Rico Schüller <kgbric...@web.de> writes:
> @@ -1498,7 +1498,10 @@ DWORD WINAPI mciSendStringA(LPCSTR lpstrCommand, LPSTR
> lpstrRet,
> MultiByteToWideChar( CP_ACP, 0, lpstrCommand, -1, lpwstrCommand, len );
> if (lpstrRet)
> {
> - lpwstrRet = HeapAlloc(GetProcessHeap(), 0, uRetLen * sizeof(WCHAR));
> + /* Use HEAP_ZERO_MEMORY, otherwise WideCharToMultiByte could crash
> if mciSendStringW fails,
> + * because the length is taken from the uninizialized data!
> + */
> + lpwstrRet = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, uRetLen *
> sizeof(WCHAR));
That's just hiding the bug. The string shouldn't be converted at all if
we failed to retrieve it.
--
Alexandre Julliard
julli...@winehq.org
