On Wed, 3 Oct 2007, Alexandre Julliard wrote:
This can't happen. If there's no ret instruction in the entry point we'll have much bigger problems than an out of range access...
Fair point, I guess you're right. How about the following patch then?
Gerald
Index: relay16.c =================================================================== RCS file: /home/wine/wine/dlls/kernel32/relay16.c,v retrieving revision 1.5 diff -u -3 -p -r1.5 relay16.c --- relay16.c 30 Aug 2007 11:21:56 -0000 1.5 +++ relay16.c 6 Oct 2007 23:28:29 -0000 @@ -320,7 +320,9 @@ static int relay_call_from_16_no_debug( for (j = 0; j < sizeof(call->ret)/sizeof(call->ret[0]); j++) if (call->ret[j] == 0xca66 || call->ret[j] == 0xcb66) break;
- if (call->ret[j] == 0xcb66) /* cdecl */ + if( j >= sizeof(call->ret)/sizeof(call->ret[0]) ) + ERR("failed to find ret instruction in entry point"); + else if (call->ret[j] == 0xcb66) /* cdecl */ { for (i = 0; i < 20; i++, nb_args++) { @@ -424,7 +426,9 @@ int relay_call_from_16( void *entry_poin for (j = 0; j < sizeof(call->ret)/sizeof(call->ret[0]); j++) if (call->ret[j] == 0xca66 || call->ret[j] == 0xcb66) break;
- if (call->ret[j] == 0xcb66) /* cdecl */ + if( j >= sizeof(call->ret)/sizeof(call->ret[0]) ) + ERR("failed to find ret instruction in entry point"); + else if (call->ret[j] == 0xcb66) /* cdecl */ { for (i = 0; i < 20; i++, nb_args++) {