Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

2912 lines
78 KiB

  1. /*+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  2. Copyright (c) 1993-2000 Microsoft Corporation
  3. Module Name :
  4. memsize.c
  5. Abstract :
  6. This file contains the routines called by MIDL 2.0 stubs and the
  7. intepreter for computing the memory size needed to hold a parameter being
  8. unmarshalled.
  9. Author :
  10. David Kays dkays November 1993.
  11. Revision History :
  12. Note:
  13. Simple types are not checked for buffer over-run since we are
  14. only reading from the buffer and not writing from it. So if
  15. a buffer overun actually occures, no real damage is done.
  16. ---------------------------------------------------------------------*/
  17. #include "ndrp.h"
  18. #include "interp2.h"
  19. #include "attack.h"
  20. #include "pointerq.h"
  21. unsigned long
  22. NdrUDTSimpleTypeMemsize(
  23. PMIDL_STUB_MESSAGE pStubMsg,
  24. PFORMAT_STRING pFormat );
  25. extern const
  26. PMEM_SIZE_ROUTINE MemSizeRoutinesTable[] =
  27. {
  28. // dummies for 64b C compiler workaround
  29. //
  30. NdrUDTSimpleTypeMemsize,
  31. NdrUDTSimpleTypeMemsize,
  32. NdrUDTSimpleTypeMemsize,
  33. NdrUDTSimpleTypeMemsize,
  34. NdrUDTSimpleTypeMemsize,
  35. NdrUDTSimpleTypeMemsize,
  36. NdrUDTSimpleTypeMemsize,
  37. NdrUDTSimpleTypeMemsize, // FC_ZERO - FC_USHORT
  38. NdrUDTSimpleTypeMemsize,
  39. NdrUDTSimpleTypeMemsize,
  40. NdrUDTSimpleTypeMemsize,
  41. NdrUDTSimpleTypeMemsize,
  42. NdrUDTSimpleTypeMemsize,
  43. NdrUDTSimpleTypeMemsize,
  44. NdrUDTSimpleTypeMemsize,
  45. NdrUDTSimpleTypeMemsize, // FC_LONG - FC_IGNORE
  46. NdrUDTSimpleTypeMemsize, // FC_ERROR_STATUS_T
  47. NdrPointerMemorySize,
  48. NdrPointerMemorySize,
  49. NdrPointerMemorySize,
  50. NdrPointerMemorySize,
  51. NdrSimpleStructMemorySize,
  52. NdrSimpleStructMemorySize,
  53. NdrConformantStructMemorySize,
  54. NdrConformantStructMemorySize,
  55. NdrConformantVaryingStructMemorySize,
  56. NdrComplexStructMemorySize,
  57. NdrConformantArrayMemorySize,
  58. NdrConformantVaryingArrayMemorySize,
  59. NdrFixedArrayMemorySize,
  60. NdrFixedArrayMemorySize,
  61. NdrVaryingArrayMemorySize,
  62. NdrVaryingArrayMemorySize,
  63. NdrComplexArrayMemorySize,
  64. NdrConformantStringMemorySize,
  65. NdrConformantStringMemorySize,
  66. NdrConformantStringMemorySize,
  67. NdrConformantStringMemorySize,
  68. NdrNonConformantStringMemorySize,
  69. NdrNonConformantStringMemorySize,
  70. NdrNonConformantStringMemorySize,
  71. NdrNonConformantStringMemorySize,
  72. NdrEncapsulatedUnionMemorySize,
  73. NdrNonEncapsulatedUnionMemorySize,
  74. 0, // byte count
  75. NdrXmitOrRepAsMemorySize, // transmit as
  76. NdrXmitOrRepAsMemorySize, // represent as
  77. NdrPointerMemorySize,
  78. 0,
  79. // New Post NT 3.5 token serviced from here on.
  80. 0, // NdrHardStructMemorySize,
  81. NdrXmitOrRepAsMemorySize, // transmit as ptr
  82. NdrXmitOrRepAsMemorySize, // represent as ptr
  83. NdrUserMarshalMemorySize,
  84. 0, // FC_PIPE
  85. 0, // FC_BLK_HOLE
  86. NdrpRangeMemorySize,
  87. 0, // FC_INT3264
  88. 0, // FC_UINT3264
  89. 0, // NdrCsArrayMemorySize,
  90. 0, // NdrCsTagMemorySize
  91. };
  92. extern const
  93. PMEM_SIZE_ROUTINE * pfnMemSizeRoutines = MemSizeRoutinesTable;
  94. void
  95. NdrpInterfacePointerMemorySize (
  96. PMIDL_STUB_MESSAGE pStubMsg,
  97. PFORMAT_STRING pFormat );
  98. unsigned long
  99. NdrUDTSimpleTypeMemsize(
  100. PMIDL_STUB_MESSAGE pStubMsg,
  101. PFORMAT_STRING pFormat )
  102. {
  103. ALIGN( pStubMsg->Buffer, SIMPLE_TYPE_ALIGNMENT(*pFormat) );
  104. pStubMsg->Buffer += SIMPLE_TYPE_BUFSIZE(*pFormat);
  105. pStubMsg->MemorySize += SIMPLE_TYPE_MEMSIZE(*pFormat);
  106. return pStubMsg->MemorySize;
  107. }
  108. unsigned long RPC_ENTRY
  109. NdrpRangeMemorySize(
  110. PMIDL_STUB_MESSAGE pStubMsg,
  111. PFORMAT_STRING pFormat )
  112. /*++
  113. --*/
  114. {
  115. FORMAT_CHARACTER FcType = (FORMAT_CHARACTER)(pFormat[1] & 0x0f);
  116. ALIGN(pStubMsg->Buffer,SIMPLE_TYPE_ALIGNMENT(FcType));
  117. pStubMsg->Buffer += SIMPLE_TYPE_BUFSIZE(FcType);
  118. switch ( pFormat[2] )
  119. {
  120. case FC_ENUM16 :
  121. //
  122. // We can't use the simple type tables for enum16.
  123. //
  124. LENGTH_ALIGN( pStubMsg->MemorySize, sizeof(int) - 1 );
  125. pStubMsg->MemorySize += sizeof(int);
  126. break;
  127. default :
  128. LENGTH_ALIGN( pStubMsg->MemorySize,
  129. SIMPLE_TYPE_ALIGNMENT(FcType) );
  130. pStubMsg->MemorySize += SIMPLE_TYPE_MEMSIZE(FcType);
  131. break;
  132. }
  133. return pStubMsg->MemorySize;
  134. }
  135. unsigned long RPC_ENTRY
  136. NdrPointerMemorySize(
  137. PMIDL_STUB_MESSAGE pStubMsg,
  138. PFORMAT_STRING pFormat )
  139. /*++
  140. Routine Description :
  141. Computes the memory size required for a top level pointer to anything.
  142. Pointers embedded in structures, arrays, or unions call
  143. NdrpPointerMemorySize directly.
  144. Used for FC_RP, FC_UP, FC_FP, FC_OP.
  145. Arguments :
  146. pStubMsg - Pointer to stub message.
  147. pFormat - Pointer's format string description.
  148. Return :
  149. The computed memory size.
  150. --*/
  151. {
  152. uchar * pBufferMark;
  153. //
  154. // If this is not a ref pointer then mark where the pointer's id is in
  155. // the buffer and increment the stub message buffer pointer.
  156. //
  157. if ( *pFormat != FC_RP )
  158. {
  159. ALIGN(pStubMsg->Buffer,0x3);
  160. pBufferMark = pStubMsg->Buffer;
  161. pStubMsg->Buffer += PTR_WIRE_SIZE;
  162. }
  163. else
  164. pBufferMark = 0;
  165. // Else we can leave pBufferMark unitialized.
  166. return NdrpPointerMemorySize( pStubMsg,
  167. pBufferMark,
  168. pFormat );
  169. }
  170. __forceinline unsigned long
  171. NdrpPointerMemorySizeInternal(
  172. PMIDL_STUB_MESSAGE pStubMsg,
  173. uchar * pBufferMark,
  174. PFORMAT_STRING pFormat )
  175. /*++
  176. Routine Description :
  177. Private routine for computing the memory size required for a pointer to
  178. anything. This is the entry point for pointers embedded in structures
  179. arrays, or unions.
  180. Used for FC_RP, FC_UP, FC_FP, FC_OP.
  181. Arguments :
  182. pStubMsg - Pointer to stub message.
  183. pBufferMark - Location in the buffer where a unique or full pointer's id is.
  184. Unused for ref pointers.
  185. pFormat - Pointer's format string description.
  186. Return :
  187. The computed memory size.
  188. --*/
  189. {
  190. uchar uFlagsSave;
  191. ulong MemSize;
  192. switch ( *pFormat )
  193. {
  194. case FC_RP :
  195. break;
  196. case FC_UP :
  197. case FC_OP :
  198. if ( ! *((long *)pBufferMark) )
  199. return pStubMsg->MemorySize;
  200. break;
  201. case FC_IP:
  202. if ( IS_BROKEN_INTERFACE_POINTER(pStubMsg->uFlags) )
  203. {
  204. // In this case, the whole pointer and pointee are
  205. // where the pointee should have been.
  206. // (Treat like toplevel at this point )
  207. NdrInterfacePointerMemorySize( pStubMsg,
  208. pFormat );
  209. }
  210. else
  211. {
  212. if ( ! *((long *)pBufferMark) )
  213. return pStubMsg->MemorySize;
  214. NdrpInterfacePointerMemorySize( pStubMsg,
  215. pFormat );
  216. }
  217. return pStubMsg->MemorySize;
  218. case FC_FP :
  219. //
  220. // Check if we've already mem sized this full pointer.
  221. //
  222. if ( NdrFullPointerQueryRefId( pStubMsg->FullPtrXlatTables,
  223. *((ulong *)pBufferMark),
  224. FULL_POINTER_MEM_SIZED,
  225. 0 ) )
  226. return pStubMsg->MemorySize;
  227. break;
  228. default :
  229. NDR_ASSERT(0,"NdrpPointerMemorySize : bad format char");
  230. RpcRaiseException( RPC_S_INTERNAL_ERROR );
  231. return 0;
  232. }
  233. //
  234. // We align all memory pointers on at least a void * boundary.
  235. //
  236. LENGTH_ALIGN( pStubMsg->MemorySize, PTR_MEM_ALIGN );
  237. if ( ! SIMPLE_POINTER(pFormat[1]) )
  238. {
  239. // Pointer to complex type.
  240. if ( POINTER_DEREF(pFormat[1]) )
  241. pStubMsg->MemorySize += PTR_MEM_SIZE;
  242. pFormat += 2;
  243. pFormat += *((signed short *)pFormat);
  244. }
  245. else
  246. {
  247. switch ( pFormat[2] )
  248. {
  249. case FC_C_CSTRING :
  250. case FC_C_BSTRING :
  251. case FC_C_WSTRING :
  252. case FC_C_SSTRING :
  253. // Increment to string's description.
  254. pFormat += 2;
  255. break;
  256. default :
  257. // Simple type.
  258. ALIGN(pStubMsg->Buffer,SIMPLE_TYPE_ALIGNMENT(pFormat[2]));
  259. pStubMsg->Buffer += SIMPLE_TYPE_BUFSIZE( pFormat[2] );
  260. switch ( pFormat[2] )
  261. {
  262. case FC_ENUM16 :
  263. //
  264. // We can't use the simple type tables for enum16.
