(fwd) Re: [Possible BUG]: Wine-20011108
Pavel Tsekov
ptsekov at syntrex.com
Mon Dec 10 02:17:39 CST 2001
Hello, Alexandre
Alexandre Julliard wrote:
>
> ptsekov at syntrex.com writes:
>
> > Thanks, for your analisys - the call to realloc () before the strcat ()
> > is unchecked indeed - however this means that wine fails repeatedly
> > every call to realloc (). If you could give me any pointers how to debug
> > further the problem I'll be glad to try and see whats going on exactly.
>
> realloc does not fail, but you are overflowing the buffer:
>
> 0806abc0:Call msvcrt.realloc(40382cac,00000020) ret=0040197e
> 0806abc0:Ret msvcrt.realloc() retval=40382cac ret=0040197e
> 0806abc0:Call msvcrt.strcat(40382cb5 "Cygwin/bin/",40382c60 "/pinco/panco") ret=004019ae
> 0806abc0:Ret msvcrt.strcat() retval=40382cb5 ret=004019ae
>
> You realloc 32 bytes but copy 33. And this is the bug:
>
> internalURL = (char *) realloc (internalURL,
> internalURLlen + strlen (schema + 1));
> ^^^^^^^^^^^^^^^^^^^^^
> you take the length of schema+1 but copy schema.
The light dawned - I see it now. I did assume too much - biased by the
fact
that the code ran just fine on Win2k and Linux. I was looking for
problems
there weren't any to be found :(
Thanks, Uwe and Alexandre for being patient with me.
>
> > Note that this code even with the unchecked calls to realloc () runs fine
> > on win2k and linux. Btw I'll add the additional checks but I still think there
> > is some kind of problem with wine.
>
> It could be argued that since it doesn't crash on Windows it shouldn't
> crash on Wine. But I suspect that with some other combination of
> strings you could make it crash on Windows too.
I dont want to argue - I just was fooled by the fact that it ran fine on
win :)
More information about the wine-users
mailing list