Hi ,
I have found, the undo_buffer_size for the realoated undo_buffer in
controls\edit.c was invalid remembered, it was one to high
(alloc_size/sizeof(WCHAR)). It must be alloc_size/sizeof(WCHAR) - 1.
After second realloc and many(32) delete backwards was the word after
the undo_buffer overwritten.
Has the first allocated undo_buffer_size the VALUE from 15, so is the
VALUE from undo_buffer_size after reallocation 32, not 31.
Dietrich (from odin)
/*********************************************************************
*
* EDIT_MakeUndoFit
*
* Try to fit size + 1 bytes in the undo buffer.
*
*/
static BOOL EDIT_MakeUndoFit(EDITSTATE *es, UINT size)
{
UINT alloc_size;
if (size <= es->undo_buffer_size)
return TRUE;
TRACE("trying to ReAlloc to %d+1\n", size);
alloc_size = ROUND_TO_GROW((size + 1) * sizeof(WCHAR));
if ((es->undo_text = HeapReAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY,
es->undo_text, alloc_size))) {
es->undo_buffer_size = alloc_size/sizeof(WCHAR) - 1;
------------------------------------------------------------------>
return TRUE;
}
else
{
WARN("FAILED ! We now have %d+1\n", es->undo_buffer_size);
return FALSE;
}
}