  265. //
  266. LENGTH_ALIGN( pStubMsg->MemorySize, sizeof(int) - 1 );
  267. pStubMsg->MemorySize += sizeof(int);
  268. break;
  269. default :
  270. LENGTH_ALIGN( pStubMsg->MemorySize,
  271. SIMPLE_TYPE_ALIGNMENT(pFormat[2]) );
  272. pStubMsg->MemorySize += SIMPLE_TYPE_MEMSIZE(pFormat[2]);
  273. break;
  274. }
  275. return pStubMsg->MemorySize;
  276. }
  277. }
  278. uFlagsSave = pStubMsg->uFlags;
  279. RESET_CONF_FLAGS_TO_STANDALONE(pStubMsg->uFlags);
  280. MemSize = (*pfnMemSizeRoutines[ROUTINE_INDEX(*pFormat)])
  281. ( pStubMsg,
  282. pFormat );
  283. pStubMsg->uFlags = uFlagsSave;
  284. return MemSize;
  285. }
  286. NDR_MEMSIZE_POINTER_QUEUE_ELEMENT::NDR_MEMSIZE_POINTER_QUEUE_ELEMENT(
  287. MIDL_STUB_MESSAGE *pStubMsg,
  288. uchar *pBufferMarkNew,
  289. PFORMAT_STRING pFormatNew ) :
  290. pFormat(pFormatNew),
  291. pBufferMark(pBufferMarkNew),
  292. Memory(pStubMsg->Memory),
  293. uFlags(pStubMsg->uFlags)
  294. {
  295. }
  296. void
  297. NDR_MEMSIZE_POINTER_QUEUE_ELEMENT::Dispatch(
  298. MIDL_STUB_MESSAGE *pStubMsg)
  299. {
  300. SAVE_CONTEXT<uchar*> MemorySave( pStubMsg->Memory, Memory );
  301. SAVE_CONTEXT<uchar> uFlagsSave( pStubMsg->uFlags, uFlags );
  302. NDR_ASSERT( !pStubMsg->PointerBufferMark, "PointerBufferMark is not 0!\n");
  303. NDR_ASSERT( !pStubMsg->PointerLength, "PointerLength is not 0!\n");
  304. NdrpPointerMemorySizeInternal( pStubMsg,
  305. pBufferMark,
  306. pFormat );
  307. }
  308. #if defined(DBG)
  309. void
  310. NDR_MEMSIZE_POINTER_QUEUE_ELEMENT::Print()
  311. {
  312. DbgPrint("NDR_MRSHL_POINTER_QUEUE_ELEMENT\n");
  313. DbgPrint("pNext: %p\n", pNext );
  314. DbgPrint("pFormat: %p\n", pFormat );
  315. DbgPrint("pBufferMark: %p\n", pBufferMark );
  316. DbgPrint("Memory: %p\n", Memory );
  317. DbgPrint("uFlags: %x\n", uFlags );
  318. }
  319. #endif
  320. void
  321. NdrpEnquePointerMemorySize(
  322. PMIDL_STUB_MESSAGE pStubMsg,
  323. uchar * pBufferMark,
  324. PFORMAT_STRING pFormat )
  325. {
  326. NDR32_POINTER_CONTEXT PointerContext( pStubMsg );
  327. RpcTryFinally
  328. {
  329. NDR_MEMSIZE_POINTER_QUEUE_ELEMENT*pElement =
  330. new(PointerContext.GetActiveState())
  331. NDR_MEMSIZE_POINTER_QUEUE_ELEMENT(pStubMsg,
  332. pBufferMark,
  333. pFormat );
  334. PointerContext.Enque( pElement );
  335. PointerContext.DispatchIfRequired();
  336. }
  337. RpcFinally
  338. {
  339. PointerContext.EndContext();
  340. }
  341. RpcEndFinally
  342. }
  343. unsigned long
  344. NdrpPointerMemorySize(
  345. PMIDL_STUB_MESSAGE pStubMsg,
  346. uchar * pBufferMark,
  347. PFORMAT_STRING pFormat )
  348. {
  349. if ( !NdrIsLowStack(pStubMsg) )
  350. {
  351. return
  352. NdrpPointerMemorySizeInternal( pStubMsg,
  353. pBufferMark,
  354. pFormat );
  355. }
  356. NdrpEnquePointerMemorySize(
  357. pStubMsg,
  358. pBufferMark,
  359. pFormat );
  360. return 0;
  361. }
  362. unsigned long RPC_ENTRY
  363. NdrSimpleStructMemorySize(
  364. PMIDL_STUB_MESSAGE pStubMsg,
  365. PFORMAT_STRING pFormat )
  366. /*++
  367. Routine Description :
  368. Computes the memory size required for a simple structure.
  369. Used for FC_STRUCT and FC_PSTRUCT.
  370. Arguments :
  371. pStubMsg - Pointer to stub message.
  372. pFormat - Structure's format string description.
  373. Return :
  374. The computed memory size.
  375. --*/
  376. {
  377. ulong Size;
  378. Size = *((ushort *)(pFormat + 2));
  379. ALIGN(pStubMsg->Buffer,pFormat[1]);
  380. LENGTH_ALIGN( pStubMsg->MemorySize, pFormat[1] );
  381. CHECK_EOB_WITH_WRAP_RAISE_BSD( pStubMsg->Buffer , Size );
  382. pStubMsg->Buffer += Size;
  383. pStubMsg->MemorySize += Size;
  384. if ( *pFormat == FC_PSTRUCT )
  385. {
  386. // Mark where the structure starts in the buffer.
  387. pStubMsg->BufferMark = pStubMsg->Buffer - Size;
  388. NdrpEmbeddedPointerMemorySize( pStubMsg,
  389. pFormat + 4 );
  390. }
  391. return pStubMsg->MemorySize;
  392. }
  393. unsigned long RPC_ENTRY
  394. NdrConformantStructMemorySize(
  395. PMIDL_STUB_MESSAGE pStubMsg,
  396. PFORMAT_STRING pFormat )
  397. /*++
  398. Routine Description :
  399. Computes the memory size required for a conformant structure.
  400. Used for FC_CSTRUCT and FC_CPSTRUCT.
  401. Arguments :
  402. pStubMsg - Pointer to stub message.
  403. pFormat - Pointer's format string description.
  404. Return :
  405. The computed memory size.
  406. --*/
  407. {
  408. PFORMAT_STRING pFormatArray;
  409. ulong Size;
  410. uchar Alignment = pFormat[1];
  411. // set by the outermost embedding complex struct
  412. uchar fIsEmbeddedStruct = IS_EMBED_CONF_STRUCT( pStubMsg->uFlags );
  413. Size = *((ushort *)(pFormat + 2));
  414. // Get the conformance count.
  415. if ( fIsEmbeddedStruct )
  416. {
  417. // A bogus struct would set the mark.
  418. pStubMsg->MaxCount = *((long *)pStubMsg->BufferMark);
  419. }
  420. else
  421. {
  422. // Align for the conformance count.
  423. ALIGN(pStubMsg->Buffer,0x3);
  424. pStubMsg->MaxCount = *((long *&)pStubMsg->Buffer)++;
  425. }
  426. // Increment the format string to the offset to array description.
  427. pFormat += 4;
  428. // Get the array's description.
  429. pFormatArray = pFormat + *((signed short *)pFormat);
  430. // Check bounds.
  431. CHECK_BOUND( (ulong)pStubMsg->MaxCount, pFormatArray[4] & 0x0f );
  432. // check for possible mulitplication overflow attack here.
  433. Size += MultiplyWithOverflowCheck( (ulong)pStubMsg->MaxCount, *((ushort *)(pFormatArray + 2) ) );
  434. // Increment the format string past the offset to array description.
  435. pFormat += 2;
  436. // Realign for struct
  437. ALIGN(pStubMsg->Buffer, Alignment);
  438. LENGTH_ALIGN( pStubMsg->MemorySize, Alignment );
  439. CHECK_EOB_WITH_WRAP_RAISE_IB( pStubMsg->Buffer, Size );
  440. pStubMsg->Buffer += Size;
  441. pStubMsg->MemorySize += Size;
  442. if ( *pFormat == FC_PP )
  443. {
  444. // Mark the beginning of the struct in the buffer.
  445. pStubMsg->BufferMark = pStubMsg->Buffer - Size;
  446. NdrpEmbeddedPointerMemorySize( pStubMsg,
  447. pFormat );
  448. }
  449. if ( fIsEmbeddedStruct )
  450. SET_CONF_ARRAY_DONE( pStubMsg->uFlags );
  451. return pStubMsg->MemorySize;
  452. }
  453. unsigned long RPC_ENTRY
  454. NdrConformantVaryingStructMemorySize(
  455. PMIDL_STUB_MESSAGE pStubMsg,
  456. PFORMAT_STRING pFormat )
  457. /*++
  458. Routine Description :
  459. Computes the memory size required for a conformant varying structure.
  460. Used for FC_CVSTRUCT.
  461. Arguments :
  462. pStubMsg - Pointer to stub message.
  463. pFormat - Pointer's format string description.
  464. Return :
  465. The computed memory size.
  466. --*/
  467. {
  468. PFORMAT_STRING pFormatArray;
  469. uchar * pBufferMark;
  470. ulong Size;
  471. // set by the outermost embedding complex struct
  472. uchar fIsEmbeddedStruct = IS_EMBED_CONF_STRUCT( pStubMsg->uFlags );
  473. Size = *((ushort *)(pFormat + 2));
  474. // Get the conformance count.
  475. if ( fIsEmbeddedStruct )
  476. {
  477. pStubMsg->MaxCount = *((long *&)pStubMsg->BufferMark);
  478. }
  479. else
  480. {
  481. ALIGN(pStubMsg->Buffer,0x3);
  482. pStubMsg->MaxCount = *((long *&)pStubMsg->Buffer)++;
  483. }
  484. ALIGN(pStubMsg->Buffer,pFormat[1]);
  485. LENGTH_ALIGN( pStubMsg->MemorySize, pFormat[1] );
  486. // Remember the start of the struct in the buffer.
  487. pBufferMark = pStubMsg->Buffer;
  488. CHECK_EOB_WITH_WRAP_RAISE_BSD( pStubMsg->Buffer , Size );
  489. pStubMsg->Buffer += Size;
  490. pStubMsg->MemorySize += Size;
  491. pFormat += 4;
  492. // Get array's format string description.
  493. pFormatArray = pFormat + *((signed short *)pFormat);
  494. // We always marshal the array, the outer struct will watch for the done flag.
  495. if ( *pFormatArray == FC_CVARRAY )
  496. {
  497. NdrpConformantVaryingArrayMemorySize( pStubMsg,
  498. pFormatArray );
  499. }
  500. else
  501. {
  502. NdrpConformantStringMemorySize( pStubMsg,
  503. pFormatArray );
  504. }
  505. pFormat += 2;
  506. if ( *pFormat == FC_PP )
  507. {
  508. // Mark the start of the structure in the buffer.
  509. pStubMsg->Buffer = pBufferMark;
  510. pStubMsg->MaxCount = pStubMsg->ActualCount;
  511. NdrpEmbeddedPointerMemorySize( pStubMsg,
  512. pFormat );
  513. }
  514. if ( fIsEmbeddedStruct )
  515. SET_CONF_ARRAY_DONE( pStubMsg->uFlags );
  516. return pStubMsg->MemorySize;
  517. }
  518. #if 0
  519. unsigned long RPC_ENTRY
  520. NdrHardStructMemorySize(
  521. PMIDL_STUB_MESSAGE pStubMsg,
  522. PFORMAT_STRING pFormat )
  523. /*++
  524. Routine Description :
  525. Computes the memory size required for a hard structure.
  526. Used for FC_HARD_STRUCT.
  527. Arguments :
  528. pStubMsg - Pointer to stub message.
  529. pFormat - Pointer's format string description.
  530. Return :
  531. The computed memory size.
  532. --*/
  533. {
  534. ushort CopySize;
  535. LENGTH_ALIGN(pStubMsg->MemorySize,pFormat[1]);
  536. pStubMsg->MemorySize += *((ushort *)&pFormat[2]);
  537. ALIGN(pStubMsg->Buffer,pFormat[1]);
  538. CopySize = *((ushort *)&pFormat[10]);
  539. CHECK_EOB_RAISE_BSD( pStubMsg->Buffer + CopySize );
  540. pStubMsg->Buffer += CopySize;
  541. if ( *((short *)&pFormat[14]) )
  542. {
  543. pFormat += 14;
  544. pFormat += *((short *)pFormat);
  545. (*pfnMemSizeRoutines[ROUTINE_INDEX(*pFormat)])( pStubMsg,
  546. pFormat );
  547. }
  548. return pStubMsg->MemorySize;
  549. }
  550. #endif // 0
  551. unsigned long RPC_ENTRY
  552. NdrComplexStructMemorySize(
  553. PMIDL_STUB_MESSAGE pStubMsg,
  554. PFORMAT_STRING pFormat )
  555. /*++
  556. Routine Description :
  557. Computes the memory size required for a complex structure.
  558. Used for FC_BOGUS_STRUCT.
  559. Arguments :
  560. pStubMsg - Pointer to stub message.
