[Bug 19720] Game (Amelie's Cafe) cannot be starten
wine-bugs at winehq.org
wine-bugs at winehq.org
Thu Aug 20 16:58:09 CDT 2009
http://bugs.winehq.org/show_bug.cgi?id=19720
--- Comment #24 from Juan Lang <juan_lang at yahoo.com> 2009-08-20 16:58:07 ---
(In reply to comment #23)
> In function bstr_to_utf8, the SysStringLen(bstr) call is returning a string
> length greater than the actual string, thus it buffer overruns.
The question is, why is the length of the BSTR bogus? Are they passing a WCHAR
* as a BSTR, and the length before it is whatever happens to be before it in
memory? This seems reasonably likely, as the length value seen in the log is:
=>0 0xb7e0d1da wine_utf8_wcstombs+0x16a(flags=<is not available>, src=0x341000,
srclen=2139062297, dst=0x0, dstlen=0)
[/home/pbouman/Bureaublad/wine-1.1.27/libs/wine/utf8.c:69] in libwine.so.1
(0x0032b80c)
2139062297 is 0x7f7f8019, which, at first glance, seems like an unreasonably
large XML document.
> If you change the call SysStringLen to strlenW, it appears to doesn't crash in
> the bstr_to_utf8 anymore, but properly not the right fix.
I don't see why not: UTF8 is also NULL-terminated, so converting additional
characters after the first NULL doesn't seem like it could be useful. A BSTR
is both length-prefixed and NULL-terminated, so if a NULL isn't found there's
an application bug anyway.
As always, tests would help. Two tests come to mind:
1. How does native behave with a BSTR that has a valid length (prefix), but no
NULL terminator?
2. How does native behave when passed a WCHAR * rather than a BSTR?
--
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.
More information about the wine-bugs
mailing list