WoW crashes in 'wine_cp_mbstowcs' under certain circumstances.
tom at dbservice.com
Mon Apr 17 13:23:17 CDT 2006
Jesse Allen wrote:
> On 4/17/06, Tomas Carnecky <tom at dbservice.com> wrote:
>> Jesse Allen wrote:
>>> On 4/17/06, Tomas Carnecky <tom at dbservice.com> wrote:
>>>> Wine doesn't crash in this function, sorry, it's a bug in pf_vsnprintf()
>>>> which causes snprintf() to write beyond the end of the buffer.
>>>> I've attached a patch that fixes it for me, but it's probably better not
>>>> to create such large buffers on the stack.
>>>> Anyone with a better fix?
>>> I think the patch breaks printing fields larger than 400. I think the
>>> existing code should have been able to handle very large fields by
>>> allocating the memory to do it. I think more investigation is needed.
>> I thought that, too, but 'flags.FieldLength' was always zero, so the
>> function always used the 40-character buffer.
> In the case that it is specified greater than 400, it will break.
What makes you think so? Sure the string buffer in the msvcrt test
application isn't big enought to hold a 500 character string, but when I
increase it it works fine.
More information about the wine-devel