  561. pFormat - Pointer's format string description.
  562. Return :
  563. The computed memory size.
  564. Notes:
  565. This routine can calculate the memory size with or without pointees.
  566. When calculating size with pointees at the top level, the routine calls
  567. itself recursively to find out where pointees would be and then remember
  568. the context using pStubMsg->MemorySize and pStubMsg->PointerBufferMark.
  569. --*/
  570. {
  571. uchar * pBufferMark;
  572. PFORMAT_STRING pFormatPointers;
  573. PFORMAT_STRING pFormatArray;
  574. PFORMAT_STRING pFormatComplex;
  575. long Alignment;
  576. BOOL fSetPointerBufferMark;
  577. uchar fIsEmbeddedStruct = IS_EMBED_CONF_STRUCT( pStubMsg->uFlags );
  578. BOOL fEmbedConfStructContext;
  579. //
  580. // This is fun. If we're not ignoring embedded pointers and this structure
  581. // is not embedded inside of another struct or array then we make a
  582. // recursive call to get a pointer to where the flat part of the structure
  583. // ends in the buffer. Then we can properly get to any embedded pointer's
  584. // pointees.
  585. //
  586. if ( fSetPointerBufferMark =
  587. (! pStubMsg->IgnoreEmbeddedPointers && ! pStubMsg->PointerBufferMark) )
  588. {
  589. pStubMsg->IgnoreEmbeddedPointers = TRUE;
  590. // This gets clobbered.
  591. uchar * BufferSave = pStubMsg->Buffer;
  592. ulong MemorySizeSave = pStubMsg->MemorySize;
  593. //
  594. // Get a buffer pointer to where the struct's pointees are.
  595. //
  596. (void) NdrComplexStructMemorySize( pStubMsg,
  597. pFormat );
  598. // Mark where the pointees begin.
  599. pStubMsg->PointerBufferMark = pStubMsg->Buffer;
  600. pStubMsg->PointerLength = pStubMsg->MemorySize;
  601. pStubMsg->IgnoreEmbeddedPointers = FALSE;
  602. pStubMsg->MemorySize = MemorySizeSave;
  603. pStubMsg->Buffer = BufferSave;
  604. }
  605. Alignment = pFormat[1];
  606. pFormat += 4;
  607. fEmbedConfStructContext = fIsEmbeddedStruct;
  608. // Get conformant array description.
  609. if ( *((ushort *)pFormat) )
  610. {
  611. ulong ConformanceSize;
  612. pFormatArray = pFormat + *((signed short *)pFormat);
  613. if ( FixWireRepForDComVerGTE54( pStubMsg ) )
  614. fEmbedConfStructContext = TRUE;
  615. if ( !fIsEmbeddedStruct )
  616. {
  617. ALIGN(pStubMsg->Buffer,3);
  618. // conformance count marker
  619. pStubMsg->BufferMark = pStubMsg->Buffer;
  620. // Handle multidimensional arrays.
  621. ConformanceSize = NdrpArrayDimensions( pStubMsg, pFormatArray, FALSE ) * 4;
  622. CHECK_EOB_WITH_WRAP_RAISE_BSD( pStubMsg->Buffer , ConformanceSize );
  623. pStubMsg->Buffer += ConformanceSize;
  624. }
  625. }
  626. else
  627. {
  628. pFormatArray = 0;
  629. }
  630. // BufferMark may be set by an outer bogus struct.
  631. pBufferMark = pStubMsg->BufferMark;
  632. RESET_EMBED_CONF_STRUCT( pStubMsg->uFlags );
  633. pFormat += 2;
  634. // Get pointer layout description.
  635. if ( *((ushort *)pFormat) )
  636. pFormatPointers = pFormat + *((ushort *)pFormat);
  637. else
  638. pFormatPointers = 0;
  639. pFormat += 2;
  640. ALIGN(pStubMsg->Buffer,Alignment);
  641. //
  642. // Size the structure member by member.
  643. //
  644. for ( ; ; pFormat++ )
  645. {
  646. switch ( *pFormat )
  647. {
  648. //
  649. // Simple types.
  650. //
  651. case FC_CHAR :
  652. case FC_BYTE :
  653. case FC_SMALL :
  654. case FC_WCHAR :
  655. case FC_SHORT :
  656. case FC_LONG :
  657. #if defined(__RPC_WIN64__)
  658. case FC_INT3264 :
  659. case FC_UINT3264 :
  660. #endif
  661. case FC_FLOAT :
  662. case FC_HYPER :
  663. case FC_DOUBLE :
  664. case FC_ENUM16 :
  665. case FC_ENUM32 :
  666. case FC_IGNORE :
  667. ALIGN(pStubMsg->Buffer,SIMPLE_TYPE_ALIGNMENT(*pFormat));
  668. pStubMsg->Buffer += SIMPLE_TYPE_BUFSIZE( *pFormat );
  669. pStubMsg->MemorySize += SIMPLE_TYPE_MEMSIZE(*pFormat);
  670. break;
  671. case FC_POINTER :
  672. {
  673. ALIGN(pStubMsg->Buffer,0x3);
  674. uchar *pPointerId = pStubMsg->Buffer;
  675. pStubMsg->Buffer += PTR_WIRE_SIZE;
  676. if ( ! pStubMsg->IgnoreEmbeddedPointers )
  677. {
  678. POINTER_MEMSIZE_SWAP_CONTEXT SwapContext( pStubMsg );
  679. NdrpPointerMemorySize( pStubMsg,
  680. pPointerId,
  681. pFormatPointers );
  682. }
  683. //
  684. // We actually do a post alignment of the memory size.
  685. // Do this to prevent some under-allocations when pointers
  686. // to strings, or char or short are involved.
  687. //
  688. LENGTH_ALIGN( pStubMsg->MemorySize, PTR_MEM_ALIGN );
  689. pStubMsg->MemorySize += PTR_MEM_SIZE;
  690. pFormatPointers += 4;
  691. }
  692. break;
  693. //
  694. // Embedded complex types.
  695. //
  696. case FC_EMBEDDED_COMPLEX :
  697. // Add padding.
  698. pStubMsg->MemorySize += pFormat[1];
  699. pFormat += 2;
  700. // Get the type's description.
  701. pFormatComplex = pFormat + *((signed short UNALIGNED *)pFormat);
  702. if ( FC_IP == *pFormatComplex )
  703. {
  704. ALIGN(pStubMsg->Buffer,0x3);
  705. uchar *pPointerId = pStubMsg->Buffer;
  706. pStubMsg->Buffer += PTR_WIRE_SIZE;
  707. if ( ! pStubMsg->IgnoreEmbeddedPointers )
  708. {
  709. POINTER_MEMSIZE_SWAP_CONTEXT SwapContext( pStubMsg );
  710. NdrpPointerMemorySize( pStubMsg,
  711. pPointerId,
  712. pFormatComplex );
  713. }
  714. pStubMsg->MemorySize += PTR_MEM_SIZE;
  715. pFormat++;
  716. break;
  717. }
  718. // Needed for embedded conf structs
  719. //
  720. pStubMsg->BufferMark = pBufferMark;
  721. if ( fEmbedConfStructContext )
  722. SET_EMBED_CONF_STRUCT( pStubMsg->uFlags );
  723. (void) (*pfnMemSizeRoutines[ROUTINE_INDEX(*pFormatComplex)])
  724. ( pStubMsg,
  725. pFormatComplex );
  726. RESET_EMBED_CONF_STRUCT( pStubMsg->uFlags );
  727. //
  728. // Increment the main format string one byte. The loop
  729. // will increment it one more byte past the offset field.
  730. //
  731. pFormat++;
  732. break;
  733. case FC_ALIGNM2 :
  734. LENGTH_ALIGN( pStubMsg->MemorySize, 0x1 );
  735. break;
  736. case FC_ALIGNM4 :
  737. LENGTH_ALIGN( pStubMsg->MemorySize, 0x3 );
  738. break;
  739. case FC_ALIGNM8 :
  740. LENGTH_ALIGN( pStubMsg->MemorySize, 0x7 );
  741. break;
  742. case FC_STRUCTPAD1 :
  743. case FC_STRUCTPAD2 :
  744. case FC_STRUCTPAD3 :
  745. case FC_STRUCTPAD4 :
  746. case FC_STRUCTPAD5 :
  747. case FC_STRUCTPAD6 :
  748. case FC_STRUCTPAD7 :
  749. pStubMsg->MemorySize += (*pFormat - FC_STRUCTPAD1) + 1;
  750. break;
  751. case FC_STRUCTPADN :
  752. // FC_STRUCTPADN 0 <unsigned short>
  753. pStubMsg->MemorySize += *(((unsigned short *)pFormat) + 1);
  754. pFormat += 3;
  755. break;
  756. case FC_PAD :
  757. break;
  758. //
  759. // Done with layout.
  760. //
  761. case FC_END :
  762. goto ComplexMemorySizeEnd;
  763. default :
  764. NDR_ASSERT(0,"NdrComplexStructMemorySize : bad format char");
  765. RpcRaiseException( RPC_S_INTERNAL_ERROR );
  766. return 0;
  767. }
  768. }
  769. ComplexMemorySizeEnd :
  770. if ( pFormatArray && !fIsEmbeddedStruct &&
  771. ! IS_CONF_ARRAY_DONE( pStubMsg->uFlags ) )
  772. {
  773. PPRIVATE_MEM_SIZE_ROUTINE pfnMemSize;
  774. switch ( *pFormatArray )
  775. {
  776. case FC_CARRAY :
  777. pfnMemSize = NdrpConformantArrayMemorySize;
  778. break;
  779. case FC_CVARRAY :
  780. pfnMemSize = NdrpConformantVaryingArrayMemorySize;
  781. break;
  782. case FC_BOGUS_ARRAY :
  783. pfnMemSize = NdrpComplexArrayMemorySize;
  784. break;
  785. // case FC_C_CSTRING :
  786. // case FC_C_BSTRING :
  787. // case FC_C_WSTRING :
  788. // case FC_C_SSTRING :
  789. default :
  790. pfnMemSize = NdrpConformantStringMemorySize;
  791. break;
  792. }
  793. // Set the max count for non-complex conformant arrays.
  794. pStubMsg->MaxCount = *((ulong *)pBufferMark);
  795. // Mark where conformance count(s) are.
  796. pStubMsg->BufferMark = pBufferMark;
  797. (void) (*pfnMemSize)( pStubMsg,
  798. pFormatArray );
  799. }
  800. if ( fSetPointerBufferMark )
  801. {
  802. pStubMsg->Buffer = pStubMsg->PointerBufferMark;
  803. pStubMsg->MemorySize = pStubMsg->PointerLength;
  804. pStubMsg->PointerBufferMark = 0;
  805. pStubMsg->PointerLength = 0;
  806. }
  807. if ( fIsEmbeddedStruct )
  808. SET_EMBED_CONF_STRUCT( pStubMsg->uFlags );
  809. else
  810. RESET_CONF_ARRAY_DONE( pStubMsg->uFlags );
  811. return pStubMsg->MemorySize;
  812. }
  813. unsigned long RPC_ENTRY
  814. NdrFixedArrayMemorySize(
  815. PMIDL_STUB_MESSAGE pStubMsg,
  816. PFORMAT_STRING pFormat )
  817. /*++
  818. Routine Description :
  819. Computes the memory size of a fixed array of any number of dimensions.
  820. Used for FC_SMFARRAY and FC_LGFARRAY.
  821. Arguments :
  822. pStubMsg - Pointer to stub message.
  823. pFormat - Pointer's format string description.
