From 2413df39ed5c17f9f4e8440c4dc35e132f98481f Mon Sep 17 00:00:00 2001
From: Sebastian Lackner <sebastian@fds-team.de>
Date: Fri, 22 Jan 2016 05:58:29 +0100
Subject: [PATCH] Added patch to fix invalid memory access in SysFreeString on
 64-bit when warn+heap is enabled.

---
 ...aring-of-heap-buffer-when-warn-heap-.patch | 25 +++++++++++++++++++
 patches/patchinstall.sh                       | 16 ++++++++++++
 2 files changed, 41 insertions(+)
 create mode 100644 patches/oleaut32-Fix_Invalid_Memory_Access/0001-oleaut32-Fix-clearing-of-heap-buffer-when-warn-heap-.patch

diff --git a/patches/oleaut32-Fix_Invalid_Memory_Access/0001-oleaut32-Fix-clearing-of-heap-buffer-when-warn-heap-.patch b/patches/oleaut32-Fix_Invalid_Memory_Access/0001-oleaut32-Fix-clearing-of-heap-buffer-when-warn-heap-.patch
new file mode 100644
index 00000000..67202e8b
--- /dev/null
+++ b/patches/oleaut32-Fix_Invalid_Memory_Access/0001-oleaut32-Fix-clearing-of-heap-buffer-when-warn-heap-.patch
@@ -0,0 +1,25 @@
+From bf71baa88e4ae83a5a441ea47136246e698ff55c Mon Sep 17 00:00:00 2001
+From: Sebastian Lackner <sebastian@fds-team.de>
+Date: Fri, 22 Jan 2016 05:52:32 +0100
+Subject: oleaut32: Fix clearing of heap buffer when warn+heap is used.
+
+---
+ dlls/oleaut32/oleaut.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/dlls/oleaut32/oleaut.c b/dlls/oleaut32/oleaut.c
+index 00e6daf..93c5fd3 100644
+--- a/dlls/oleaut32/oleaut.c
++++ b/dlls/oleaut32/oleaut.c
+@@ -309,7 +309,7 @@ void WINAPI SysFreeString(BSTR str)
+             cache_entry->cnt++;
+ 
+             if(WARN_ON(heap)) {
+-                unsigned n = bstr_alloc_size(bstr->size) / sizeof(DWORD) - 1;
++                unsigned n = (alloc_size-FIELD_OFFSET(bstr_t, u.ptr))/sizeof(DWORD);
+                 for(i=0; i<n; i++)
+                     bstr->u.dwptr[i] = ARENA_FREE_FILLER;
+             }
+-- 
+2.6.4
+
diff --git a/patches/patchinstall.sh b/patches/patchinstall.sh
index a96e70e9..71645005 100755
--- a/patches/patchinstall.sh
+++ b/patches/patchinstall.sh
@@ -238,6 +238,7 @@ patch_enable_all ()
 	enable_nvcuvid_CUDA_Video_Support="$1"
 	enable_nvencodeapi_Video_Encoder="$1"
 	enable_ole32_CoGetApartmentType="$1"
+	enable_oleaut32_Fix_Invalid_Memory_Access="$1"
 	enable_oleaut32_TKIND_COCLASS="$1"
 	enable_oleaut32_x86_64_Marshaller="$1"
 	enable_openal32_EFX_Extension="$1"
@@ -852,6 +853,9 @@ patch_enable ()
 		ole32-CoGetApartmentType)
 			enable_ole32_CoGetApartmentType="$2"
 			;;
+		oleaut32-Fix_Invalid_Memory_Access)
+			enable_oleaut32_Fix_Invalid_Memory_Access="$2"
+			;;
 		oleaut32-TKIND_COCLASS)
 			enable_oleaut32_TKIND_COCLASS="$2"
 			;;
@@ -5129,6 +5133,18 @@ if test "$enable_nvencodeapi_Video_Encoder" -eq 1; then
 	) >> "$patchlist"
 fi
 
+# Patchset oleaut32-Fix_Invalid_Memory_Access
+# |
+# | Modified files:
+# |   *	dlls/oleaut32/oleaut.c
+# |
+if test "$enable_oleaut32_Fix_Invalid_Memory_Access" -eq 1; then
+	patch_apply oleaut32-Fix_Invalid_Memory_Access/0001-oleaut32-Fix-clearing-of-heap-buffer-when-warn-heap-.patch
+	(
+		echo '+    { "Sebastian Lackner", "oleaut32: Fix clearing of heap buffer when warn+heap is used.", 1 },';
+	) >> "$patchlist"
+fi
+
 # Patchset oleaut32-TKIND_COCLASS
 # |
 # | This patchset fixes the following Wine bugs: