From 290b0b5b19ef0123a9cc0e178b08937c0a2053cb Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Tue, 16 Aug 2005 23:19:17 +0000
Subject: r9335: only copy the in side of an array to the out side of an array
 when the array is a [ref] pointer. For non-ref arrays it is quite valid for a
 server to return a larger response array then the client gave (as can happen
 with winreg) in which case this memcpy() will fault. (This used to be commit
 6cf20e7adb9891119fdc9a0b208c3f94fe823334)

---
 source4/build/pidl/Parse/Pidl/Samba/NDR/Parser.pm | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/source4/build/pidl/Parse/Pidl/Samba/NDR/Parser.pm b/source4/build/pidl/Parse/Pidl/Samba/NDR/Parser.pm
index cde96ca0b2..4cc0dd9184 100644
--- a/source4/build/pidl/Parse/Pidl/Samba/NDR/Parser.pm
+++ b/source4/build/pidl/Parse/Pidl/Samba/NDR/Parser.pm
@@ -1812,7 +1812,8 @@ sub AllocateArrayLevel($$$$$)
 	}
 
 	if (grep(/in/,@{$e->{DIRECTION}}) and
-	    grep(/out/,@{$e->{DIRECTION}})) {
+	    grep(/out/,@{$e->{DIRECTION}}) and
+	    $pl->{POINTER_TYPE} eq "ref") {
 		pidl "memcpy(r->out.$e->{NAME},r->in.$e->{NAME},$size * sizeof(*r->in.$e->{NAME}));";
 	}
 }
-- 
cgit