[PATCH] comctl32: cchTextMax in TVN_ENDLABELEDIT should be the full buffer size
Damjan Jovanovic
damjan.jov at gmail.com
Sat Nov 9 20:26:58 CST 2019
In Password Safe, when the user edits a tree view label, and removes
brackets, the application wants to restore the original, longer
string. It does this by editing pszText within the TVITEM.
It determines the length of the buffer from cchTextMax. Windows passes
260 and all is well. Wine passes strlenW(pszText)+1, which is of
minimal length, and trying to copy a longer string into it causes
the MSVC runtime to falsely detect a buffer overflow and raise
an exception, crashing the application.
Let's pass 260 like Windows.
Closes #16808.
Signed-off-by: Damjan Jovanovic <damjan.jov at gmail.com>
---
dlls/comctl32/tests/treeview.c | 8 +++++++-
dlls/comctl32/treeview.c | 2 +-
2 files changed, 8 insertions(+), 2 deletions(-)
-------------- next part --------------
diff --git a/dlls/comctl32/tests/treeview.c b/dlls/comctl32/tests/treeview.c
index 56b6c6adbe..a15d63e299 100644
--- a/dlls/comctl32/tests/treeview.c
+++ b/dlls/comctl32/tests/treeview.c
@@ -1320,7 +1320,13 @@ static LRESULT CALLBACK parent_wnd_proc(HWND hWnd, UINT message, WPARAM wParam,
break;
}
- case TVN_ENDLABELEDITA: return TRUE;
+ case TVN_ENDLABELEDITA:
+ {
+ NMTVDISPINFOA *disp = (NMTVDISPINFOA *)lParam;
+ if (disp->item.mask & TVIF_TEXT)
+ ok(disp->item.cchTextMax == 260, "cchTextMax is %d\n", disp->item.cchTextMax);
+ return TRUE;
+ }
case TVN_ITEMEXPANDINGA:
{
UINT newmask = pTreeView->itemNew.mask & ~TVIF_CHILDREN;
diff --git a/dlls/comctl32/treeview.c b/dlls/comctl32/treeview.c
index 3c73964304..afe16a0f21 100644
--- a/dlls/comctl32/treeview.c
+++ b/dlls/comctl32/treeview.c
@@ -4017,7 +4017,7 @@ TREEVIEW_EndEditLabelNow(TREEVIEW_INFO *infoPtr, BOOL bCancel)
tvdi.item.mask = TVIF_TEXT;
tvdi.item.pszText = tmpText;
- tvdi.item.cchTextMax = iLength + 1;
+ tvdi.item.cchTextMax = TEXT_CALLBACK_SIZE;
}
else
{
More information about the wine-devel
mailing list