mmio: Ensure FOURCC string conversions are null-terminated.

Eric Pouech eric.pouech at
Sun Jul 18 10:53:20 CDT 2010

the explanations for the bug fix look really strange
all the printf use %4.4s form, which will limit output to only 4 chars,
whatever the string is terminated or not
so the crash doesn't come from here
looking quickly at the patch, several remark arise
- in the second & third modification to the TRACE call, are you sure the
test to srcType is relevant (I don't have the code handy, but it may be a
wrong cut & paste)
- more importantly, as the %4.4s form implies a 4 char strings, the strings
used in case of NULL value must be 4 characters long, instead we may get
into trouble
2010/7/18 Tim Cadogan-Cowper <tccowper at>

> Three TRACE debug calls in the mmioDescend function of mmio.c attempt
> to print FOURCC data, by directly casting it to LPCSTR.  This is
> dangerous as: (i) FOURCC data types are DWORDs, i.e. four bytes (one for
> each char), with no null terminating byte (see
>; and
> (ii) it assumes the byte order on the host architecture is little  endian.
> Because the LPCSTR casts are not necessarily null-terminated there will
> occasionally be buffer overflows in mmio's TRACE debug strings, with a
> consequent crash to desktop and debug output beginning with
>  'wine_dbg_vprintf:
> debugstr buffer overflow...'  For a consistent and predictable case  where
> this
> occurs, see Bug 10280 "Oblivion: Horse Armour Crash"
> (
> This patch fixes the problem (and any crashes caused by it) by using a
> new internal function in mmio - mmioFOURCCToString - which converts  FOURCC
> data to strings that are correctly null-terminated and respect byte  order.
> I have tested with Oblivion and can confirm it fixes Bug 10280 on my
> machine (ubuntu 10.04).  Furthermore the patch will ensure that chunk  IDs
> and
> fourccTypes are correctly printed in the mmio debug channel (at the  moment
> they are not).
> Tim

Eric Pouech
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the wine-patches mailing list