Currently, the code copies one extra character than requested and does not terminate the string.
Signed-off-by: David Kahurani k.kahurani@gmail.com
From: David Kahurani k.kahurani@gmail.com
Signed-off-by: David Kahurani k.kahurani@gmail.com --- dlls/xmllite/writer.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/dlls/xmllite/writer.c b/dlls/xmllite/writer.c index 1e1a8e8ddb8..60bd425ff3d 100644 --- a/dlls/xmllite/writer.c +++ b/dlls/xmllite/writer.c @@ -250,7 +250,6 @@ static struct element *pop_element(xmlwriter *writer)
static WCHAR *writer_strndupW(const xmlwriter *writer, const WCHAR *str, int len) { - size_t size; WCHAR *ret;
if (!str) @@ -259,9 +258,12 @@ static WCHAR *writer_strndupW(const xmlwriter *writer, const WCHAR *str, int len if (len == -1) len = lstrlenW(str);
- size = (len + 1) * sizeof(WCHAR); - ret = writer_alloc(writer, size); - if (ret) memcpy(ret, str, size); + ret = writer_alloc(writer, (len + 1 ) * sizeof(WCHAR)); + if (ret) + { + memcpy(ret, str, len * sizeof(WCHAR)); + ret[len] = 0; + }
return ret; }
Nikolay Sivov (@nsivov) commented about dlls/xmllite/writer.c:
if (len == -1) len = lstrlenW(str);
- size = (len + 1) * sizeof(WCHAR);
- ret = writer_alloc(writer, size);
- if (ret) memcpy(ret, str, size);
- ret = writer_alloc(writer, (len + 1 ) * sizeof(WCHAR));
Please remove extra space there. Otherwise looks good. Does the issue appear with wcscmp() for such strings, or how did you spot this?
Hmm.. I wrote a reply but it appears as pending...
I suspect that xmlwriter_WriteChars, which is not implemented yet takes a string, strndups it then passes it over to xmlwriter_WriteString(?). Similar suspicions for xmlwriter_WriteRawChars and xmlwriter_WriteRaw. So, I implemented these two methods but using the xmlwriter version of strndup. I discovered the strings produced contained garbage at the end and contained more characters than requested. If I request 5 characters, the first 6 characters in the result are okay, but there's garbage appended. lstrlenW was also reporting invalid length. Of course, I haven't extensively tested these two methods and so didn't submit anything at least yet.
-
David Kahurani -
David Kahurani (@kahurani)
-
Nikolay Sivov (@nsivov)