James Hawkins wrote:
On 4/6/06, Mike Hearn mike@plan99.net wrote:
OK, that was a bit over-enthusiastic. A few of these are more tricky. EG:
Of the possible bugs I've seen so far, most of them are valid and worth fixing, but the checker stumbles over WideCharToMultiByte. The checker reports two errors for (most) calls to WideCharToMultibyte:
- Passing a negative value for the length of the source string.
The checker doesn't pick up on this line:
if (srclen < 0) srclen = strlenW(src) + 1;
so we never access the string with a negative index.
Umm, all that does is increment it by 1... What if _somehow_ (dont ask me how, just venturing a guess) a bogus number is passed by strlenW(src) like -3789246? Then you end up with srclen == -3789245...
- Negative value can be returned and we don't check for it.
The return type of WideCharToMultiByte is int, but the function is only supposed to return string lengths or 0 on error, and AFAIK no negative value is ever returned. You would think the checker would pick up on that fact.
The problem is that we call WideCharToMultiByte quite a few times throughout the wine codebase, so we have a lot of false positives with that one.
I could be wrong, but wouldnt it be (theoretically speaking) possible for a program to force a negative number out of it (even though it isnt supposed to be able to), since it IS an int, regardless of the return value type?
Tom