  824. Return :
  825. The computed memory size.
  826. --*/
  827. {
  828. ulong Size;
  829. ALIGN(pStubMsg->Buffer,pFormat[1]);
  830. LENGTH_ALIGN( pStubMsg->MemorySize, pFormat[1] );
  831. if ( *pFormat == FC_SMFARRAY )
  832. {
  833. pFormat += 2;
  834. Size = *((ushort *&)pFormat)++;
  835. }
  836. else
  837. {
  838. pFormat += 2;
  839. Size = *((ulong UNALIGNED *&)pFormat)++;
  840. }
  841. CHECK_EOB_WITH_WRAP_RAISE_BSD( pStubMsg->Buffer , Size );
  842. pStubMsg->Buffer += Size;
  843. pStubMsg->MemorySize += Size;
  844. if ( *pFormat == FC_PP )
  845. {
  846. // Mark the location in the buffer where the array starts.
  847. pStubMsg->BufferMark = pStubMsg->Buffer - Size;
  848. NdrpEmbeddedPointerMemorySize( pStubMsg,
  849. pFormat );
  850. }
  851. return pStubMsg->MemorySize;
  852. }
  853. unsigned long RPC_ENTRY
  854. NdrConformantArrayMemorySize(
  855. PMIDL_STUB_MESSAGE pStubMsg,
  856. PFORMAT_STRING pFormat )
  857. /*++
  858. Routine Description :
  859. Computes the memory size of a top level one dimensional conformant array.
  860. Used for FC_CARRAY.
  861. Arguments :
  862. pStubMsg - Pointer to stub message.
  863. pFormat - Pointer's format string description.
  864. Return :
  865. The computed memory size.
  866. --*/
  867. {
  868. //
  869. // Get the conformance count.
  870. //
  871. ALIGN(pStubMsg->Buffer,0x3);
  872. pStubMsg->MaxCount = *((long *&)pStubMsg->Buffer)++;
  873. return NdrpConformantArrayMemorySize( pStubMsg,
  874. pFormat );
  875. }
  876. unsigned long
  877. NdrpConformantArrayMemorySize(
  878. PMIDL_STUB_MESSAGE pStubMsg,
  879. PFORMAT_STRING pFormat )
  880. /*++
  881. Routine Description :
  882. Private routine for computing the memory size of a one dimensional
  883. conformant array. This is the entry point for an embedded conformant
  884. array.
  885. Used for FC_CARRAY.
  886. Arguments :
  887. pStubMsg - Pointer to stub message.
  888. pFormat - Pointer's format string description.
  889. Return :
  890. The computed memory size.
  891. --*/
  892. {
  893. ulong Size;
  894. if ( ! pStubMsg->MaxCount )
  895. return pStubMsg->MemorySize;
  896. // Check bounds.
  897. CHECK_BOUND( (ulong)pStubMsg->MaxCount, pFormat[4] & 0x0f );
  898. ALIGN(pStubMsg->Buffer, pFormat[1]);
  899. LENGTH_ALIGN( pStubMsg->MemorySize, pFormat[1] );
  900. // Increment to element size.
  901. pFormat += 2;
  902. // Compute array size.
  903. // check for possible mulitplication overflow attack here.
  904. Size = MultiplyWithOverflowCheck( (ulong)pStubMsg->MaxCount, *((ushort *)pFormat) );
  905. pFormat += 6;
  906. CORRELATION_DESC_INCREMENT( pFormat );
  907. CHECK_EOB_WITH_WRAP_RAISE_IB( pStubMsg->Buffer, Size );
  908. pStubMsg->Buffer += Size;
  909. pStubMsg->MemorySize += Size;
  910. if ( *pFormat == FC_PP )
  911. {
  912. // Mark the location in the buffer where the array starts.
  913. pStubMsg->BufferMark = pStubMsg->Buffer - Size;
  914. NdrpEmbeddedPointerMemorySize( pStubMsg,
  915. pFormat );
  916. }
  917. return pStubMsg->MemorySize;
  918. }
  919. unsigned long RPC_ENTRY
  920. NdrConformantVaryingArrayMemorySize(
  921. PMIDL_STUB_MESSAGE pStubMsg,
  922. PFORMAT_STRING pFormat )
  923. /*++
  924. Routine Description :
  925. Computes the memory size of a one dimensional top level conformant
  926. varying array.
  927. Used for FC_CVARRAY.
  928. Arguments :
  929. pStubMsg - Pointer to stub message.
  930. pFormat - Pointer's format string description.
  931. Return :
  932. The computed memory size.
  933. --*/
  934. {
  935. //
  936. // Get the conformance count.
  937. //
  938. ALIGN(pStubMsg->Buffer,0x3);
  939. pStubMsg->MaxCount = *((long *&)pStubMsg->Buffer)++;
  940. return NdrpConformantVaryingArrayMemorySize( pStubMsg,
  941. pFormat );
  942. }
  943. unsigned long
  944. NdrpConformantVaryingArrayMemorySize(
  945. PMIDL_STUB_MESSAGE pStubMsg,
  946. PFORMAT_STRING pFormat )
  947. /*++
  948. Routine Description :
  949. Private routine for computing the memory size of a one dimensional
  950. conformant varying array. This is the entry point for memory sizing an
  951. embedded conformant varying array.
  952. Used for FC_CVARRAY.
  953. Arguments :
  954. pStubMsg - Pointer to stub message.
  955. pFormat - Pointer's format string description.
  956. Return :
  957. The computed memory size.
  958. --*/
  959. {
  960. ulong BufferSize;
  961. PFORMAT_STRING pFormatVar;
  962. //
  963. // Get the offset and actual count in case needed for pointer sizing.
  964. //
  965. ALIGN(pStubMsg->Buffer,0x3);
  966. pStubMsg->Offset = *((long *&)pStubMsg->Buffer)++;
  967. pStubMsg->ActualCount = *((long *&)pStubMsg->Buffer)++;
  968. // Check bounds.
  969. CHECK_BOUND( (ulong)pStubMsg->MaxCount, pFormat[4] & 0x0f );
  970. pFormatVar = pFormat + 8;
  971. CORRELATION_DESC_INCREMENT( pFormatVar );
  972. CHECK_BOUND( pStubMsg->ActualCount, *pFormatVar & 0x0f );
  973. if ( (pStubMsg->MaxCount < (pStubMsg->Offset + pStubMsg->ActualCount)) )
  974. RpcRaiseException( RPC_X_INVALID_BOUND );
  975. //
  976. // Do the memory size increment now in case the actual count is 0.
  977. //
  978. LENGTH_ALIGN( pStubMsg->MemorySize, pFormat[1] );
  979. // check for possible mulitplication overflow attack here.
  980. pStubMsg->MemorySize += MultiplyWithOverflowCheck( (ulong)pStubMsg->MaxCount, *((ushort *)(pFormat + 2)) );
  981. if ( ! pStubMsg->ActualCount )
  982. return pStubMsg->MemorySize;
  983. ALIGN(pStubMsg->Buffer, pFormat[1]);
  984. // Increment to element size.
  985. pFormat += 2;
  986. BufferSize = pStubMsg->ActualCount * *((ushort *)pFormat);
  987. CHECK_EOB_WITH_WRAP_RAISE_IB( pStubMsg->Buffer, BufferSize );
  988. pStubMsg->Buffer += BufferSize;
  989. pFormat += 10;
  990. CORRELATION_DESC_INCREMENT( pFormat );
  991. CORRELATION_DESC_INCREMENT( pFormat );
  992. if ( *pFormat == FC_PP )
  993. {
  994. // Mark the location in the buffer where the array starts.
  995. pStubMsg->BufferMark = pStubMsg->Buffer - BufferSize;
  996. pStubMsg->MaxCount = pStubMsg->ActualCount;
  997. NdrpEmbeddedPointerMemorySize( pStubMsg,
  998. pFormat );
  999. }
  1000. return pStubMsg->MemorySize;
  1001. }
  1002. unsigned long RPC_ENTRY
  1003. NdrVaryingArrayMemorySize(
  1004. PMIDL_STUB_MESSAGE pStubMsg,
  1005. PFORMAT_STRING pFormat )
  1006. /*++
  1007. Routine Description :
  1008. Computes the memory size of a top level or embedded varying array.
  1009. Used for FC_SMVARRAY and FC_LGVARRAY.
  1010. Arguments :
  1011. pStubMsg - Pointer to stub message.
  1012. pFormat - Pointer's format string description.
  1013. Return :
  1014. The computed memory size.
  1015. --*/
  1016. {
  1017. ulong MemorySize;
  1018. ulong BufferSize;
  1019. uchar Alignment;
  1020. long Elements;
  1021. //
  1022. // Get the offset and actual count.
  1023. //
  1024. ALIGN(pStubMsg->Buffer,0x3);
  1025. pStubMsg->Offset = *((long *&)pStubMsg->Buffer)++;
  1026. pStubMsg->ActualCount = *((long *&)pStubMsg->Buffer)++;
  1027. // Check bounds using the old part of correlation descr.
  1028. CHECK_BOUND( pStubMsg->ActualCount,
  1029. pFormat[(*pFormat == FC_SMVARRAY) ? 8 : 12] & 0x0f );
  1030. Elements =
  1031. (*pFormat == FC_SMVARRAY) ?
  1032. *((ushort *)(pFormat + 4)) : *((ulong UNALIGNED *)(pFormat + 6));
  1033. if ( (((long)pStubMsg->Offset) < 0) ||
  1034. (Elements < (long)(pStubMsg->ActualCount + pStubMsg->Offset)) )
  1035. RpcRaiseException( RPC_X_INVALID_BOUND );
  1036. Alignment = pFormat[1];
  1037. if ( *pFormat == FC_SMVARRAY )
  1038. {
  1039. pFormat += 2;
  1040. MemorySize = (ulong) *((ushort *)pFormat);
  1041. pFormat += 4;
  1042. }
  1043. else
  1044. {
  1045. pFormat += 2;
  1046. MemorySize = *((ulong UNALIGNED *)pFormat);
  1047. pFormat += 8;
  1048. }
  1049. //
  1050. // Do the memory size increment now in case the actual count is 0 and
  1051. // we have return.
  1052. //
  1053. LENGTH_ALIGN( pStubMsg->MemorySize, Alignment );
  1054. pStubMsg->MemorySize += MemorySize;
  1055. if ( ! pStubMsg->ActualCount )
  1056. return pStubMsg->MemorySize;
  1057. ALIGN(pStubMsg->Buffer, Alignment);
  1058. // check for possible mulitplication overflow attack here.
  1059. BufferSize = MultiplyWithOverflowCheck( pStubMsg->ActualCount , *((ushort *)pFormat) );
  1060. CHECK_EOB_WITH_WRAP_RAISE_IB( pStubMsg->Buffer, BufferSize );
  1061. pStubMsg->Buffer += BufferSize;
  1062. pFormat += 6;
  1063. CORRELATION_DESC_INCREMENT( pFormat );
  1064. if ( *pFormat == FC_PP )
  1065. {
  1066. // Mark the start of the array in the buffer.
  1067. pStubMsg->BufferMark = pStubMsg->Buffer - BufferSize;
  1068. pStubMsg->MaxCount = pStubMsg->ActualCount;
  1069. NdrpEmbeddedPointerMemorySize( pStubMsg,
  1070. pFormat );
  1071. }
  1072. return pStubMsg->MemorySize;
  1073. }
  1074. unsigned long RPC_ENTRY
  1075. NdrComplexArrayMemorySize(
  1076. PMIDL_STUB_MESSAGE pStubMsg,
  1077. PFORMAT_STRING pFormat )
  1078. /*++
  1079. Routine Description :
  1080. Computes the memory size of a top level complex array.
  1081. Used for FC_BOGUS_STRUCT.
  1082. Arguments :
  1083. pStubMsg - Pointer to stub message.
  1084. pFormat - Pointer's format string description.
  1085. Return :
  1086. The computed memory size.
  1087. --*/
  1088. {
  1089. BOOL fSetPointerBufferMark;
  1090. PFORMAT_STRING pFormatPP;
  1091. //
  1092. // We set this if we're doing a real 'all nodes' sizing, this array
  1093. // is not embedded in another structure or array, and this is not an
  1094. // array of ref pointers.
