Some applications partially overlap the two buffers. For such rare corner cases, do a single check so that there will be no performance regressions, as unsigned operations are defined to wrap around. Bug discovered by Jason Edmeades, revised from bug report. Wine-Bug: https://bugs.winehq.org/show_bug.cgi?id=38558 Signed-off-by: Gabriel Ivăncescu <gabrielopcode(a)gmail.com> --- libs/port/mbtowc.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/libs/port/mbtowc.c b/libs/port/mbtowc.c index 4977c82..6ed2c2e 100644 --- a/libs/port/mbtowc.c +++ b/libs/port/mbtowc.c @@ -65,6 +65,17 @@ static inline int mbstowcs_sbcs( const struct sbcs_table *table, int flags, ret = -1; } + /* dst can overlap into src, in which case we need to handle 1 char at a time, + but when src < dst, there is no issue no matter how many we handle at once */ + if ((UINT_PTR) ((UINT_PTR)src - (UINT_PTR)dst) < srclen * sizeof(*dst)) + { + do + *dst++ = cp2uni[*src++]; + while (--srclen); + return ret; + } + + /* dst doesn't overlap into src */ for (;;) { switch(srclen) -- 1.9.1