http://bugs.winehq.org/show_bug.cgi?id=4742 Summary: Message handling in dlls/user/edit.c may crash programs Product: Wine Version: unspecified Platform: PC OS/Version: Linux Status: UNCONFIRMED Severity: major Priority: P2 Component: wine-user AssignedTo: wine-bugs(a)winehq.org ReportedBy: qingdao33122(a)yahoo.com How to reproduce: 1. write a win32 program that use a multiline edit control. 2. try to change the buffer that holds text by following the procedure outlined in http://msdn.microsoft.com/library/default.asp?url=/library/en-us/shellcc/pla... Your program crashes. You can also create a VC6 Appwizard program, making sure your View class inherit from CEditView, run the program, then try to load a text file into the edit pane. (winetools users aren't exposed to this problem because MFC handles this differently when in win9x) Digging a little further into source and now I am fairly certain where the problem lies. When you send a EM_SETHANDLE message to an edit control, you normally should first free the orginal memory buffer it holds. When EM_SETHANDLE is being processed by EditWndProc_common the HLOCAL for the original buffer may well be invalid. EditWndProc_common seems to call EDIT_LockBuffer before it does anything. In EDIT_LockBuffer I see code like this: textA = LocalLock(es->hloc32A); countA = strlen(textA) + 1; The code above didn't check if textA is non-NULL before doing the strlen, that apparently crashes some programs, even beyond the EM_SETHANDLE case. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.