  1095. //
  1096. pFormatPP = pFormat + 12;
  1097. CORRELATION_DESC_INCREMENT( pFormatPP );
  1098. CORRELATION_DESC_INCREMENT( pFormatPP );
  1099. fSetPointerBufferMark = ! pStubMsg->IgnoreEmbeddedPointers &&
  1100. ! pStubMsg->PointerBufferMark &&
  1101. *pFormatPP != FC_RP;
  1102. //
  1103. // More fun. Make a recursive call so that we have a pointer to the end
  1104. // of the array's flat stuff in the buffer. Then we can properly get to
  1105. // any embedded pointer members. We have no way of knowing if there are
  1106. // any embedded pointers so we're stuck doing this all the time.
  1107. //
  1108. if ( fSetPointerBufferMark )
  1109. {
  1110. pStubMsg->IgnoreEmbeddedPointers = TRUE;
  1111. // Save this since it gets clobbered.
  1112. ulong MemorySizeSave = pStubMsg->MemorySize;
  1113. uchar* pBufferSave = pStubMsg->Buffer;
  1114. //
  1115. // Get a buffer pointer to where the array's pointees are.
  1116. //
  1117. (void) NdrComplexArrayMemorySize( pStubMsg,
  1118. pFormat );
  1119. // This is where the array pointees start.
  1120. pStubMsg->PointerBufferMark = pStubMsg->Buffer;
  1121. pStubMsg->PointerLength = pStubMsg->MemorySize;
  1122. pStubMsg->IgnoreEmbeddedPointers = FALSE;
  1123. pStubMsg->MemorySize = MemorySizeSave;
  1124. pStubMsg->Buffer = pBufferSave;
  1125. }
  1126. if ( ( *((long UNALIGNED *)(pFormat + 4)) != 0xffffffff ) &&
  1127. ( pStubMsg->pArrayInfo == 0 ) )
  1128. {
  1129. //
  1130. // The outer most array dimension sets the conformance marker.
  1131. //
  1132. ALIGN(pStubMsg->Buffer,0x3);
  1133. pStubMsg->BufferMark = pStubMsg->Buffer;
  1134. // Increment past conformance count(s).
  1135. pStubMsg->Buffer += NdrpArrayDimensions( pStubMsg, pFormat, FALSE ) * 4;
  1136. CHECK_EOB_RAISE_BSD( pStubMsg->Buffer );
  1137. }
  1138. (void) NdrpComplexArrayMemorySize( pStubMsg,
  1139. pFormat );
  1140. if ( fSetPointerBufferMark )
  1141. {
  1142. pStubMsg->Buffer = pStubMsg->PointerBufferMark;
  1143. pStubMsg->MemorySize = pStubMsg->PointerLength;
  1144. pStubMsg->PointerLength = 0;
  1145. pStubMsg->PointerBufferMark = 0;
  1146. }
  1147. return pStubMsg->MemorySize;
  1148. }
  1149. unsigned long
  1150. NdrpComplexArrayMemorySize(
  1151. PMIDL_STUB_MESSAGE pStubMsg,
  1152. PFORMAT_STRING pFormat )
  1153. /*++
  1154. Routine Description :
  1155. Private routine for computing the memory size of a complex array. This
  1156. is the entry point for memory sizing an embedded complex array.
  1157. Used for FC_BOGUS_ARRAY.
  1158. Arguments :
  1159. pStubMsg - Pointer to stub message.
  1160. pFormat - Pointer's format string description.
  1161. Return :
  1162. The computed memory size.
  1163. --*/
  1164. {
  1165. ARRAY_INFO ArrayInfo;
  1166. PARRAY_INFO pArrayInfo;
  1167. PMEM_SIZE_ROUTINE pfnMemSize;
  1168. uchar * pBufferSave;
  1169. PFORMAT_STRING pFormatSave;
  1170. ulong Elements;
  1171. ulong Count, CountSave;
  1172. long Dimension;
  1173. uchar Alignment;
  1174. uchar * pPointerIdMark;
  1175. bool IsBrokenInterfacePointerFormat = false;
  1176. //
  1177. // Setup if we are the outer dimension.
  1178. //
  1179. if ( ! pStubMsg->pArrayInfo )
  1180. {
  1181. NdrpInitArrayInfo(pStubMsg, &ArrayInfo);
  1182. }
  1183. // Used for array of ref pointers only.
  1184. pBufferSave = 0;
  1185. pFormatSave = pFormat;
  1186. pArrayInfo = pStubMsg->pArrayInfo;
  1187. Dimension = pArrayInfo->Dimension;
  1188. // Get the array alignment.
  1189. Alignment = pFormat[1];
  1190. pFormat += 2;
  1191. // Get number of elements (0 if conformance present).
  1192. Elements = *((ushort *&)pFormat)++;
  1193. //
  1194. // Check for conformance description.
  1195. //
  1196. if ( *((long UNALIGNED *)pFormat) != 0xffffffff )
  1197. {
  1198. Elements = pArrayInfo->BufferConformanceMark[Dimension];
  1199. // Check bounds
  1200. CHECK_BOUND( Elements, *pFormat & 0x0f );
  1201. }
  1202. pFormat += 4;
  1203. CORRELATION_DESC_INCREMENT( pFormat );
  1204. //
  1205. // Check for variance description.
  1206. //
  1207. if ( *((long UNALIGNED *)pFormat) != 0xffffffff )
  1208. {
  1209. long Offset;
  1210. if ( Dimension == 0 )
  1211. {
  1212. ulong VarianceSize;
  1213. ALIGN(pStubMsg->Buffer,0x3);
  1214. // Mark where the variance counts are.
  1215. pArrayInfo->BufferVarianceMark = (unsigned long *)pStubMsg->Buffer;
  1216. // Handle multidimensional arrays.
  1217. VarianceSize = NdrpArrayDimensions( pStubMsg, pFormatSave, TRUE ) * 8;
  1218. CHECK_EOB_WITH_WRAP_RAISE_BSD( pStubMsg->Buffer , VarianceSize );
  1219. pStubMsg->Buffer += VarianceSize;
  1220. }
  1221. Count = pArrayInfo->BufferVarianceMark[(Dimension * 2) + 1];
  1222. // Check bounds
  1223. CHECK_BOUND( Count, *pFormat & 0x0f );
  1224. Offset = pArrayInfo->BufferVarianceMark[(Dimension * 2)];
  1225. if ( (Offset < 0) || (Elements < (Offset + Count)) )
  1226. RpcRaiseException( RPC_X_INVALID_BOUND );
  1227. }
  1228. else
  1229. {
  1230. Count = Elements;
  1231. }
  1232. CountSave = Count;
  1233. pFormat += 4;
  1234. CORRELATION_DESC_INCREMENT( pFormat );
  1235. //
  1236. // Only align the buffer if at least one element was shipped.
  1237. //
  1238. if ( Count )
  1239. ALIGN(pStubMsg->Buffer,Alignment);
  1240. pPointerIdMark = 0;
  1241. switch ( *pFormat )
  1242. {
  1243. case FC_EMBEDDED_COMPLEX :
  1244. pFormat += 2;
  1245. pFormat += *((signed short *)pFormat);
  1246. pfnMemSize = pfnMemSizeRoutines[ROUTINE_INDEX(*pFormat)];
  1247. if ( FC_IP == *pFormat ) goto HandleInterfacePointer;
  1248. break;
  1249. case FC_IP :
  1250. HandleInterfacePointer:
  1251. IsBrokenInterfacePointerFormat = !FixWireRepForDComVerGTE54( pStubMsg );
  1252. pPointerIdMark = pStubMsg->Buffer;
  1253. // Do not leave any space for the pointer if this is
  1254. // the broken format. But do position the pointee as if the
  1255. // pointer was transmitted.
  1256. if ( pStubMsg->IgnoreEmbeddedPointers ||
  1257. !IsBrokenInterfacePointerFormat )
  1258. {
  1259. ulong uWireSize = MultiplyWithOverflowCheck( Count , PTR_WIRE_SIZE );
  1260. CHECK_EOB_WITH_WRAP_RAISE_BSD( pStubMsg->Buffer, uWireSize );
  1261. pStubMsg->Buffer += uWireSize;
  1262. }
  1263. goto HandleRefPointer;
  1264. case FC_UP :
  1265. case FC_FP :
  1266. case FC_OP :
  1267. pPointerIdMark = pStubMsg->Buffer;
  1268. {
  1269. ulong uWireSize = MultiplyWithOverflowCheck( Count , PTR_WIRE_SIZE );
  1270. CHECK_EOB_WITH_WRAP_RAISE_BSD( pStubMsg->Buffer, uWireSize);
  1271. pStubMsg->Buffer += uWireSize;
  1272. }
  1273. // Fall through
  1274. case FC_RP :
  1275. HandleRefPointer:
  1276. //
  1277. // Add in the size of the array explicitly.
  1278. //
  1279. {
  1280. LENGTH_ALIGN( pStubMsg->MemorySize, PTR_MEM_ALIGN );
  1281. ulong uSize = MultiplyWithOverflowCheck( Elements, PTR_MEM_SIZE );
  1282. if ( pStubMsg->MemorySize + uSize < pStubMsg->MemorySize )
  1283. RpcRaiseException ( RPC_X_BAD_STUB_DATA );
  1284. pStubMsg->MemorySize += uSize;
  1285. }
  1286. if ( pStubMsg->IgnoreEmbeddedPointers )
  1287. goto ComplexArrayMemSizeEnd;
  1288. pfnMemSize = (PMEM_SIZE_ROUTINE) NdrpPointerMemorySize;
  1289. break;
  1290. case FC_RANGE:
  1291. {
  1292. ulong uWireSize ;
  1293. LENGTH_ALIGN( pStubMsg->MemorySize, SIMPLE_TYPE_ALIGNMENT( pFormat[1] ) );
  1294. ALIGN( pStubMsg->Buffer, SIMPLE_TYPE_ALIGNMENT( pFormat[1] ) );
  1295. uWireSize = MultiplyWithOverflowCheck( Count, SIMPLE_TYPE_BUFSIZE( pFormat[1] ) );
  1296. CHECK_EOB_WITH_WRAP_RAISE_BSD( pStubMsg->Buffer, uWireSize );
  1297. pStubMsg->Buffer += uWireSize;
  1298. // SIMPLE_TYPE_BUFSIZE == SIMPLE_TYPE_MEMSIZE except in enum case, which is not allowed in range
  1299. pStubMsg->MemorySize += MultiplyWithOverflowCheck( Elements, SIMPLE_TYPE_MEMSIZE( pFormat[1] ) );
  1300. goto ComplexArrayMemSizeEnd;
  1301. break;
  1302. }
  1303. default :
  1304. {
  1305. ulong ByteCount;
  1306. NDR_ASSERT( IS_SIMPLE_TYPE(*pFormat),
  1307. "NdrpComplexArrayMemorySize : bad format char" );
  1308. ByteCount = MultiplyWithOverflowCheck( Count , SIMPLE_TYPE_BUFSIZE(*pFormat) );
  1309. CHECK_EOB_WITH_WRAP_RAISE_IB( pStubMsg->Buffer, ByteCount );
  1310. pStubMsg->Buffer += ByteCount;
  1311. if ( *pFormat == FC_ENUM16 )
  1312. LENGTH_ALIGN( pStubMsg->MemorySize, sizeof(int) - 1 );
  1313. else
  1314. LENGTH_ALIGN( pStubMsg->MemorySize,
  1315. SIMPLE_TYPE_ALIGNMENT(*pFormat) );
  1316. pStubMsg->MemorySize += MultiplyWithOverflowCheck( Elements, SIMPLE_TYPE_MEMSIZE( * pFormat ) );
  1317. goto ComplexArrayMemSizeEnd;
  1318. }
  1319. }
  1320. if ( ! IS_ARRAY_OR_STRING(*pFormat) )
  1321. pStubMsg->pArrayInfo = 0;
  1322. if ( pfnMemSize == (PMEM_SIZE_ROUTINE) NdrpPointerMemorySize )
  1323. {
  1324. // If the broken format is used, the pointer and pointee
  1325. // are where the pointee should have been.
