[Bug 4742] Message handling in dlls/user/edit.c may crash programs
Wine Bugs
wine-bugs at winehq.org
Mon Mar 6 08:30:04 CST 2006
http://bugs.winehq.org/show_bug.cgi?id=4742
------- Additional Comments From qingdao33122 at yahoo.com 2006-06-03 08:30 -------
I don't have stable internet access, so I'd rather not subscribe to
many lists. Besides I am unfamiliar with the whole process, haven't even used
'diff'.
Anyway I added the following test to my local dlls/user/tests/edit.c
static void test_em_sethandle(void)
{
HWND hEdit;
HLOCAL hLocal, hOld;
char *buffer;
trace("EDIT: EM_SETHANDLE\n");
hEdit = create_editcontrol(WS_BORDER | ES_MULTILINE, 0);
hLocal = (HLOCAL)LocalAlloc(LMEM_MOVEABLE, 100);
buffer = LocalLock(hLocal);
strcpy(buffer, "Hello!");
LocalUnlock(hLocal);
hOld = (HLOCAL)SendMessage(hEdit, EM_GETHANDLE, 0, 0);
LocalFree(hOld);
SendMessage(hEdit, EM_SETHANDLE, (WPARAM)hLocal, 0);
DestroyWindow(hEdit);
}
I've also temporarily fixed the crash problem by adding a test
mentioned in the orginal post.
/* countA = strlen(textA) + 1;
*/
if(textA){
countA = strlen(textA) + 1;
}
But the real problem is still there: when handling the EM_SETHANDLE message
the current code frees the old memory. It shoudn't. According to MSDN
users of this control should free the old memory manually.
Hope that current maintainer of this file will take a look into it and come
up with a patch.
--
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the wine-bugs
mailing list