Gabriel Ivăncescu (@insn) commented about dlls/mshtml/navigate.c:
return;- }
- if(!len)
goto out;- wlen = MultiByteToWideChar(CP_ACP, 0, buf, len, NULL, 0) * sizeof(WCHAR);
- if (!wlen)
goto out;- wbuf = malloc(wlen + sizeof(WCHAR));
- if (!wbuf)
goto out;- MultiByteToWideChar(CP_ACP, 0, buf, len, wbuf, wlen / sizeof(WCHAR));
- wbuf[wlen] = L'\0';
According to the documentation, this uses the `ISO-8859-1` codepage, so maybe you should pass `28591`, but I'm not completely sure if that's true because I'm not super familiar with wininet (where this boils down to), but we don't seem to have any non-ASCII tests for headers in there?
Anyway, setting `wlen` to the size seems a bit counter-intuitive and you messed up because of it. wbuf[wlen] is wrong and out of bounds since it implicitly multiplies by sizeof(WCHAR). You can just store the length in there and then you won't even have to do the division. This is simpler IMO:
```c if(!(wlen = MultiByteToWideChar(28591, 0, buf, len, NULL, 0))) goto out;
if(!(wbuf = malloc((wlen + 1) * sizeof(WCHAR)))) goto out;
MultiByteToWideChar(28591, 0, buf, len, wbuf, wlen); wbuf[wlen] = L'\0'; ```
Sadly I can't review the codepage part properly since it's really wininet, we'll need to wait for Jacek for it.