My heap corruption problem turned out to be a bug in swprintf (well,
really in NTDLL_vsnwprintf), I think. I tried formatting like this:
WCHAR keyname[21] = { 'C', 'o', 'm', 'p', 'o', 'n', 'e', 'n',
't', ' ', 'C', 'a', 't', 'e', 'g', 'o',
'r', 'i', 'e', 's', 0 };
WCHAR fmt[4] = { '%', 'l', 'X', 0 };
swprintf(This->xlcid, fmt, lcid);
My poor little WCHAR xlcid[9] member of This was seriously overflowed by
the string L"409Component Categories". The following patch fixes what
appears to be a format reading bug in NTDLL_vsnwprintf. I didn't just
send it to wine-patches because it's not my area and it seems unlikely
such a bad bug could hang around in such a function. Then again, I don't
see many uses of swprintf in the source; should I be using something
better for sprintf's of WCHAR's?
--- dlls/ntdll/wcstring.c.~1.15.~ Thu May 16 19:59:27 2002
+++ dlls/ntdll/wcstring.c Fri May 17 23:09:21 2002
@@ -451,10 +451,7 @@
}
if (*iter == (WCHAR)L'h' ||
*iter == (WCHAR)L'l')
- {
*fmta++ = *iter++;
- *fmta++ = *iter++;
- }
switch (*iter)
{
