In cases where this could have been use-after-free, exceptions were
caught/hidden by RpcTryFinally, but still lead to leaks since
NdrProxyFreeBuffer wasn't able to call IRPCChannelBuffer::FreeBuffer.
StdProxy_GetChannel() now AddRef() on its return value (used to set
__proxy_frame::_StubMsg::pRpcChannelBuffer), and NdrProxyFreeBuffer()
calls the corresponding Release() and clears the now-weak pointer.
This makes the behavior of these function match the observed test
results, and fixes the crash/leak when a proxy is released mid-Invoke.
It's possible for a proxy to be released during the middle of an Invoke.
E.g. a specific case where this happened was a single-shot event sink
which, upon receiving the event it was waiting for, would immediately
call DispEventUnadvise. This removed the proxy pointing to that sink
from the connection point's list of subscribers and released the last
refcount on the proxy itself.
Therefore, all state used to complete an RPC call must be on the stack;
once NdrProxySendReceive pumps STA messages and permits reentrancy,
the proxy cannot be accessed or relied on to own anything.
Add test showing MIDL_STUB_MESSAGE::pRpcChannelBuffer owns a refcount
(to ensure it can read [out] parameters from the channel)
Besides PathGetDriveNumber being dangerous and having a completely messed
up result with \\?\ prefix, a backslash is not required anymore on newer
Windows versions. So e.g. C: should succeed to be parsed.
Signed-off-by: Gabriel Ivăncescu <gabrielopcode@gmail.com>
Props allocated with dispex_get_dprop_ref or dispex_get_dynid are purely
internal to our implementation and must not be enumerated.
Note that in case of window, the props themselves become enumerable, but the
dynamic props must still be hidden, since it's the custom prop that refers
to it that must be enumerated (i.e. the DISPID must match with the custom
prop, not the underlying dynamic prop backing it, which would violate the
former DISPID obtained for the respective name).
Signed-off-by: Gabriel Ivăncescu <gabrielopcode@gmail.com>
If properties were added during enumeration, for example on the prototype,
they are actually visited in mshtml scripts in any mode.
Signed-off-by: Gabriel Ivăncescu <gabrielopcode@gmail.com>
It should fix the errors around line 1370 in conhost/tests/tty.c, but
it doesn't fix other errors around line 1530 and 1550 which are
completly unrelated to this change. So failures to be expected on the
latter.
Wine-Bug: https://bugs.winehq.org/show_bug.cgi?id=52648
Signed-off-by: Eric Pouech <eric.pouech@gmail.com>
Partly reverting 99eb63bd7a
(it's still needed on Dwarf for blocks with multiple
non-contiguous address ranges).
Signed-off-by: Eric Pouech <eric.pouech@gmail.com>
Current code skips a character and goes on to run is_namechar the next
instead of the current character ultimately always running a null
string on is_namechar and therefore always returning error on
multi-character strings
Signed-off-by: David Kahurani <k.kahurani@gmail.com>