News:

Simutrans Forum Archive
A complete record of the old Simutrans Forum.

r7583 Buffer overrun bug

Started by Ters, September 12, 2015, 09:49:21 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Ters

simsys.cc line 45 uses sizeof() when "lengthof()" is what should be used. The documentation for MultiByteToWideChar warns about the potential bug.

prissi

The documentation I read said "Size of buffer in chars". I would have used lengthof otherwise; or did Microsoft mean size of wchars by this? Then they should have stated it correctly and not indirectly. Sigh.

Ters

The docs for the parameter says "Size, in characters, of the buffer indicated by lpWideCharStr" not chars. The warning at the top says "Calling this function can easily cause a buffer overrun because the size of the input buffer indicated by lpMultiByteStr equals the number of bytes in the string, while the size of the output buffer indicated by lpWideCharStr equals the number of characters."