http://bugs.winehq.org/show_bug.cgi?id=25186
--- Comment #4 from Piotr Pawlow pp@siedziba.pl 2010-11-17 16:17:56 CST --- It works, thank you. However, there is one more thing that worries me:
01. while(!(pszUnixPath = wine_get_unix_file_name(dospath))){ 02. if(has_failed){ 03. *dospath_end = '/'; 04. --dospath_end; 05. }else 06. has_failed = 1; 07. while(*dospath_end != '\' && *dospath_end != '/'){ 08. --dospath_end; 09. if(dospath_end < dospath) 10. break; 11. } 12. *dospath_end = '\0'; 13. } 14. if(dospath_end < dospath) 15. return FALSE;
That "break" statement at line 10 will exit only the inner loop, right? With dospath_end being some random memory before dospath, it seems line 12 will clobber that random memory location with 0, then the test at line 1 will succeed again (because dospath hasn't really changed), and it will loop until it hits protected memory.
I wasn't able to test this scenario. The outer loop ends when it reaches the drive letter, it is assured by an earlier code which tests if the drive path exists. With the right timing I could probably remove the drive letter just at the right moment to make earlier test succeed but later test fail...
Anyway, maybe just remove lines 14 and 15, and replace that "break" at line 10 with "return FALSE"?