Three TRACE debug calls in the mmioDescend function of mmio.c attempt
to print FOURCC data, by directly casting it to LPCSTR. �This is
dangerous as: (i) FOURCC data types are DWORDs, i.e. four bytes (one for
each char), with no null terminating byte (see
http://msdn.microsoft.com/en-us/library/dd375802%28VS.85%29.aspx); and
(ii) it assumes the byte order on the host architecture is little �endian.

Because the LPCSTR casts are not necessarily null-terminated there will
occasionally be buffer overflows in mmio's TRACE debug strings, with a
consequent crash to desktop and debug output beginning with �'wine_dbg_vprintf:
debugstr buffer overflow...' �For a consistent and predictable case �where this
occurs, see Bug 10280 "Oblivion: Horse Armour Crash"
(http://bugs.winehq.org/show_bug.cgi?id=10280).

This patch fixes the problem (and any crashes caused by it) by using a
new internal function in mmio - mmioFOURCCToString - which converts �FOURCC
data to strings that are correctly null-terminated and respect byte �order.
I have tested with Oblivion and can confirm it fixes Bug 10280 on my
machine (ubuntu 10.04). �Furthermore the patch will ensure that chunk �IDs and
fourccTypes are correctly printed in the mmio debug channel (at the �moment
they are not).

Tim


� � �