Some applications partially overlap the two buffers. For such rare corner cases, do a single check so that there will be no performance regressions, as unsigned operations are defined to wrap around.
Bug discovered by Jason Edmeades, revised from bug report.
Wine-Bug: https://bugs.winehq.org/show_bug.cgi?id=38558 Signed-off-by: Gabriel Ivăncescu gabrielopcode@gmail.com --- libs/port/mbtowc.c | 11 +++++++++++ 1 file changed, 11 insertions(+)
diff --git a/libs/port/mbtowc.c b/libs/port/mbtowc.c index 4977c82..6ed2c2e 100644 --- a/libs/port/mbtowc.c +++ b/libs/port/mbtowc.c @@ -65,6 +65,17 @@ static inline int mbstowcs_sbcs( const struct sbcs_table *table, int flags, ret = -1; }
+ /* dst can overlap into src, in which case we need to handle 1 char at a time, + but when src < dst, there is no issue no matter how many we handle at once */ + if ((UINT_PTR) ((UINT_PTR)src - (UINT_PTR)dst) < srclen * sizeof(*dst)) + { + do + *dst++ = cp2uni[*src++]; + while (--srclen); + return ret; + } + + /* dst doesn't overlap into src */ for (;;) { switch(srclen)