WoW crashes in 'wine_cp_mbstowcs' under certain circumstances.

Tomas Carnecky tom at dbservice.com
Mon Apr 17 12:43:28 CDT 2006


Jesse Allen wrote:
> On 4/17/06, Tomas Carnecky <tom at dbservice.com> wrote:
>> Wine doesn't crash in this function, sorry, it's a bug in pf_vsnprintf()
>> which causes snprintf() to write beyond the end of the buffer.
>>
>> I've attached a patch that fixes it for me, but it's probably better not
>> to create such large buffers on the stack.
>> Anyone with a better fix?
>>
> I think the patch breaks printing fields larger than 400. I think the
> existing code should have been able to handle very large fields by
> allocating the memory to do it. I think more investigation is needed.
> 

I thought that, too, but 'flags.FieldLength' was always zero, so the
function always used the 40-character buffer.

tom



More information about the wine-devel mailing list