21 @@ if test "$enable_riched20_IText_Interface" -eq 1; then
 	) >> "$patchlist"
 fi

+# Patchset rpcrt4-Use_After_Free
+# |
+# | This patchset fixes the following Wine bugs:
+# |   *	[#36743] Free RPC parameters allocated by application before anything else
+# |
+# | Modified files:
+# |   *	dlls/rpcrt4/ndr_stubless.c
+# |
+if test "$enable_rpcrt4_Use_After_Free" -eq 1; then
+	patch_apply rpcrt4-Use_After_Free/0001-rpcrt4-Free-parameters-allocated-by-application-befo.patch
+	(
+		echo '+    { "Jérôme Gardou", "rpcrt4: Free parameters allocated by application before anything else.", 1 },';
+	) >> "$patchlist"
+fi
+
 # Patchset secur32-ANSI_NTLM_Credentials
 # |
 # | This patchset fixes the following Wine bugs:
--- a/patches/rpcrt4-Use_After_Free/0001-rpcrt4-Free-parameters-allocated-by-application-befo.patch
+++ b/patches/rpcrt4-Use_After_Free/0001-rpcrt4-Free-parameters-allocated-by-application-befo.patch
@ -0,0 +1,53 @@
+From 9cfab0a867f609d922ebe3ee2690f1fa7fe96976 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Gardou?= <jerome.gardou@reactos.org>
+Date: Mon, 16 Jun 2014 15:55:01 +0200
+Subject: rpcrt4: Free parameters allocated by application before anything
+ else.
+
+The freer function calculates conformance and variance using values in
+parameters which can be freed earlier in the loop, so it is necessary to
+free those before anything else.
+See http://bugs.winehq.org/show_bug.cgi?id=36743 for details.
+---
+ dlls/rpcrt4/ndr_stubless.c | 18 +++++++++++++-----
+ 1 file changed, 13 insertions(+), 5 deletions(-)
+
+diff --git a/dlls/rpcrt4/ndr_stubless.c b/dlls/rpcrt4/ndr_stubless.c
+index c9d9930..92bfd9b 100644
+--- a/dlls/rpcrt4/ndr_stubless.c
+++ b/dlls/rpcrt4/ndr_stubless.c
+@@ -1109,6 +1109,18 @@ static LONG_PTR *stub_do_args(MIDL_STUB_MESSAGE *pStubMsg,
+     unsigned int i;
+     LONG_PTR *retval_ptr = NULL;
+ 
+    if (phase == STUBLESS_FREE)
+    {
+        for (i = 0; i < number_of_params; i++)
+        {
+            unsigned char *pArg = pStubMsg->StackTop + params[i].stack_offset;
+            if (params[i].attr.MustFree)
+            {
+                call_freer(pStubMsg, pArg, &params[i]);
+            }
+        }
+    }
+
+     for (i = 0; i < number_of_params; i++)
+     {
+         unsigned char *pArg = pStubMsg->StackTop + params[i].stack_offset;
+@@ -1126,11 +1138,7 @@ static LONG_PTR *stub_do_args(MIDL_STUB_MESSAGE *pStubMsg,
+                 call_marshaller(pStubMsg, pArg, &params[i]);
+             break;
+         case STUBLESS_FREE:
+-            if (params[i].attr.MustFree)
+-            {
+-                call_freer(pStubMsg, pArg, &params[i]);
+-            }
+-            else if (params[i].attr.ServerAllocSize)
+            if (params[i].attr.ServerAllocSize)
+             {
+                 HeapFree(GetProcessHeap(), 0, *(void **)pArg);
+             }
+-- 
+2.4.0
+
--- a/patches/rpcrt4-Use_After_Free/definition
+++ b/patches/rpcrt4-Use_After_Free/definition
@ -0,0 +1 @@
+Fixes: [36743] Free RPC parameters allocated by application before anything else
				`@ -0,0 +1 @@`
				`Fixes: [36743] Free RPC parameters allocated by application before anything else`