  1326. if (IsBrokenInterfacePointerFormat)
  1327. SET_BROKEN_INTERFACE_POINTER( pStubMsg->uFlags );
  1328. POINTER_MEMSIZE_SWAP_CONTEXT SwapContext( pStubMsg );
  1329. for ( ; Count--; pPointerIdMark += PTR_WIRE_SIZE )
  1330. {
  1331. NdrpPointerMemorySize(
  1332. pStubMsg,
  1333. pPointerIdMark,
  1334. pFormat );
  1335. }
  1336. if (IsBrokenInterfacePointerFormat)
  1337. RESET_BROKEN_INTERFACE_POINTER( pStubMsg->uFlags );
  1338. }
  1339. else
  1340. {
  1341. for ( ; Count--; )
  1342. {
  1343. // Keep track of multidimensional array dimension.
  1344. if ( IS_ARRAY_OR_STRING(*pFormat) )
  1345. pArrayInfo->Dimension = Dimension + 1;
  1346. (*pfnMemSize)( pStubMsg,
  1347. pFormat );
  1348. }
  1349. }
  1350. if ( pBufferSave )
  1351. {
  1352. pStubMsg->PointerBufferMark = pStubMsg->Buffer;
  1353. pStubMsg->Buffer = pBufferSave;
  1354. }
  1355. //
  1356. // If we had variance then we have to make sure and add in the node size
  1357. // of any members that were not shipped.
  1358. //
  1359. if ( (CountSave < Elements) && (*pFormat != FC_RP) )
  1360. {
  1361. long ElementSize;
  1362. pArrayInfo->Dimension = Dimension + 1;
  1363. pArrayInfo->MaxCountArray = pArrayInfo->BufferConformanceMark;
  1364. pStubMsg->pArrayInfo = pArrayInfo;
  1365. ElementSize = (long)( NdrpMemoryIncrement( pStubMsg,
  1366. 0,
  1367. pFormat ) - (uchar*)0 );
  1368. pArrayInfo->MaxCountArray = 0;
  1369. //
  1370. // We don't have the memory alignment anywhere, so align the memory
  1371. // size to 8. At worse we'll allocate a few extra bytes.
  1372. //
  1373. LENGTH_ALIGN(pStubMsg->MemorySize,0x7);
  1374. pStubMsg->MemorySize += MultiplyWithOverflowCheck( (Elements - CountSave) , ElementSize );
  1375. }
  1376. ComplexArrayMemSizeEnd:
  1377. // pArrayInfo must be zero when not valid.
  1378. pStubMsg->pArrayInfo = (Dimension == 0) ? 0 : pArrayInfo;
  1379. return pStubMsg->MemorySize;
  1380. }
  1381. unsigned long RPC_ENTRY
  1382. NdrNonConformantStringMemorySize(
  1383. PMIDL_STUB_MESSAGE pStubMsg,
  1384. PFORMAT_STRING pFormat )
  1385. /*++
  1386. Routine Description :
  1387. Computes the memory size of a non conformant string.
  1388. Used for FC_CSTRING, FC_WSTRING, FC_SSTRING, and FC_BSTRING (NT Beta2
  1389. compatability only).
  1390. Arguments :
  1391. pStubMsg - Pointer to stub message.
  1392. pFormat - Pointer's format string description.
  1393. Return :
  1394. The computed memory size.
  1395. --*/
  1396. {
  1397. ulong BufferSize;
  1398. ulong MemorySize;
  1399. ALIGN(pStubMsg->Buffer,0x3);
  1400. // Skip the offset.
  1401. pStubMsg->Buffer += 4;
  1402. BufferSize = *((long *&)pStubMsg->Buffer)++;
  1403. MemorySize = *((ushort *)(pFormat + 2));
  1404. if ( MemorySize < BufferSize )
  1405. RpcRaiseException( RPC_X_INVALID_BOUND );
  1406. switch ( *pFormat )
  1407. {
  1408. case FC_WSTRING :
  1409. // Buffer is already aligned on a 4 byte boundary.
  1410. // Align memory just in case.
  1411. LENGTH_ALIGN( pStubMsg->MemorySize, 0x1 );
  1412. MemorySize = MultiplyWithOverflowCheck( MemorySize, sizeof(wchar_t) );
  1413. BufferSize = MultiplyWithOverflowCheck( BufferSize, sizeof(wchar_t) );
  1414. break;
  1415. case FC_SSTRING :
  1416. MemorySize = MultiplyWithOverflowCheck( MemorySize, pFormat[1] );
  1417. BufferSize = MultiplyWithOverflowCheck ( BufferSize, pFormat[1] );
  1418. break;
  1419. default :
  1420. break;
  1421. }
  1422. CHECK_EOB_WITH_WRAP_RAISE_BSD( pStubMsg->Buffer, BufferSize );
  1423. pStubMsg->Buffer += BufferSize;
  1424. pStubMsg->MemorySize += MemorySize;
  1425. return pStubMsg->MemorySize;
  1426. }
  1427. unsigned long RPC_ENTRY
  1428. NdrConformantStringMemorySize(
  1429. PMIDL_STUB_MESSAGE pStubMsg,
  1430. PFORMAT_STRING pFormat )
  1431. /*++
  1432. Routine Description :
  1433. Computes the memory size of a top level conformant string.
  1434. Used for FC_C_CSTRING, FC_C_WSTRING, FC_C_SSTRING, and FC_C_BSTRING
  1435. (NT Beta2 compatability only).
  1436. Arguments :
  1437. pStubMsg - Pointer to stub message.
  1438. pFormat - Pointer's format string description.
  1439. Return :
  1440. The computed memory size.
  1441. --*/
  1442. {
  1443. //
  1444. // Get string size.
  1445. //
  1446. if ( pStubMsg->pArrayInfo != 0 )
  1447. {
  1448. //
  1449. // If this is part of a multidimensional array then we get the location
  1450. // where the conformance is from a special place.
  1451. //
  1452. pStubMsg->MaxCount =
  1453. pStubMsg->pArrayInfo->
  1454. BufferConformanceMark[pStubMsg->pArrayInfo->Dimension];
  1455. }
  1456. else
  1457. {
  1458. ALIGN(pStubMsg->Buffer,0x3);
  1459. pStubMsg->MaxCount = *((long *&)pStubMsg->Buffer)++;
  1460. }
  1461. return NdrpConformantStringMemorySize( pStubMsg,
  1462. pFormat );
  1463. }
  1464. unsigned long
  1465. NdrpConformantStringMemorySize(
  1466. PMIDL_STUB_MESSAGE pStubMsg,
  1467. PFORMAT_STRING pFormat )
  1468. /*++
  1469. Routine Description :
  1470. Private routine for determing the memory size of a conformant string.
  1471. This is the entry point for an embedded conformant string.
  1472. Used for FC_C_CSTRING, FC_C_WSTRING, FC_C_SSTRING, and FC_C_BSTRING
  1473. (NT Beta2 compatability only).
  1474. Arguments :
  1475. pStubMsg - Pointer to stub message.
  1476. pFormat - Pointer's format string description.
  1477. Return :
  1478. The computed memory size.
  1479. --*/
  1480. {
  1481. ulong MemorySize;
  1482. ulong BufferSize;
  1483. ALIGN(pStubMsg->Buffer,3);
  1484. // Skip the offset.
  1485. pStubMsg->Buffer += 4;
  1486. BufferSize = *((long *&)pStubMsg->Buffer)++;
  1487. MemorySize = (ulong)pStubMsg->MaxCount;
  1488. // Check bounds.
  1489. if ( (*pFormat != FC_C_SSTRING) && (pFormat[1] == FC_STRING_SIZED) )
  1490. CHECK_BOUND( MemorySize, pFormat[2] & 0xf);
  1491. //
  1492. // Make sure the offset is 0 and the memory size is at least as
  1493. // large as the buffer size.
  1494. //
  1495. if ( *((long *)(pStubMsg->Buffer - 8)) != 0 ||
  1496. (MemorySize < BufferSize) )
  1497. RpcRaiseException( RPC_X_INVALID_BOUND );
  1498. switch ( *pFormat )
  1499. {
  1500. case FC_C_WSTRING :
  1501. // Buffer is already aligned on a 4 byte boundary.
  1502. // Align memory just in case.
  1503. LENGTH_ALIGN( pStubMsg->MemorySize, 0x1 );
  1504. MemorySize = MultiplyWithOverflowCheck( MemorySize, sizeof(wchar_t) );
  1505. BufferSize = MultiplyWithOverflowCheck( BufferSize, sizeof(wchar_t) );
  1506. break;
  1507. case FC_C_SSTRING :
  1508. MemorySize = MultiplyWithOverflowCheck( MemorySize, pFormat[1] );
  1509. BufferSize = MultiplyWithOverflowCheck( BufferSize, pFormat[1] );
  1510. break;
  1511. default :
  1512. break;
  1513. }
  1514. CHECK_EOB_WITH_WRAP_RAISE_BSD( pStubMsg->Buffer, BufferSize );
  1515. pStubMsg->Buffer += BufferSize;
  1516. pStubMsg->MemorySize += MemorySize;
  1517. return pStubMsg->MemorySize;
  1518. }
  1519. unsigned long RPC_ENTRY
  1520. NdrEncapsulatedUnionMemorySize(
  1521. PMIDL_STUB_MESSAGE pStubMsg,
  1522. PFORMAT_STRING pFormat )
  1523. /*++
  1524. Routine Description :
  1525. Computes the memory size of an encapsulated union.
  1526. Used for FC_ENCAPSULATED_UNION.
  1527. Arguments :
  1528. pStubMsg - Pointer to stub message.
  1529. pFormat - Pointer's format string description.
  1530. Return :
  1531. The computed memory size.
  1532. --*/
  1533. {
  1534. uchar SwitchType;
  1535. SwitchType = LOW_NIBBLE(pFormat[1]);
  1536. //
  1537. // No alignment needed. Add number of bytes to the union.
  1538. //
  1539. pStubMsg->MemorySize += HIGH_NIBBLE(pFormat[1]);
  1540. NO_CORRELATION;
  1541. return NdrpUnionMemorySize( pStubMsg,
  1542. pFormat + 2,
  1543. SwitchType );
  1544. }
  1545. unsigned long RPC_ENTRY
  1546. NdrNonEncapsulatedUnionMemorySize(
  1547. PMIDL_STUB_MESSAGE pStubMsg,
  1548. PFORMAT_STRING pFormat )
  1549. /*++
  1550. Routine Description :
  1551. Computes the memory size of a non-encapsulated union.
  1552. Used for FC_NON_ENCAPSULATED_UNION.
  1553. Arguments :
  1554. pStubMsg - Pointer to stub message.
  1555. pFormat - Pointer's format string description.
  1556. Return :
  1557. The computed memory size.
  1558. --*/
  1559. {
  1560. uchar SwitchType;
  1561. SwitchType = pFormat[1];
  1562. //
  1563. // Set the format string to the memory size and arm description.
  1564. //
  1565. pFormat += 6;
  1566. CORRELATION_DESC_INCREMENT( pFormat );
  1567. pFormat += *((signed short *)pFormat);
  1568. return NdrpUnionMemorySize( pStubMsg,
  1569. pFormat,
  1570. SwitchType );
  1571. }
  1572. unsigned long
  1573. NdrpUnionMemorySize(
  1574. PMIDL_STUB_MESSAGE pStubMsg,
  1575. PFORMAT_STRING pFormat,
  1576. uchar SwitchType )
  1577. /*++
  1578. Routine Description :
  1579. Private routine for computing the memory size needed for a union. This
  1580. routine is used for sizing both encapsulated and non-encapsulated unions.
  1581. Arguments :
  1582. pStubMsg - Pointer to stub message.
  1583. pFormat - Pointer's format string description.
