Re: winmm: Initialize Memory in mciSendStringA
Rico Schüller <kgbricola(a)web.de> writes:
@@ -1498,7 +1498,10 @@ DWORD WINAPI mciSendStringA(LPCSTR lpstrCommand, LPSTR lpstrRet, MultiByteToWideChar( CP_ACP, 0, lpstrCommand, -1, lpwstrCommand, len ); if (lpstrRet) { - lpwstrRet = HeapAlloc(GetProcessHeap(), 0, uRetLen * sizeof(WCHAR)); + /* Use HEAP_ZERO_MEMORY, otherwise WideCharToMultiByte could crash if mciSendStringW fails, + * because the length is taken from the uninizialized data! + */ + lpwstrRet = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, uRetLen * sizeof(WCHAR));
That's just hiding the bug. The string shouldn't be converted at all if we failed to retrieve it. -- Alexandre Julliard julliard(a)winehq.org
Alexandre Julliard schrieb:
Rico Schüller <kgbricola(a)web.de> writes:
@@ -1498,7 +1498,10 @@ DWORD WINAPI mciSendStringA(LPCSTR lpstrCommand, LPSTR lpstrRet, MultiByteToWideChar( CP_ACP, 0, lpstrCommand, -1, lpwstrCommand, len ); if (lpstrRet) { - lpwstrRet = HeapAlloc(GetProcessHeap(), 0, uRetLen * sizeof(WCHAR)); + /* Use HEAP_ZERO_MEMORY, otherwise WideCharToMultiByte could crash if mciSendStringW fails, + * because the length is taken from the uninizialized data! + */ + lpwstrRet = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, uRetLen * sizeof(WCHAR));
That's just hiding the bug. The string shouldn't be converted at all if we failed to retrieve it.
I'll have a look how this could be handled in another way. Probably something like if (lpwstrRet && ret==0) before the conversation. Cheers Rico
participants (2)
-
Alexandre Julliard -
Rico Schüller