Hello Alexander! Alexander Dorofeyev wrote:

This patch fixes two problems that are causing crashes in Thanks for the patch. Could you please split the patch in two; one patch for each problem fixed. Please also do not use C++ style comments aka //

BIDI_Reorder. In particular, Skype 3.5.0 crashed every time I type anything in the chat edit box.

One problem is that it wasn't assured lpOutString isn't NULL, and NULL was getting passed to this routine by GetCharacterPlacementW. so it was crashing in memcpy. This patch creates a temporary buffer when lpOutString is NULL and it is used for in-place modifications instead in such case.

Another is off by one error in setting lpOrder.

--- dlls/gdi32/bidi.c | 33 ++++++++++++++++++++++++++++----- 1 files changed, 28 insertions(+), 5 deletions(-)

------------------------------------------------------------------------

diff --git a/dlls/gdi32/bidi.c b/dlls/gdi32/bidi.c index cac9453..2b1320e 100644 --- a/dlls/gdi32/bidi.c +++ b/dlls/gdi32/bidi.c

+ + if (!lpOutString) + { + //temporary buffer was created + HeapFree(GetProcessHeap(), 0, lpReorderBuffer); + } + return TRUE; }

thanks bye michael -- Michael Stefaniuc Tel.: +49-711-96437-199 Sr. Network Engineer Fax.: +49-711-96437-111