  1584. SwitchType - Union's switch type.
  1585. Return :
  1586. The computed memory size.
  1587. --*/
  1588. {
  1589. long UnionSize;
  1590. long SwitchIs;
  1591. long Arms;
  1592. uchar Alignment;
  1593. switch ( SwitchType )
  1594. {
  1595. case FC_SMALL :
  1596. case FC_CHAR :
  1597. SwitchIs = (long) *((char *&)pStubMsg->Buffer)++;
  1598. break;
  1599. case FC_USMALL :
  1600. SwitchIs = (long) *((uchar *&)pStubMsg->Buffer)++;
  1601. break;
  1602. case FC_SHORT :
  1603. case FC_ENUM16 :
  1604. ALIGN(pStubMsg->Buffer,0x1);
  1605. SwitchIs = (long) *((short *&)pStubMsg->Buffer)++;
  1606. break;
  1607. case FC_USHORT :
  1608. case FC_WCHAR :
  1609. ALIGN(pStubMsg->Buffer,0x1);
  1610. SwitchIs = (long) *((ushort *&)pStubMsg->Buffer)++;
  1611. break;
  1612. case FC_LONG :
  1613. case FC_ULONG :
  1614. case FC_ENUM32 :
  1615. // FC_INT3264 gets mapped to FC_LONG
  1616. ALIGN(pStubMsg->Buffer,0x3);
  1617. SwitchIs = *((long *&)pStubMsg->Buffer)++;
  1618. break;
  1619. default :
  1620. NDR_ASSERT(0,"NdrpUnionMemorySize : bad switch type");
  1621. RpcRaiseException( RPC_S_INTERNAL_ERROR );
  1622. return 0;
  1623. }
  1624. //
  1625. // Get the max flat union memory size.
  1626. //
  1627. UnionSize = *((ushort *&)pFormat)++;
  1628. //
  1629. // We're at the union_arms<2> field now, which contains both the
  1630. // Microsoft union aligment value and the number of union arms.
  1631. //
  1632. //
  1633. // Get the union alignment (0 if this is a DCE union).
  1634. //
  1635. Alignment = (uchar) ( *((ushort *)pFormat) >> 12 );
  1636. ALIGN(pStubMsg->Buffer,Alignment);
  1637. pStubMsg->MemorySize += UnionSize;
  1638. //
  1639. // Get number of union arms.
  1640. //
  1641. Arms = (long) ( *((ushort *&)pFormat)++ & 0x0fff );
  1642. //
  1643. // Search for the correct arm.
  1644. //
  1645. for ( ; Arms; Arms-- )
  1646. {
  1647. if ( *((long UNALIGNED *&)pFormat)++ == SwitchIs )
  1648. {
  1649. //
  1650. // Found the right arm, break out.
  1651. //
  1652. break;
  1653. }
  1654. // Else increment format string.
  1655. pFormat += 2;
  1656. }
  1657. //
  1658. // Check if we took the default arm and no default arm is specified.
  1659. //
  1660. if ( ! Arms && (*((ushort *)pFormat) == (ushort) 0xffff) )
  1661. {
  1662. //
  1663. // Raise an exception here.
  1664. //
  1665. RpcRaiseException( RPC_S_INVALID_TAG );
  1666. }
  1667. //
  1668. // Return if the arm is emtpy.
  1669. //
  1670. if ( ! *((ushort *)pFormat) )
  1671. return pStubMsg->MemorySize;
  1672. //
  1673. // Ok we've got the correct arm now. The only goal now is to increment
  1674. // the buffer pointer by the correct amount, and possibly add the size
  1675. // of embedded pointers in the chosen union arm to the memory size.
  1676. //
  1677. //
  1678. // Get the arm's description.
  1679. //
  1680. // We need a real solution after beta for simple type arms. This could
  1681. // break if we have a format string larger than about 32K.
  1682. //
  1683. if ( IS_MAGIC_UNION_BYTE(pFormat) )
  1684. {
  1685. unsigned char FcType = pFormat[0];
  1686. ALIGN( pStubMsg->Buffer, SIMPLE_TYPE_ALIGNMENT( FcType ));
  1687. pStubMsg->Buffer += SIMPLE_TYPE_BUFSIZE( FcType );
  1688. return pStubMsg->MemorySize;
  1689. }
  1690. pFormat += *((signed short *)pFormat);
  1691. if ( IS_POINTER_TYPE(*pFormat) )
  1692. {
  1693. if ( pStubMsg->IgnoreEmbeddedPointers )
  1694. {
  1695. ALIGN(pStubMsg->Buffer,0x3);
  1696. pStubMsg->Buffer += PTR_WIRE_SIZE;
  1697. return pStubMsg->MemorySize;
  1698. }
  1699. if ( pStubMsg->PointerBufferMark )
  1700. {
  1701. ALIGN(pStubMsg->Buffer,0x3);
  1702. uchar *pPointerId = pStubMsg->Buffer;
  1703. pStubMsg->Buffer += PTR_WIRE_SIZE;
  1704. if ( !pStubMsg->IgnoreEmbeddedPointers )
  1705. {
  1706. POINTER_MEMSIZE_SWAP_CONTEXT SwapContext(pStubMsg);
  1707. (void) NdrpPointerMemorySize( pStubMsg,
  1708. pPointerId,
  1709. pFormat );
  1710. }
  1711. return pStubMsg->MemorySize;
  1712. }
  1713. }
  1714. //
  1715. // Add in the size of arm. We end up adding the size of the flat part
  1716. // of the arm a second time here.
  1717. // We do have to call this however, so that the buffer pointer is properly
  1718. // updated.
  1719. //
  1720. return (*pfnMemSizeRoutines[ROUTINE_INDEX(*pFormat)])
  1721. ( pStubMsg,
  1722. pFormat );
  1723. }
  1724. unsigned long RPC_ENTRY
  1725. NdrXmitOrRepAsMemorySize(
  1726. PMIDL_STUB_MESSAGE pStubMsg,
  1727. PFORMAT_STRING pFormat )
  1728. /*++
  1729. Routine Description :
  1730. Computes the memory size required for the presented type of a
  1731. transmit as or represent as.
  1732. See mrshl.c for the description of the FC layout.
  1733. Arguments :
  1734. pStubMsg - Pointer to stub message.
  1735. pFormat - Pointer's format string description.
  1736. Return :
  1737. The computed memory size of the presented type object.
  1738. --*/
  1739. {
  1740. unsigned long MemorySize;
  1741. unsigned short QIndex;
  1742. // Fetch the QuintupleIndex.
  1743. QIndex = *(unsigned short *)(pFormat + 2);
  1744. // Memsize the presented object.
  1745. MemorySize = *(unsigned short *)(pFormat + 4);
  1746. // Update our current count in the stub message.
  1747. pStubMsg->MemorySize += MemorySize;
  1748. // Move the pointer in the buffer behind the transmitted object
  1749. // for the next field to be memsized correctly.
  1750. pFormat += 8;
  1751. pFormat = pFormat + *(short *)pFormat;
  1752. if ( IS_SIMPLE_TYPE( *pFormat ))
  1753. {
  1754. // Simple type.
  1755. ALIGN( pStubMsg->Buffer, SIMPLE_TYPE_ALIGNMENT( *pFormat) );
  1756. pStubMsg->Buffer += SIMPLE_TYPE_BUFSIZE( *pFormat );
  1757. }
  1758. else
  1759. {
  1760. uchar *PointerBufferMarkSave = pStubMsg->PointerBufferMark;
  1761. pStubMsg->PointerBufferMark = 0;
  1762. NDR_POINTER_QUEUE *pOldQueue = NULL;
  1763. if ( pStubMsg->pPointerQueueState)
  1764. {
  1765. pOldQueue = pStubMsg->pPointerQueueState->GetActiveQueue();
  1766. pStubMsg->pPointerQueueState->SetActiveQueue(NULL);
  1767. }
  1768. RpcTryFinally
  1769. {
  1770. (*pfnMemSizeRoutines[ ROUTINE_INDEX( *pFormat) ])( pStubMsg, pFormat );
  1771. }
  1772. RpcFinally
  1773. {
  1774. pStubMsg->PointerBufferMark = PointerBufferMarkSave;
  1775. if ( pStubMsg->pPointerQueueState)
  1776. {
  1777. pStubMsg->pPointerQueueState->SetActiveQueue(pOldQueue);
  1778. }
  1779. }
  1780. RpcEndFinally
  1781. }
  1782. return( MemorySize );
  1783. }
  1784. void
  1785. NdrpUserMarshalMemorySize(
  1786. PMIDL_STUB_MESSAGE pStubMsg,
  1787. PFORMAT_STRING pFormat )
  1788. {
  1789. unsigned long MemorySizeSave;
  1790. // Flat type.
  1791. // Optimization: if we know the wire size, don't walk to size it.
  1792. if ( *(unsigned short *)(pFormat + 6) != 0 )
  1793. {
  1794. CHECK_EOB_RAISE_BSD( pStubMsg->Buffer + *(unsigned short *)(pFormat + 6));
  1795. pStubMsg->Buffer += *(unsigned short *)(pFormat + 6);
  1796. return;
  1797. }
  1798. // Unknown wire size: we need to step through the buffer.
  1799. // However, the memory size may have nothing to do with
  1800. // the wire type description..
  1801. // so, we need to remember what the current memory size is.
  1802. MemorySizeSave = pStubMsg->MemorySize;
  1803. pFormat += 8;
  1804. pFormat = pFormat + *(short *)pFormat;
  1805. if ( IS_SIMPLE_TYPE( *pFormat ))
  1806. {
  1807. // Simple type.
  1808. pStubMsg->Buffer += SIMPLE_TYPE_BUFSIZE( *pFormat );
  1809. }
  1810. else
  1811. {
  1812. (*pfnMemSizeRoutines[ ROUTINE_INDEX( *pFormat) ])( pStubMsg, pFormat );
  1813. }
  1814. pStubMsg->MemorySize = MemorySizeSave;
  1815. }
  1816. void
  1817. NDR_USR_MRSHL_MEMSIZE_POINTER_QUEUE_ELEMENT::Dispatch(MIDL_STUB_MESSAGE *pStubMsg)
  1818. {
  1819. NdrpUserMarshalMemorySize( pStubMsg,
  1820. pFormat );
  1821. }
  1822. #if defined(DBG)
  1823. void
  1824. NDR_USR_MRSHL_MEMSIZE_POINTER_QUEUE_ELEMENT::Print()
  1825. {
  1826. DbgPrint("NDR_USR_MRSHL_MEMSIZE_POINTER_QUEUE_ELEMENT\n");
  1827. DbgPrint("pFormat: %p\n", pFormat );
  1828. }
  1829. #endif
  1830. unsigned long RPC_ENTRY
  1831. NdrUserMarshalMemorySize(
  1832. PMIDL_STUB_MESSAGE pStubMsg,
  1833. PFORMAT_STRING pFormat )
  1834. /*++
  1835. Routine Description :
  1836. Computes the memory size required for a usr_marshal type.
  1837. See mrshl.c for the description of the layouts.
  1838. Arguments :
  1839. pStubMsg - Pointer to stub message.
  1840. pFormat - Pointer's format string description.
  1841. Return :
  1842. The memory size of the usr_marshall object.
  1843. --*/
  1844. {
  1845. unsigned long MemorySize;
  1846. // The memory sizing routine can be called only when sizing a complex
  1847. // struct for memory allocation.
  1848. // Hence, IgnoreEmbeddedPointer in this case has to be on.
  1849. // Memsize the presented object.
  1850. MemorySize = *(unsigned short *)(pFormat + 4);
  1851. // Update our current count in the stub message.
  1852. pStubMsg->MemorySize += MemorySize;
  1853. // Move the pointer in the buffer behind the transmitted object
  1854. // for the next field to be memsized correctly.
  1855. ALIGN( pStubMsg->Buffer, LOW_NIBBLE( pFormat[1] ) );
  1856. if ( pFormat[1] & USER_MARSHAL_POINTER )
  1857. {
  1858. ulong PointerMarker = 0;
  1859. if ( (pFormat[1] & USER_MARSHAL_UNIQUE) ||
  1860. ((pFormat[1] & USER_MARSHAL_REF) && pStubMsg->PointerBufferMark) )
  1861. {
  1862. PointerMarker = *((unsigned long * &)pStubMsg->Buffer)++;
  1863. }
  1864. if ( pStubMsg->IgnoreEmbeddedPointers )
  1865. return pStubMsg->MemorySize;
  1866. if ( (pFormat[1] & USER_MARSHAL_UNIQUE) &&
  1867. !PointerMarker)
  1868. return pStubMsg->MemorySize;
  1869. if ( !pStubMsg->pPointerQueueState ||
  1870. !pStubMsg->pPointerQueueState->GetActiveQueue() )
  1871. {
  1872. // If we are embedded, switch to the pointee buffer.
