[PATCH 0/1] MR1024: xmllite/writer: Correctly partially duplicate strings
Currently, the code copies one extra character than requested and does not terminate the string. Signed-off-by: David Kahurani <k.kahurani(a)gmail.com> -- https://gitlab.winehq.org/wine/wine/-/merge_requests/1024
From: David Kahurani <k.kahurani(a)gmail.com> Signed-off-by: David Kahurani <k.kahurani(a)gmail.com> --- dlls/xmllite/writer.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/dlls/xmllite/writer.c b/dlls/xmllite/writer.c index 1e1a8e8ddb8..60bd425ff3d 100644 --- a/dlls/xmllite/writer.c +++ b/dlls/xmllite/writer.c @@ -250,7 +250,6 @@ static struct element *pop_element(xmlwriter *writer) static WCHAR *writer_strndupW(const xmlwriter *writer, const WCHAR *str, int len) { - size_t size; WCHAR *ret; if (!str) @@ -259,9 +258,12 @@ static WCHAR *writer_strndupW(const xmlwriter *writer, const WCHAR *str, int len if (len == -1) len = lstrlenW(str); - size = (len + 1) * sizeof(WCHAR); - ret = writer_alloc(writer, size); - if (ret) memcpy(ret, str, size); + ret = writer_alloc(writer, (len + 1 ) * sizeof(WCHAR)); + if (ret) + { + memcpy(ret, str, len * sizeof(WCHAR)); + ret[len] = 0; + } return ret; } -- GitLab https://gitlab.winehq.org/wine/wine/-/merge_requests/1024
Nikolay Sivov (@nsivov) commented about dlls/xmllite/writer.c:
if (len == -1) len = lstrlenW(str);
- size = (len + 1) * sizeof(WCHAR); - ret = writer_alloc(writer, size); - if (ret) memcpy(ret, str, size); + ret = writer_alloc(writer, (len + 1 ) * sizeof(WCHAR));
Please remove extra space there. Otherwise looks good. Does the issue appear with wcscmp() for such strings, or how did you spot this? -- https://gitlab.winehq.org/wine/wine/-/merge_requests/1024#note_10400
Hmm.. I wrote a reply but it appears as pending... I suspect that xmlwriter_WriteChars, which is not implemented yet takes a string, strndups it then passes it over to xmlwriter_WriteString(?). Similar suspicions for xmlwriter_WriteRawChars and xmlwriter_WriteRaw. So, I implemented these two methods but using the xmlwriter version of strndup. I discovered the strings produced contained garbage at the end and contained more characters than requested. If I request 5 characters, the first 6 characters in the result are okay, but there's garbage appended. lstrlenW was also reporting invalid length. Of course, I haven't extensively tested these two methods and so didn't submit anything at least yet. -- https://gitlab.winehq.org/wine/wine/-/merge_requests/1024#note_10421
participants (3)
-
David Kahurani -
David Kahurani (@kahurani)
-
Nikolay Sivov (@nsivov)