[2/2] shlwapi: Fix crash in wvnsprintfW when buffer or spec is NULL
Sebastian Lackner
sebastian at fds-team.de
Sat May 7 09:21:41 CDT 2016
On 06.05.2016 03:56, 谢威 wrote:
> Crashes on windows and wine when buffer == NULL && maxlen > 0
>
>
> 0002-shlwapi-Fix-crash-in-wvnsprintfW-when-buffer-or-spec.patch
>
>
> From f60bd9a76cfc91cb873a15c69f35cea0c7950a68 Mon Sep 17 00:00:00 2001
> From: XieWei <xiewei at linuxdeepin.com>
> Date: Fri, 6 May 2016 09:49:34 +0800
> Subject: shlwapi: Fix crash in wvnsprintfW when buffer or spec is NULL
>
> Signed-off-by: XieWei <xiewei at linuxdeepin.com>
> ---
> dlls/shlwapi/wsprintf.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/dlls/shlwapi/wsprintf.c b/dlls/shlwapi/wsprintf.c
> index 6a36b6a..ceca82e 100644
> --- a/dlls/shlwapi/wsprintf.c
> +++ b/dlls/shlwapi/wsprintf.c
> @@ -439,6 +439,9 @@ INT WINAPI wvnsprintfW( LPWSTR buffer, INT maxlen, LPCWSTR spec, __ms_va_list ar
>
> TRACE("%p %u %s\n", buffer, maxlen, debugstr_w(spec));
>
> + if (maxlen <= 0 || (spec == NULL && buffer != NULL))
> + return -1;
The first part looks fine, but the second part is not really covered by tests.
In fact, you even added a comment that it crashes on Windows XP under a similar
situation. Do you really have an application which depends on it?
> +
> while (*spec && (maxlen > 1))
> {
> if (*spec != '%') { *p++ = *spec++; maxlen--; continue; }
> -- 2.7.0
>
>
>
More information about the wine-devel
mailing list