  1873. POINTER_MEMSIZE_SWAP_CONTEXT NewContext(pStubMsg);
  1874. NdrpUserMarshalMemorySize(
  1875. pStubMsg,
  1876. pFormat );
  1877. }
  1878. else
  1879. {
  1880. NDR_USR_MRSHL_MEMSIZE_POINTER_QUEUE_ELEMENT*pElement =
  1881. new(pStubMsg->pPointerQueueState)
  1882. NDR_USR_MRSHL_MEMSIZE_POINTER_QUEUE_ELEMENT(pFormat );
  1883. pStubMsg->pPointerQueueState->GetActiveQueue()->Enque( pElement );
  1884. }
  1885. return pStubMsg->MemorySize;
  1886. }
  1887. NdrpUserMarshalMemorySize(
  1888. pStubMsg,
  1889. pFormat );
  1890. return pStubMsg->MemorySize;
  1891. }
  1892. void
  1893. NdrpInterfacePointerMemorySize (
  1894. PMIDL_STUB_MESSAGE pStubMsg,
  1895. PFORMAT_STRING pFormat )
  1896. /*++
  1897. Routine Description :
  1898. Computes the memory size needed for an interface pointer.
  1899. Arguments :
  1900. pStubMsg - Pointer to stub message.
  1901. pFormat - Pointer's format string description.
  1902. Return :
  1903. The current memory size.
  1904. --*/
  1905. {
  1906. ALIGN( pStubMsg->Buffer, 3 );
  1907. // Pick up the conformant size and the count field.
  1908. ulong MaxCount = *((unsigned long *&) pStubMsg->Buffer)++;
  1909. ulong Size = *((unsigned long *&) pStubMsg->Buffer)++;
  1910. //Check the array bounds
  1911. if ( Size != MaxCount )
  1912. RpcRaiseException( RPC_X_BAD_STUB_DATA );
  1913. IStream* pStream = 0;
  1914. RpcTryFinally
  1915. {
  1916. if (MaxCount > 0)
  1917. {
  1918. CHECK_EOB_WITH_WRAP_RAISE_BSD( pStubMsg->Buffer, MaxCount );
  1919. if ( IS_WALKIP( pStubMsg->uFlags) )
  1920. {
  1921. pStream = (*NdrpCreateStreamOnMemory)(pStubMsg->Buffer, MaxCount);
  1922. if(pStream == 0)
  1923. RpcRaiseException(RPC_S_OUT_OF_MEMORY);
  1924. HRESULT hr = (*pfnCoReleaseMarshalData)(pStream);
  1925. if(FAILED(hr))
  1926. RpcRaiseException(hr);
  1927. }
  1928. }
  1929. }
  1930. RpcFinally
  1931. {
  1932. if ( pStream ) pStream->Release();
  1933. pStubMsg->Buffer += MaxCount;
  1934. }
  1935. RpcEndFinally
  1936. }
  1937. unsigned long RPC_ENTRY
  1938. NdrInterfacePointerMemorySize (
  1939. PMIDL_STUB_MESSAGE pStubMsg,
  1940. PFORMAT_STRING pFormat )
  1941. {
  1942. ALIGN(pStubMsg->Buffer,0x3);
  1943. ulong PtrValue = *((long *&)pStubMsg->Buffer)++;
  1944. LENGTH_ALIGN( pStubMsg->MemorySize, PTR_MEM_ALIGN );
  1945. pStubMsg->MemorySize += PTR_MEM_SIZE;
  1946. if ( !PtrValue || pStubMsg->IgnoreEmbeddedPointers )
  1947. return pStubMsg->MemorySize;
  1948. NdrpInterfacePointerMemorySize( pStubMsg,
  1949. pFormat );
  1950. return pStubMsg->MemorySize;
  1951. }
  1952. void
  1953. NdrpEmbeddedPointerMemorySize (
  1954. PMIDL_STUB_MESSAGE pStubMsg,
  1955. PFORMAT_STRING pFormat )
  1956. /*++
  1957. Routine Description :
  1958. Computes the memory size required for all embedded pointers in an
  1959. array or a structure.
  1960. Arguments :
  1961. pStubMsg - Pointer to stub message.
  1962. pFormat - Pointer's format string description.
  1963. Return :
  1964. The computed memory size.
  1965. --*/
  1966. {
  1967. if ( pStubMsg->IgnoreEmbeddedPointers )
  1968. return;
  1969. POINTER_MEMSIZE_SWAP_CONTEXT SwapContext( pStubMsg );
  1970. uchar * pBufPtr;
  1971. uchar * pBufferMark;
  1972. uchar * pBufferSave;
  1973. ULONG_PTR MaxCountSave;
  1974. MaxCountSave = pStubMsg->MaxCount;
  1975. pBufferMark = pStubMsg->BufferMark;
  1976. // Increment past the FC_PP and pad.
  1977. pFormat += 2;
  1978. for (;;)
  1979. {
  1980. if ( *pFormat == FC_END )
  1981. {
  1982. return;
  1983. }
  1984. //
  1985. // Check for FC_FIXED_REPEAT or FC_VARIABLE_REPEAT.
  1986. //
  1987. if ( *pFormat != FC_NO_REPEAT )
  1988. {
  1989. pStubMsg->MaxCount = MaxCountSave;
  1990. pStubMsg->BufferMark = pBufferMark;
  1991. NdrpEmbeddedRepeatPointerMemorySize( pStubMsg,
  1992. &pFormat );
  1993. // Continue to the next pointer.
  1994. continue;
  1995. }
  1996. // Compute the pointer to the pointer id in the buffer to size.
  1997. pBufPtr = (pBufferMark + *((signed short *)(pFormat + 4)));
  1998. // Increment to the pointer description.
  1999. pFormat += 6;
  2000. NdrpPointerMemorySize(
  2001. pStubMsg,
  2002. pBufPtr,
  2003. pFormat );
  2004. // Increment to next pointer description.
  2005. pFormat += 4;
  2006. } // for
  2007. }
  2008. void
  2009. NdrpEmbeddedRepeatPointerMemorySize (
  2010. PMIDL_STUB_MESSAGE pStubMsg,
  2011. PFORMAT_STRING * ppFormat )
  2012. /*++
  2013. Routine Description :
  2014. Computes the memory size required for all embedded pointers in an
  2015. array.
  2016. Arguments :
  2017. pStubMsg - Pointer to stub message.
  2018. pFormat - Pointer's format string description.
  2019. Return :
  2020. The computed memory size.
  2021. --*/
  2022. {
  2023. uchar * pBufPtr;
  2024. uchar * pBufferMark;
  2025. PFORMAT_STRING pFormat;
  2026. PFORMAT_STRING pFormatSave;
  2027. ulong RepeatCount, RepeatIncrement, Pointers, PointersSave;
  2028. pBufferMark = pStubMsg->BufferMark;
  2029. pFormat = *ppFormat;
  2030. switch ( *pFormat )
  2031. {
  2032. case FC_FIXED_REPEAT :
  2033. // Increment past the FC_FIXED_REPEAT and FC_PAD.
  2034. pFormat += 2;
  2035. // Get the total number of times to repeat the pointer marshall.
  2036. RepeatCount = *((ushort *&)pFormat)++;
  2037. break;
  2038. case FC_VARIABLE_REPEAT :
  2039. // Get the total number of times to repeat the pointer marshall.
  2040. RepeatCount = (ulong)pStubMsg->MaxCount;
  2041. pFormat += 2;
  2042. break;
  2043. default :
  2044. NDR_ASSERT(0,"NdrpEmbeddedRepeatPointerMemorySize : bad format");
  2045. RpcRaiseException( RPC_S_INTERNAL_ERROR );
  2046. return;
  2047. }
  2048. // Get the increment amount between successive pointers.
  2049. RepeatIncrement = *((ushort *&)pFormat)++;
  2050. // Offset to array is ignored.
  2051. pFormat += 2;
  2052. // Get number of pointers.
  2053. PointersSave = Pointers = *((ushort *&)pFormat)++;
  2054. pFormatSave = pFormat;
  2055. //
  2056. // Loop for the number of shipped array elements.
  2057. //
  2058. for ( ; RepeatCount--;
  2059. pBufferMark += RepeatIncrement )
  2060. {
  2061. pFormat = pFormatSave;
  2062. Pointers = PointersSave;
  2063. //
  2064. // Loop for the number of pointer in each array element (which could
  2065. // be greater than 0 for an array of structures).
  2066. //
  2067. for ( ; Pointers--; )
  2068. {
  2069. pFormat += 2;
  2070. // Get the buffer pointer where the pointer id is.
  2071. pBufPtr = pBufferMark + *((signed short *&)pFormat)++;
  2072. NdrpPointerMemorySize(
  2073. pStubMsg,
  2074. pBufPtr,
  2075. pFormat );
  2076. // Increment to the next the pointer description.
  2077. pFormat += 4;
  2078. }
  2079. }
  2080. // Get the format string pointer past this repeat pointer description.
  2081. *ppFormat = pFormatSave + PointersSave * 8;
  2082. }
  2083. #ifdef _CS_CHAR
  2084. unsigned long RPC_ENTRY
  2085. NdrCsTagMemorySize(
  2086. PMIDL_STUB_MESSAGE pStubMsg,
  2087. PFORMAT_STRING pFormat )
  2088. /*++
  2089. Routine Description :
  2090. Computes the memory size required for a cs tag.
  2091. Arguments :
  2092. pStubMsg - Pointer to stub message.
  2093. pFormat - Pointer to FC_CS_TAG in the format string.
  2094. Return :
  2095. The computed memory size.
  2096. --*/
  2097. {
  2098. // We need to set the tag in the stub message so that it can be used
  2099. // later for sizing/unmarshalling arrays
  2100. NdrpGetSetCSTagUnmarshall(
  2101. pStubMsg,
  2102. (NDR_CS_TAG_FORMAT *) pFormat);
  2103. pStubMsg->Buffer += sizeof( ulong );
  2104. pStubMsg->MemorySize += sizeof( ulong );
  2105. return pStubMsg->MemorySize;
  2106. }
  2107. unsigned long RPC_ENTRY
  2108. NdrCsArrayMemorySize(
  2109. PMIDL_STUB_MESSAGE pStubMsg,
  2110. PFORMAT_STRING pFormat )
  2111. /*++
  2112. Routine Description :
  2113. Computes the memory size required for a cs_char array.
  2114. Arguments :
  2115. pStubMsg - Pointer to stub message.
  2116. pFormat - Pointer to FC_CS_TAG in the format string.
  2117. Return :
  2118. The computed memory size.
  2119. --*/
  2120. {
  2121. NDR_CS_ARRAY_FORMAT *pCSFormat;
  2122. NDR_CS_SIZE_CONVERT_ROUTINES *CSRoutines;
  2123. CS_TYPE_LOCAL_SIZE_ROUTINE LocalSizeRoutine;
  2124. IDL_CS_CONVERT ConversionType;
  2125. ulong ArraySize;
  2126. ulong WireLength;
  2127. error_status_t status;
  2128. pCSFormat = (NDR_CS_ARRAY_FORMAT *) pFormat;
  2129. NDR_ASSERT( NULL != pStubMsg->pCSInfo, "cs_char stub info not set up");
  2130. // Get all the info out of the FC_CS_ARRAY structure and bump pFormat
  2131. // to point to the underlying data descriptor
  2132. CSRoutines = pStubMsg->StubDesc->CsRoutineTables->pSizeConvertRoutines;
  2133. LocalSizeRoutine = CSRoutines[ pCSFormat->CSRoutineIndex].pfnLocalSize;
  2134. pFormat += pCSFormat->DescriptionOffset;
  2135. // Get the size of the data on the wire
  2136. WireLength = PtrToUlong( NdrpMemoryIncrement( pStubMsg, 0, pFormat ) );
  2137. LocalSizeRoutine(
  2138. pStubMsg->RpcMsg->Handle,
  2139. pStubMsg->pCSInfo->WireCodeset,
  2140. WireLength,
  2141. &ConversionType,
  2142. &ArraySize,
  2143. &status);
  2144. if ( RPC_S_OK != status )
  2145. RpcRaiseException( status );
  2146. pStubMsg->MemorySize += ArraySize * pCSFormat->UserTypeSize;
  2147. return pStubMsg->MemorySize;
  2148. }
  2149. #endif