Seems like I'm unable to review my code...
>
>> + if(desc->pos + len > desc->size) len = desc->size - desc->pos;
> It's usually safer to write expressions like that as "if (len >
> desc->size - desc->pos)" because "desc->pos + len" can wrap around if
> len is large, while "desc->size - desc->pos" should always be safe.
> Perhaps the caller is expected to always pass sane values here, but
> it's a somewhat dangerous construction in the general case in terms of
> reading/writing past the end of buffers. It can also be simplified to
> "len = min(len, desc->size - desc->pos);" here.
Sure. Better to go with something like "len = len < (desc->size -
desc->pos) ? len : desc->size - desc->pos" or creating a "min"
function?
>
>> + if(wpp_output_size + len > wpp_output_capacity)
> Similar issue as above.
>
>> +int wpp_close_output(void)
>> +{
>> + /* trim buffer to the effective size */
>> + char *new_wpp_output = HeapReAlloc(GetProcessHeap(), 0, wpp_output,
>> + wpp_output_size + 1);
>> + if(!new_wpp_output) return 0;
>> + wpp_output[wpp_output_size]='\0';
>> + return 1;
>> +}
> This doesn't really make sense. The comment is misleading, because you
> actually grow the buffer if "wpp_output_size == wpp_output_capacity".
> If you didn't, you wouldn't care about HeapRealloc() failure because
> the worst thing that could happen was that the buffer was a bit larger
> than it strictly needed to be. More importantly though, you assume
> new_wpp_output is the same pointer as wpp_output after a successful
> HeapReAlloc(), which isn't necessarily true.
>
Yep, this is clearly broken. Will fix it.
>> + current_shader.buffer = HeapAlloc(GetProcessHeap(), 0, data_len + 1);
> ...
>> + ret = wpp_parse("", NULL);
>> + if(!wpp_close_output())
>> + ret = 1;
>> + if(ret)
>> + {
>> + TRACE("Error during shader preprocessing\n");
>> + HeapFree(GetProcessHeap(), 0, current_shader.buffer);
> I don't think it's very nice to have the HeapAlloc() and HeapFree() on
> different levels of the code like that. I.e., either have both in
> wpp_open_mem()/wpp_close_mem() or have both in the caller. The current
> scheme has the allocation in the caller and the deallocation in
> wpp_close_mem(), except sometimes when wpp_parse() fails to call
> wpp_close_mem(). (Can that even happen? Looking at the source of
> wpp_parse() it's not clear to me how.) Also, does wpp_parse() really
> need the input to be zero-terminated?
wpp_parse() doesn't call wpp_close_mem() if the call to
pp_push_define_state() fails (can fail in out-of-memory conditions),
so the extra HeapFree was there for this case. Anyway, as you noticed,
there is no need to null-terminate wpp input (while there is this need
for the shader parser), so the entire
allocation-copy-nulltermination-deallocation is useless...
