winex11.drv: Fix crash by long preedit text. [take 2]
Kusanagi Kouichi
slash at ma.neweb.ne.jp
Thu Mar 20 14:52:49 CDT 2008
Use HeapAlloc() to allocate buffer.
If on-the-spot style is used and preedit text exceeds 64 chars, wine crashes.
---
dlls/winex11.drv/xim.c | 23 ++++++++++++++++-------
1 files changed, 16 insertions(+), 7 deletions(-)
diff --git a/dlls/winex11.drv/xim.c b/dlls/winex11.drv/xim.c
index a586af2..4c6c6b2 100644
--- a/dlls/winex11.drv/xim.c
+++ b/dlls/winex11.drv/xim.c
@@ -293,9 +293,6 @@ static void XIMPreEditDoneCallback(XIC ic, XPointer client_data, XPointer call_d
static void XIMPreEditDrawCallback(XIM ic, XPointer client_data,
XIMPreeditDrawCallbackStruct *P_DR)
{
- DWORD dwOutput;
- WCHAR wcOutput[64];
-
TRACE("PreEditDrawCallback %p\n",ic);
if (P_DR)
@@ -306,14 +303,26 @@ static void XIMPreEditDrawCallback(XIM ic, XPointer client_data,
{
if (! P_DR->text->encoding_is_wchar)
{
+ DWORD dwOutput;
+ WCHAR *wcOutput;
+
TRACE("multibyte\n");
dwOutput = MultiByteToWideChar(CP_UNIXCP, 0,
P_DR->text->string.multi_byte, -1,
- wcOutput, 64);
+ NULL, 0);
+ wcOutput = HeapAlloc(GetProcessHeap(), 0, sizeof (WCHAR) * dwOutput);
+ if (wcOutput)
+ {
+
+ dwOutput = MultiByteToWideChar(CP_UNIXCP, 0,
+ P_DR->text->string.multi_byte, -1,
+ wcOutput, dwOutput);
- /* ignore null */
- dwOutput --;
- X11DRV_ImmSetInternalString (GCS_COMPSTR, sel, len, wcOutput, dwOutput);
+ /* ignore null */
+ dwOutput --;
+ X11DRV_ImmSetInternalString (GCS_COMPSTR, sel, len, wcOutput, dwOutput);
+ HeapFree(GetProcessHeap(), 0, wcOutput);
+ }
}
else
{
--
1.5.4.4
More information about the wine-patches
mailing list