Coverity doing scans of Wine codebase!

James Hawkins truiken at
Sun Apr 9 11:35:08 CDT 2006

On 4/8/06, Colin Wright <cdonline at> wrote:
> So although it would always return 0 it could set a bogus error.
> In the -1 example above we have same-sized buffers so the error is bogus.
> Bug.
> In the -2 example above we haven't even checked the strings so the error is
> bogus.
> Bug.

Like I said before, this isn't about WideCharToMultiByte being
'correct'; it's about the fact that Coverity's analysis of this
function is wrong, leading to a false positive.  The only person
that's going to send in a string long enough to overflow the size of
an int isn't going to care about the last error, only that the attack
didn't work, because we don't return a negative length and we don't
access the string with a negative index.  Besides, anyone can overflow
strlen with a long enough string in (I imagine) most libraries, so
there's not much we can do about that.  The expected behavior of this
function goes out the window if a user uses a string that long, and we
can't consider these bugs in that case.

James Hawkins

More information about the wine-devel mailing list