WoW crashes in 'wine_cp_mbstowcs' under certain circumstances.

Tomas Carnecky tom at
Mon Apr 17 13:23:17 CDT 2006

Jesse Allen wrote:
> On 4/17/06, Tomas Carnecky <tom at> wrote:
>> Jesse Allen wrote:
>>> On 4/17/06, Tomas Carnecky <tom at> wrote:
>>>> Wine doesn't crash in this function, sorry, it's a bug in pf_vsnprintf()
>>>> which causes snprintf() to write beyond the end of the buffer.
>>>> I've attached a patch that fixes it for me, but it's probably better not
>>>> to create such large buffers on the stack.
>>>> Anyone with a better fix?
>>> I think the patch breaks printing fields larger than 400. I think the
>>> existing code should have been able to handle very large fields by
>>> allocating the memory to do it. I think more investigation is needed.
>> I thought that, too, but 'flags.FieldLength' was always zero, so the
>> function always used the 40-character buffer.
> In the case that it is specified greater than 400, it will break.

What makes you think so? Sure the string buffer in the msvcrt test
application isn't big enought to hold a 500 character string, but when I
increase it it works fine.


More information about the wine-devel mailing list