Another pack4 issue (fwd)

Francois Gouget fgouget at
Tue Nov 27 17:49:38 CST 2001

On Fri, 23 Nov 2001, Dmitry Timoshkov wrote:
> "Francois Gouget" <fgouget at> wrote:
> It's because according to ntddk.h from NT4 DDK info->LastWriteTime
> is LARGE_INTEGER. Please look at my patch a bit carefully.

   Sorry, I missed that part (I was in a hurry at the time, it's
always bad). 

> > +    UINT    type;
> > +    LPVOID  pvFilter;
> > 
> >    I don't see these two fields on Windows. Same thing for the W
> > version. That's with the VC 6 headers.
> It's in July 2000 PlatformSDK as well as in MSDN online.

   It means that the Visual C++ 6.0 SP3 headers are too old and cannot
be trusted anymore.
   Still, this kind of change (adding new fields) worries me. Of course
we have to add these fields but it means we must be very careful not to
access the extra fields unless we know they are present.
   For instance in HEADER_GetItemA we return information in an HDITEMA
structure allocated by the application. Currently it is correct, but
let's just imagine that someone adds a 'memset(phdi,0,sizeof(*phdi))'
(as is quite commonly done). If the application has been compiled with
an old version of the headers then we will have a buffer overflow ->

   So the handling of such structures requires special care. It may be a
good idea to record somewhere that the size of the structure has
changed. Maybe in the header as follows:

    /* Fields added for IE 5 */
    UINT    type;
    LPVOID  pvFilter;

or even full-blown '#if _WIN32_IE >= xxx' though we don't do this sort
of thing usually.

   Well, it's a pretty good work in any case and is quite likely to fix
a lot of mysterious crashes.

Francois Gouget         fgouget at
May your Tongue stick to the Roof of your Mouth with the Force of a Thousand Caramels.

More information about the wine-devel mailing list