richedit: Prevent string trunction due to NULL characters.
Dylan Smith
dylan.ah.smith at gmail.com
Sat Feb 7 12:20:46 CST 2009
This bug can be seen by loading a text file with a NULL byte in it into
wordpad, then start typing before the NULL byte.
e.g.
echo -e 'before\0after' > testfile.txt
wine wordpad testfile.txt
The after will not get copied over properly in
ME_PrepareParagraphForWrapping since it calls ME_JoinRuns which copies
the string using lstrcpyW which truncates at the NULL byte. Using
memcpy instead fixes the problem.
There was an unused function ME_ConcatString that had the same bug, so I
decided to remove it since the function isn't needed anyways.
---
dlls/riched20/editor.h | 1 -
dlls/riched20/string.c | 28 +++++++++-------------------
2 files changed, 9 insertions(+), 20 deletions(-)
-------------- next part --------------
diff --git a/dlls/riched20/editor.h b/dlls/riched20/editor.h
index 1312363..e06a86d 100644
--- a/dlls/riched20/editor.h
+++ b/dlls/riched20/editor.h
@@ -95,7 +95,6 @@ ME_String *ME_MakeStringB(int nMaxChars);
ME_String *ME_StrDup(const ME_String *s);
void ME_DestroyString(ME_String *s);
void ME_AppendString(ME_String *s1, const ME_String *s2);
-ME_String *ME_ConcatString(const ME_String *s1, const ME_String *s2);
ME_String *ME_VSplitString(ME_String *orig, int nVPos);
int ME_IsWhitespaces(const ME_String *s);
int ME_IsSplitable(const ME_String *s);
diff --git a/dlls/riched20/string.c b/dlls/riched20/string.c
index 0bd751c..67b4d9c 100644
--- a/dlls/riched20/string.c
+++ b/dlls/riched20/string.c
@@ -90,35 +90,25 @@ void ME_DestroyString(ME_String *s)
void ME_AppendString(ME_String *s1, const ME_String *s2)
{
- if (s1->nLen+s2->nLen+1 <= s1->nBuffer) {
- lstrcpyW(s1->szData+s1->nLen, s2->szData);
- s1->nLen += s2->nLen;
- }
- else
+ if (s1->nLen+s2->nLen+1 <= s1->nBuffer)
{
+ memcpy(s1->szData + s1->nLen, s2->szData, s2->nLen * sizeof(WCHAR));
+ s1->nLen += s2->nLen;
+ s1->szData[s1->nLen] = 0;
+ } else {
WCHAR *buf;
s1->nBuffer = ME_GetOptimalBuffer(s1->nLen+s2->nLen+1);
- buf = ALLOC_N_OBJ(WCHAR, s1->nBuffer);
- lstrcpyW(buf, s1->szData);
- lstrcpyW(buf+s1->nLen, s2->szData);
+ buf = ALLOC_N_OBJ(WCHAR, s1->nBuffer);
+ memcpy(buf, s1->szData, s1->nLen * sizeof(WCHAR));
+ memcpy(buf + s1->nLen, s2->szData, s2->nLen * sizeof(WCHAR));
FREE_OBJ(s1->szData);
s1->szData = buf;
s1->nLen += s2->nLen;
+ s1->szData[s1->nLen] = 0;
}
}
-ME_String *ME_ConcatString(const ME_String *s1, const ME_String *s2)
-{
- ME_String *s = ALLOC_OBJ(ME_String);
- s->nLen = s1->nLen+s2->nLen;
- s->nBuffer = ME_GetOptimalBuffer(s1->nLen+s2->nLen+1);
- s->szData = ALLOC_N_OBJ(WCHAR, s->nBuffer);
- lstrcpyW(s->szData, s1->szData);
- lstrcpyW(s->szData+s1->nLen, s2->szData);
- return s;
-}
-
ME_String *ME_VSplitString(ME_String *orig, int charidx)
{
ME_String *s;
More information about the wine-patches
mailing list