Re: [PATCH] msvcrt: fix character/byte confusion in buffer overflow branch

On 2013/05/07 17:46, Juan Lang wrote: > In general, I think you want to send this to wine-patches, not here. True, I resent it to wine-patches yesterday already, when I noticed that. > > if(out->len < len) { > > -memcpy(out->buf, str, out->len); > > +memcpy(out->buf, str, ou

Re: [PATCH] msvcrt: fix character/byte confusion in buffer overflow branch

On Tue, May 7, 2013 at 9:10 AM, Piotr Caban wrote: > On 05/07/13 17:46, Juan Lang wrote: > >> In general, I think you want to send this to wine-patches, not here. >> > This patch was also sent to wine-patches. > > On Mon, May 6, 2013 at 12:26 PM, Max Kellermann > > wrote

Re: [PATCH] msvcrt: fix character/byte confusion in buffer overflow branch

On 05/07/13 17:46, Juan Lang wrote: In general, I think you want to send this to wine-patches, not here. This patch was also sent to wine-patches. On Mon, May 6, 2013 at 12:26 PM, Max Kellermann mailto:m...@duempel.org>> wrote: --- dlls/msvcrt/printf.h |2 +- 1 file changed

Re: [PATCH] msvcrt: fix character/byte confusion in buffer overflow branch

In general, I think you want to send this to wine-patches, not here. On Mon, May 6, 2013 at 12:26 PM, Max Kellermann wrote: > The first memcpy() call in puts_clbk_str_w() confuses character count > and byte count. It uses the number of characters (out->len) as number > of bytes. This leaves ha

[PATCH] msvcrt: fix character/byte confusion in buffer overflow branch

The first memcpy() call in puts_clbk_str_w() confuses character count and byte count. It uses the number of characters (out->len) as number of bytes. This leaves half of the buffer undefined. Interestingly, the second memcpy() call in the same function is correct. This bug potentially makes app