[PATCH 03/17] shell32/autocomplete: Handle heap_alloc failure and avoid a potential buffer overflow
Gabriel Ivăncescu
gabrielopcode at gmail.com
Thu Sep 6 10:05:49 CDT 2018
On Thu, Sep 6, 2018 at 5:51 PM, Huw Davies <huw at codeweavers.com> wrote:
>
> What does Windows do if it's passed %12s for example?
>
> Huw.
On Windows XP it works fine (Internet Explorer uses it) and shows what
you'd expect from %12s. It's mostly for user interaction anyway, so I
think Microsoft have some leeway in changing it in each version.
That being said, I honestly don't think that copying security
vulnerabilities from Windows is a good idea, even if it's technically
"correct". It's not a good idea to crash on such invalid input in my
opinion, even if an (unpatched?) Windows version does, especially
since said input is external to the application.
More information about the wine-devel
mailing list