Look here https://github.com/wine-mirror/wine/blob/master/dlls/winex11.drv/xim.c#L191
When MultiByteToWideChar above fails, dwOutput will be 0, and then decreased to -1. The -1 value passed to X11DRV_ImmSetInternalString will then be passed to HeapAlloc, making a heap corruption. I encountered this issue once and my temporary solution is to change the default locale inside my Docker environment in which Wine is running. Personally speaking this is a bad programming style, but I am not familiar with Wine code base and I am not sure what is the right way to throw up this error when detected. Thanks
BTW, the patch submitting procedure for this project is tedious for a GitHub user who didn't use any mailing lists before
Hi,
Am 07.04.2018 um 17:02 schrieb ??. ? taisfmq@live.cn:
Personally speaking this is a bad programming style, but I am not familiar with Wine code base and I am not sure what is the right way to throw up this error when detected. Thanks
I am not an expert in our IMM or multi-language code, but from looking at the code there's no good way to handle the error from this place. I'd be curious why MultiByteToWideChar fails. My guess would be that the multi-byte string contains characters that are not valid in the selected language, and that XIM and Wine disagree on the validity of the input.
Can you provide the language where this problem happens and what the input string passed to MultiByteToWideChar in this case is?
Ah ha, the default locale in the Fedora docker image is LC_CTYPE=POSIX (without suffices like C.UTF-8), and any CJK characters like 风吹稻花香两岸 would fail. I guess that we can just propagate the error code up, that is, clean up local resources and then return the inner error code.
Heap corruption is not only a bug. It is a potential security issue, leading to potential arbitrary memory access and arbitrary code execution. I am afraid there are more than one such issues in our code base.
From: Stefan Dosinger stefandoesinger@gmail.com Sent: Monday, April 9, 2018 3:44 AM To: ??. ? Cc: wine-devel@winehq.org Subject: Re: Potential Heap Corrupt caused by unchecked return value
Hi,
Am 07.04.2018 um 17:02 schrieb ??. ? taisfmq@live.cn:
Personally speaking this is a bad programming style, but I am not familiar with Wine code base and I am not sure what is the right way to throw up this error when detected. Thanks
I am not an expert in our IMM or multi-language code, but from looking at the code there's no good way to handle the error from this place. I'd be curious why MultiByteToWideChar fails. My guess would be that the multi-byte string contains characters that are not valid in the selected language, and that XIM and Wine disagree on the validity of the input.
Can you provide the language where this problem happens and what the input string passed to MultiByteToWideChar in this case is?
-
??. ? -
Stefan Dösinger -
广钊. 徐