fix overflow in several advapi32 crypt functions hidden by broken WideCharToMultiByte

Detlef Riekenberg at
Thu Jul 2 14:25:32 CDT 2009

On Mo, 2009-06-29 at 16:49 +0900, Dmitry Timoshkov wrote:
> "Christoph von Wittich" <Christoph at> wrote:
> > + if (*pcbProvName > INT_MAX)
> > + *pcbProvName = INT_MAX;
> In which way WideCharToMultiByte is broken? It always helps to provide
> an explanation and if possible a test case.

While working on the tests for shlwapi/SHUnicodeToAnsiCP,
i stumbled also over the broken handling of a negative dstlen in
We already have a test for this case, marked with todo_wine.

Fixing kernel32 was easy, so i send a Patch:

Unfortunately, WideCharToMultiByte is called with a negative dstlen
from the Wine source.
(convert_PCREDENTIALW_to_PCREDENTIALA, but there might be more

Christoph, are you working on this issue?
Otherwise i will take a look on the weekend, as I want to get
my tests for SHUnicodeToAnsiCP in the tree.

By by ... Detlef

More information about the wine-devel mailing list