[Bug 9324] New: Mp3Tag: crash when editing the "Year" field in some
cases
wine-bugs at winehq.org
wine-bugs at winehq.org
Tue Aug 14 23:40:31 CDT 2007
http://bugs.winehq.org/show_bug.cgi?id=9324
Summary: Mp3Tag: crash when editing the "Year" field in some
cases
Product: Wine
Version: CVS
Platform: PC
OS/Version: Linux
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: wine-comctl32
AssignedTo: wine-bugs at winehq.org
ReportedBy: the_unknown at gmx.net
Created an attachment (id=7595)
--> (http://bugs.winehq.org/attachment.cgi?id=7595)
winedbg output and backtrace after crash
wine 0.9.43 and last git version
gcc (GCC) 4.2.0 (Gentoo 4.2.0 p1.4)
Linux k8t800 2.6.22-gentoo-r3 #1 PREEMPT Tue Aug 14 17:33:41 CEST 2007 i686 AMD
Athlon(tm) 64 Processor 3500+ AuthenticAMD GNU/Linux
How to reproduce:
- download Mp3Tag v2.39 from http://www.mp3tag.de/en/download.html
- edit the date field of some OGG file with another editor (e.g. via
Properties->Meta Info in konqueror) to ensure it has more than 4 symbols in
that, e.g. "August 2007"
- open it with Mp3Tag
- select this file in the list
- place the cursor to the beginning of the string "August 2007" in the Year
field in tag panel (left panel)
- press "Delete" button
-> segfault
Relevant part of the winedbg output with some additional trace calls added by
me attached.
The problem is absent on Windows.
It seems that the maximal text length in the "year" combo box in Mp3Tag is set
to 4, but if a file with more text in the "Year" field is loaded, it is showed
in the corresponding combo box tough.
This causes a negative string length in a calculation in EDIT_EM_ReplaceSel
function in dlls/user32/edit.c:3208 and a buffer overflow later (line 3236).
I've made a patch which seems to work fine and do not cause unneeded side
effects, but I'm not very familiar with wine internals so better check it :)
I'll provide additional info if needed.
--
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
More information about the wine-bugs
mailing list