(fwd) Re: [Possible BUG]: Wine-20011108
Alexandre Julliard
julliard at winehq.com
Sun Dec 9 12:06:26 CST 2001
ptsekov at syntrex.com writes:
> Thanks, for your analisys - the call to realloc () before the strcat ()
> is unchecked indeed - however this means that wine fails repeatedly
> every call to realloc (). If you could give me any pointers how to debug
> further the problem I'll be glad to try and see whats going on exactly.
realloc does not fail, but you are overflowing the buffer:
0806abc0:Call msvcrt.realloc(40382cac,00000020) ret=0040197e
0806abc0:Ret msvcrt.realloc() retval=40382cac ret=0040197e
0806abc0:Call msvcrt.strcat(40382cb5 "Cygwin/bin/",40382c60 "/pinco/panco") ret=004019ae
0806abc0:Ret msvcrt.strcat() retval=40382cb5 ret=004019ae
You realloc 32 bytes but copy 33. And this is the bug:
internalURL = (char *) realloc (internalURL,
internalURLlen + strlen (schema + 1));
^^^^^^^^^^^^^^^^^^^^^
you take the length of schema+1 but copy schema.
> Note that this code even with the unchecked calls to realloc () runs fine
> on win2k and linux. Btw I'll add the additional checks but I still think there
> is some kind of problem with wine.
It could be argued that since it doesn't crash on Windows it shouldn't
crash on Wine. But I suspect that with some other combination of
strings you could make it crash on Windows too.
--
Alexandre Julliard
julliard at winehq.com
More information about the wine-users
mailing list