WoW crashes in 'wine_cp_mbstowcs' under certain circumstances.

Jesse Allen the3dfxdude at gmail.com
Mon Apr 17 12:50:36 CDT 2006


On 4/17/06, Tomas Carnecky <tom at dbservice.com> wrote:
> Jesse Allen wrote:
> > On 4/17/06, Tomas Carnecky <tom at dbservice.com> wrote:
> >> Wine doesn't crash in this function, sorry, it's a bug in pf_vsnprintf()
> >> which causes snprintf() to write beyond the end of the buffer.
> >>
> >> I've attached a patch that fixes it for me, but it's probably better not
> >> to create such large buffers on the stack.
> >> Anyone with a better fix?
> >>
> > I think the patch breaks printing fields larger than 400. I think the
> > existing code should have been able to handle very large fields by
> > allocating the memory to do it. I think more investigation is needed.
> >
>
> I thought that, too, but 'flags.FieldLength' was always zero, so the
> function always used the 40-character buffer.
>
> tom
>

In the case that it is specified greater than 400, it will break.



More information about the wine-devel mailing list