Added patch to free RPC parameters allocated by application before anything else.

2025-09-12 18:50:20 -07:00 · 2015-05-16 04:29:53 +02:00
parent 95496eedab
commit 1bbf522c01
5 changed files with 89 additions and 13 deletions
--- a/patches/patchinstall.sh
+++ b/patches/patchinstall.sh
@@ -197,6 +197,7 @@ patch_enable_all ()
 	enable_quartz_MediaSeeking_Positions="$1"
 	enable_regedit_String_Termination="$1"
 	enable_riched20_IText_Interface="$1"
+	enable_rpcrt4_Use_After_Free="$1"
 	enable_secur32_ANSI_NTLM_Credentials="$1"
 	enable_server_ACL_Compat="$1"
 	enable_server_Address_List_Change="$1"
@@ -658,6 +659,9 @@ patch_enable ()
 		riched20-IText_Interface)
 			enable_riched20_IText_Interface="$2"
 			;;
+		rpcrt4-Use_After_Free)
+			enable_rpcrt4_Use_After_Free="$2"
+			;;
 		secur32-ANSI_NTLM_Credentials)
 			enable_secur32_ANSI_NTLM_Credentials="$2"
 			;;
@@ -2515,6 +2519,18 @@ if test "$enable_wined3d_CSMT_Helper" -eq 1; then
 	) >> "$patchlist"
 fi

+# Patchset wined3d-resource_check_usage
+# |
+# | Modified files:
+# |   *	dlls/wined3d/resource.c
+# |
+if test "$enable_wined3d_resource_check_usage" -eq 1; then
+	patch_apply wined3d-resource_check_usage/0001-wined3d-Silence-repeated-resource_check_usage-FIXME.patch
+	(
+		echo '+    { "Erich E. Hoover", "wined3d: Silence repeated resource_check_usage FIXME.", 2 },';
+	) >> "$patchlist"
+fi
+
 # Patchset wined3d-wined3d_swapchain_present
 # |
 # | Modified files:
@@ -2603,18 +2619,6 @@ if test "$enable_wined3d_UnhandledBlendFactor" -eq 1; then
 	) >> "$patchlist"
 fi

-# Patchset wined3d-resource_check_usage
-# |
-# | Modified files:
-# |   *	dlls/wined3d/resource.c
-# |
-if test "$enable_wined3d_resource_check_usage" -eq 1; then
-	patch_apply wined3d-resource_check_usage/0001-wined3d-Silence-repeated-resource_check_usage-FIXME.patch
-	(
-		echo '+    { "Erich E. Hoover", "wined3d: Silence repeated resource_check_usage FIXME.", 2 },';
-	) >> "$patchlist"
-fi
-
 # Patchset wined3d-CSMT_Main
 # |
 # | This patchset fixes the following Wine bugs:
@@ -4404,6 +4408,21 @@ if test "$enable_riched20_IText_Interface" -eq 1; then
 	) >> "$patchlist"
 fi

+# Patchset rpcrt4-Use_After_Free
+# |
+# | This patchset fixes the following Wine bugs:
+# |   *	[#36743] Free RPC parameters allocated by application before anything else
+# |
+# | Modified files:
+# |   *	dlls/rpcrt4/ndr_stubless.c
+# |
+if test "$enable_rpcrt4_Use_After_Free" -eq 1; then
+	patch_apply rpcrt4-Use_After_Free/0001-rpcrt4-Free-parameters-allocated-by-application-befo.patch
+	(
+		echo '+    { "Jérôme Gardou", "rpcrt4: Free parameters allocated by application before anything else.", 1 },';
+	) >> "$patchlist"
+fi
+
 # Patchset secur32-ANSI_NTLM_Credentials
 # |
 # | This patchset fixes the following Wine bugs:
--- a/patches/rpcrt4-Use_After_Free/0001-rpcrt4-Free-parameters-allocated-by-application-befo.patch
+++ b/patches/rpcrt4-Use_After_Free/0001-rpcrt4-Free-parameters-allocated-by-application-befo.patch
@@ -0,0 +1,53 @@
+From 9cfab0a867f609d922ebe3ee2690f1fa7fe96976 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Gardou?= <jerome.gardou@reactos.org>
+Date: Mon, 16 Jun 2014 15:55:01 +0200
+Subject: rpcrt4: Free parameters allocated by application before anything
+ else.
+
+The freer function calculates conformance and variance using values in
+parameters which can be freed earlier in the loop, so it is necessary to
+free those before anything else.
+See http://bugs.winehq.org/show_bug.cgi?id=36743 for details.
+---
+ dlls/rpcrt4/ndr_stubless.c | 18 +++++++++++++-----
+ 1 file changed, 13 insertions(+), 5 deletions(-)
+
+diff --git a/dlls/rpcrt4/ndr_stubless.c b/dlls/rpcrt4/ndr_stubless.c
+index c9d9930..92bfd9b 100644
+--- a/dlls/rpcrt4/ndr_stubless.c
+++ b/dlls/rpcrt4/ndr_stubless.c
+@@ -1109,6 +1109,18 @@ static LONG_PTR *stub_do_args(MIDL_STUB_MESSAGE *pStubMsg,
+     unsigned int i;
+     LONG_PTR *retval_ptr = NULL;
+ 
+    if (phase == STUBLESS_FREE)
+    {
+        for (i = 0; i < number_of_params; i++)
+        {
+            unsigned char *pArg = pStubMsg->StackTop + params[i].stack_offset;
+            if (params[i].attr.MustFree)
+            {
+                call_freer(pStubMsg, pArg, &params[i]);
+            }
+        }
+    }
+
+     for (i = 0; i < number_of_params; i++)
+     {
+         unsigned char *pArg = pStubMsg->StackTop + params[i].stack_offset;
+@@ -1126,11 +1138,7 @@ static LONG_PTR *stub_do_args(MIDL_STUB_MESSAGE *pStubMsg,
+                 call_marshaller(pStubMsg, pArg, &params[i]);
+             break;
+         case STUBLESS_FREE:
+-            if (params[i].attr.MustFree)
+-            {
+-                call_freer(pStubMsg, pArg, &params[i]);
+-            }
+-            else if (params[i].attr.ServerAllocSize)
+            if (params[i].attr.ServerAllocSize)
+             {
+                 HeapFree(GetProcessHeap(), 0, *(void **)pArg);
+             }
+-- 
+2.4.0
+
--- a/patches/rpcrt4-Use_After_Free/definition
+++ b/patches/rpcrt4-Use_After_Free/definition
@@ -0,0 +1 @@
+Fixes: [36743] Free RPC parameters allocated by application before anything else
				`@@ -0,0 +1 @@`
				`Fixes: [36743] Free RPC parameters allocated by application before anything else`