From 37745b093d87596fc85902d4a911c8cd77b8536f Mon Sep 17 00:00:00 2001 From: Nikolay Sivov Date: Thu, 25 Aug 2016 20:57:16 +0300 Subject: [PATCH] oleaut32: Fix AddFuncDesc() to ignore scodes array length when NULL array pointer is passed. Signed-off-by: Nikolay Sivov Signed-off-by: Huw Davies Signed-off-by: Alexandre Julliard --- dlls/oleaut32/tests/typelib.c | 2 ++ dlls/oleaut32/typelib.c | 6 ++++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/dlls/oleaut32/tests/typelib.c b/dlls/oleaut32/tests/typelib.c index 4f43cfeef50..3fdd245aec7 100644 --- a/dlls/oleaut32/tests/typelib.c +++ b/dlls/oleaut32/tests/typelib.c @@ -2033,6 +2033,8 @@ static void test_CreateTypeLib(SYSKIND sys) { funcdesc.lprgelemdescParam = NULL; funcdesc.invkind = INVOKE_FUNC; funcdesc.cParams = 0; + funcdesc.cScodes = 1; + funcdesc.lprgscode = NULL; hres = ICreateTypeInfo_AddFuncDesc(createti, 1, &funcdesc); ok(hres == S_OK, "got %08x\n", hres); diff --git a/dlls/oleaut32/typelib.c b/dlls/oleaut32/typelib.c index b0ee5f220c7..4fdfbeb5442 100644 --- a/dlls/oleaut32/typelib.c +++ b/dlls/oleaut32/typelib.c @@ -10431,11 +10431,13 @@ static HRESULT WINAPI ICreateTypeInfo2_fnAddFuncDesc(ICreateTypeInfo2 *iface, if (tmp_func_desc.funcdesc.oVft != 0) tmp_func_desc.funcdesc.oVft |= 1; - if (funcDesc->cScodes) { + if (funcDesc->cScodes && funcDesc->lprgscode) { tmp_func_desc.funcdesc.lprgscode = heap_alloc(sizeof(SCODE) * funcDesc->cScodes); memcpy(tmp_func_desc.funcdesc.lprgscode, funcDesc->lprgscode, sizeof(SCODE) * funcDesc->cScodes); - } else + } else { tmp_func_desc.funcdesc.lprgscode = NULL; + tmp_func_desc.funcdesc.cScodes = 0; + } buf_size = TLB_SizeElemDesc(&funcDesc->elemdescFunc); for (i = 0; i < funcDesc->cParams; ++i) {