http://bugs.winehq.org/show_bug.cgi?id=18612
Dylan Smith dylan.ah.smith@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |NEW CC| |dylan.ah.smith@gmail.com Ever Confirmed|0 |1
--- Comment #1 from Dylan Smith dylan.ah.smith@gmail.com 2009-07-29 20:27:48 --- It seems as if the application lies about the size of the buffer passed in sending the WM_GETTEXT, however, but it does make sure the buffer is large enough to contain all the text. Unfortunately the richedit control implementation did a memcpy for the size of the buffer instead of the size of the text that is retrieved, causing a buffer overflow that leads to the crash in the application code.