Hi!
While debugging bug #33307 (http://bugs.winehq.org/show_bug.cgi?id=33307) I found a suspicious piece of code, looking like off-by-one error.
Unfortunately, I'm not familiar with this part of wine and I don't know how to write corresponding test case.
If you familiar with this module, please, take a look at this wanna-be-a-bug and the proposed patch.
-- Kirill
On Apr 22, 2013, at 1:17 PM, Kirill Smirnov wrote:
While debugging bug #33307 (http://bugs.winehq.org/show_bug.cgi?id=33307) I found a suspicious piece of code, looking like off-by-one error.
Unfortunately, I'm not familiar with this part of wine and I don't know how to write corresponding test case.
If you familiar with this module, please, take a look at this wanna-be-a-bug and the proposed patch.
I'm not familiar with the module, but on reviewing your patch and the local code it does appear that you have found a bug. Your fix seems reasonable, although I think I'd change the memcpy() to use dest_name.Length + sizeof(WCHAR) as the length. That way you don't have to duplicate the memcpy with two different lengths.
I don't think you have to worry about a test case. This isn't a question about observable behavior of some Win32 API, it's just making Wine not write past the end of a buffer.
Cheers, Ken
-
Ken Thomases -
Kirill Smirnov