Alex Henrie <alexhenri...@gmail.com> writes: > + do > + { > + if (src[source_index] == 0 && srclen == -1) > + { > + if (dry_run) dest_index++; else if (write_to_w_string(dst, > dstlen, &dest_index, 0)) return -1; > + /* when srclen=-1, terminate at the first null character found */ > + break; > + } > + else if (src[source_index] == '+') > + { > + WCHAR byte_pair = 0; > + short offset = 0; > + > + source_index++; /* skip the + sign */ > + > + if (src[source_index] == '-') > + { > + /* just a plus sign escaped as +- */ > + if (dry_run) dest_index++; else if (write_to_w_string(dst, > dstlen, &dest_index, '+')) return -1; > + source_index++; > + continue; > + }
You are not checking properly for the source string length. Also please add tests for such cases. -- Alexandre Julliard julli...@winehq.org