Hello, Alexandre Alexandre Julliard wrote: > > ptsekov@syntrex.com writes: > > > Thanks, for your analisys - the call to realloc () before the strcat () > > is unchecked indeed - however this means that wine fails repeatedly > > every call to realloc (). If you could give me any pointers how to debug > > further the problem I'll be glad to try and see whats going on exactly. > > realloc does not fail, but you are overflowing the buffer: > > 0806abc0:Call msvcrt.realloc(40382cac,00000020) ret=0040197e > 0806abc0:Ret msvcrt.realloc() retval=40382cac ret=0040197e > 0806abc0:Call msvcrt.strcat(40382cb5 "Cygwin/bin/",40382c60 "/pinco/panco") ret=004019ae > 0806abc0:Ret msvcrt.strcat() retval=40382cb5 ret=004019ae > > You realloc 32 bytes but copy 33. And this is the bug: > > internalURL = (char *) realloc (internalURL, > internalURLlen + strlen (schema + 1)); > ^^^^^^^^^^^^^^^^^^^^^ > you take the length of schema+1 but copy schema. The light dawned - I see it now. I did assume too much - biased by the fact that the code ran just fine on Win2k and Linux. I was looking for problems there weren't any to be found :( Thanks, Uwe and Alexandre for being patient with me. > > > Note that this code even with the unchecked calls to realloc () runs fine > > on win2k and linux. Btw I'll add the additional checks but I still think there > > is some kind of problem with wine. > > It could be argued that since it doesn't crash on Windows it shouldn't > crash on Wine. But I suspect that with some other combination of > strings you could make it crash on Windows too. I dont want to argue - I just was fooled by the fact that it ran fine on win :)
