[Bug 8361] Buffer overrun in TOOLTIPS_GetDispInfoW()
Wine Bugs
wine-bugs at winehq.org
Tue May 29 12:01:52 CDT 2007
http://bugs.winehq.org/show_bug.cgi?id=8361
------- Additional Comments From mikolaj.zalewski at gmail.com 2007-29-05 12:01 -------
I see that the patch didn't get in. This could be because you didn't include
your real name in the e-mail to wine-patches. Another reason could be that even
after your patch the code doesn't work well when the user text is longer than
max_len - the string isn't NULL-terminated (copying one character less in memcpy
should work - Alloc initializes the buffer to zero. Or you may use lstrcpynW -
unlike strcpy it NULL-terminates the string).
It would be also nice if you would look into GetDispInfoA - MultiByteToWideChar
has the same problem of looking beyond the end of the buffer.
--
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the wine-bugs
mailing list