[Bug 4742] Message handling in dlls/user/edit.c may crash programs

Wine Bugs wine-bugs at winehq.org
Mon Mar 6 08:30:04 CST 2006


------- Additional Comments From qingdao33122 at yahoo.com  2006-06-03 08:30 -------
I don't have stable internet access, so I'd rather not subscribe to
many lists. Besides I am unfamiliar with the whole process, haven't even used

Anyway I added the following test to my local dlls/user/tests/edit.c

static void test_em_sethandle(void)
    HWND hEdit;
    HLOCAL hLocal, hOld;
    char *buffer;
    trace("EDIT: EM_SETHANDLE\n");
    hEdit = create_editcontrol(WS_BORDER | ES_MULTILINE, 0);
    hLocal = (HLOCAL)LocalAlloc(LMEM_MOVEABLE, 100);

    buffer = LocalLock(hLocal);

    strcpy(buffer, "Hello!");


    hOld = (HLOCAL)SendMessage(hEdit, EM_GETHANDLE, 0, 0);


    SendMessage(hEdit, EM_SETHANDLE, (WPARAM)hLocal, 0);


I've also temporarily fixed the crash problem by adding a test
mentioned in the orginal post.
/*    countA = strlen(textA) + 1;
          countA = strlen(textA) + 1;

But the real problem is still there: when handling the EM_SETHANDLE message
the current code frees the old memory. It shoudn't. According to MSDN
 users of this control should free the old memory manually.

 Hope that current maintainer of this file will take a look into it and come
 up with a patch.

Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the wine-bugs mailing list