[RPCRT4] Better handle buffers reallocation failure case (#8461)

Addendum to commit 7f1075986f (PR #8305). Addresses review comment https://github.com/reactos/reactos/pull/8305#discussion_r2505628716 In `expand_pointer_table_if_necessary()`, if any of the `RefIdToPointer` `XlatTable` or `StateTable` buffers failed to be reallocated, the `realloc()` call would return NULL while the underlying buffer still be valid. Directly assigning the reallocation result to the pointers would then leak the buffers. With this fix, the `realloc()` result is stored in a temporary pointer. If the result is NULL, we free the original buffer, since the intended code behaviour is to reset all the tables. If the result is a valid pointer to the reallocated buffer, then we can use it instead.
2026-05-31 16:31:07 +08:00 · 2025-11-14 20:38:25 +01:00
parent 87226107f4
commit 0f9cdb395a
2 changed files with 30 additions and 1 deletions
--- a/dll/win32/rpcrt4/ndr_fullpointer.c
+++ b/dll/win32/rpcrt4/ndr_fullpointer.c
@@ -86,12 +86,41 @@ static void expand_pointer_table_if_necessary(PFULL_PTR_XLAT_TABLES pXlatTables,
 {
    if (RefId >= pXlatTables->RefIdToPointer.NumberOfEntries)
    {
+#ifdef __REACTOS__
+        void* ptrNew;
+        ptrNew = realloc(pXlatTables->RefIdToPointer.XlatTable, sizeof(void *) * RefId * 2);
+        if (!ptrNew)
+        {
+            ERR("Couldn't reallocate RefIdToPointer.XlatTable from %lu to %lu entries\n",
+                pXlatTables->RefIdToPointer.NumberOfEntries, RefId * 2);
+            free(pXlatTables->RefIdToPointer.XlatTable);
+        }
+        pXlatTables->RefIdToPointer.XlatTable = ptrNew;
+        if (ptrNew)
+        {
+            ptrNew = realloc(pXlatTables->RefIdToPointer.StateTable, RefId * 2);
+            if (!ptrNew)
+            {
+                ERR("Couldn't reallocate RefIdToPointer.StateTable from %lu to %lu entries\n",
+                    pXlatTables->RefIdToPointer.NumberOfEntries, RefId * 2);
+                free(pXlatTables->RefIdToPointer.StateTable);
+            }
+            pXlatTables->RefIdToPointer.StateTable = ptrNew;
+        }
+#else
        pXlatTables->RefIdToPointer.XlatTable =
            realloc(pXlatTables->RefIdToPointer.XlatTable, sizeof(void *) * RefId * 2);
        pXlatTables->RefIdToPointer.StateTable =
            realloc(pXlatTables->RefIdToPointer.StateTable, RefId * 2);
+#endif
        if (!pXlatTables->RefIdToPointer.XlatTable || !pXlatTables->RefIdToPointer.StateTable)
        {
+#ifdef __REACTOS__
+            free(pXlatTables->RefIdToPointer.XlatTable);
+            free(pXlatTables->RefIdToPointer.StateTable);
+            pXlatTables->RefIdToPointer.XlatTable = NULL;
+            pXlatTables->RefIdToPointer.StateTable = NULL;
+#endif
            pXlatTables->RefIdToPointer.NumberOfEntries = 0;
            return;
        }
--- a/media/doc/WINESYNC.txt
+++ b/media/doc/WINESYNC.txt
@@ -173,7 +173,7 @@ dll/win32/regapi              # Synced to WineStaging-5.7
 dll/win32/resutils            # Synced to WineStaging-3.3
 dll/win32/riched20            # Synced to Wine-10.0
 dll/win32/riched32            # Synced to WineStaging-3.3
-dll/win32/rpcrt4              # Synced to WineStaging-4.18
+dll/win32/rpcrt4              # Synced to Wine-10.0
 dll/win32/rsabase             # Synced to WineStaging-3.3
 dll/win32/rsaenh              # Synced to WineStaging-2.9
 dll/win32/sccbase             # Synced to WineStaging-4.18