[Bug 13319] In dlls/user32/edit.c EDIT_EM_ReplaceSel Clobbers Important Var When Buffer Overflows
wine-bugs at winehq.org
wine-bugs at winehq.org
Fri May 30 11:57:46 CDT 2008
http://bugs.winehq.org/show_bug.cgi?id=13319
--- Comment #19 from Lei Zhang <thestig at google.com> 2008-05-30 11:57:46 ---
> (In reply to comment #14)
> I'm not sure exactly what broke in unit tests (perhaps you can elaborate), but
> the proposed patch doesn't fill the buffer with all of the data.
>
> I added more code to the test case to show the problem.
>
We have a set of conformance tests that run and pass under Windows. On Wine,
they should all pass as well. When I applied your patch, some of the tests
failed.
I ran your second test on Windows XP, and it reported "not enough data in the
edit control", whereas on Wine, it says "just the right amount". With my patch,
Wine has the same behavior as Windows.
> Fundamentally, any reassignment of <strl> which doesn't depend on
> strlenW(lpsz_replace) can't work.
>
Sure it works. There's a limit to how much the edit control can hold. When
lpsz_replace is too long, we need to set strl to something lower.
--
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.
More information about the wine-bugs
mailing list