https://bugs.winehq.org/show_bug.cgi?id=37636
--- Comment #4 from Bruno Jesus 00cpxxx@gmail.com --- Running with +edit:
trace:edit:EditWndProc_common hwnd=0x10132 msg=c2 (EM_REPLACESEL) wparam=0 lparam=1f0c518 trace:edit:EDIT_EM_ReplaceSel L"??:??:?? R <- UBX CFG-RST, Size 12, 'Reset'\r\n", can_undo 0, send_update 1 trace:edit:EDIT_MakeFit trying to ReAlloc to 49+1 characters trace:edit:EDIT_MakeFit Old 32 bit handle 0x196aba, new handle 0x196aba trace:edit:EDIT_MakeFit We now have 63+1 trace:edit:EDIT_EM_ReplaceSel inserting stuff (tl 0, strl 49, selstart 0 ((null)), text (null))
In the last log line :
2627 if (strl) { 2628 /* there is an insertion */ 2629 tl = get_text_length(es); 2630 TRACE("inserting stuff (tl %d, strl %d, selstart %d (%s), text %s)\n", . tl, strl, s, debugstr_w(es->text + s), debugstr_w(es->text)); 2631 for (p = es->text + tl ; p >= es->text + s ; p--) 2632 p[strl] = p[0]; 2633 for (i = 0 , p = es->text + s ; i < strl ; i++) 2634 p[i] = lpsz_replace[i]; 2635 if(es->style & ES_UPPERCASE) 2636 CharUpperBuffW(p, strl); 2637 else if(es->style & ES_LOWERCASE) 2638 CharLowerBuffW(p, strl); 2639 text_buffer_changed(es); 2640 }
At line 2631 p = NULL because es->text = NULL. So the loop comparison will work and the crash in 2632 is expected.