fix overflow in several advapi32 crypt functions hidden by broken WideCharToMultiByte
Detlef Riekenberg
wine.dev at web.de
Thu Jul 2 14:25:32 CDT 2009
On Mo, 2009-06-29 at 16:49 +0900, Dmitry Timoshkov wrote:
> "Christoph von Wittich" <Christoph at ApiViewer.de> wrote:
>
> > + if (*pcbProvName > INT_MAX)
> > + *pcbProvName = INT_MAX;
>
> In which way WideCharToMultiByte is broken? It always helps to provide
> an explanation and if possible a test case.
While working on the tests for shlwapi/SHUnicodeToAnsiCP,
i stumbled also over the broken handling of a negative dstlen in
WideCharToMultiByte.
We already have a test for this case, marked with todo_wine.
Fixing kernel32 was easy, so i send a Patch:
http://www.winehq.org/pipermail/wine-patches/2009-June/075165.html
Unfortunately, WideCharToMultiByte is called with a negative dstlen
from the Wine source.
(convert_PCREDENTIALW_to_PCREDENTIALA, but there might be more
locations.)
Christoph, are you working on this issue?
Otherwise i will take a look on the weekend, as I want to get
my tests for SHUnicodeToAnsiCP in the tree.
--
By by ... Detlef
More information about the wine-devel
mailing list