From: Damjan Jovanovic Subject: [PATCH] comctl32: cchTextMax in TVN_ENDLABELEDIT should be the full buffer size Message-Id: Date: Sun, 10 Nov 2019 04:26:58 +0200 In Password Safe, when the user edits a tree view label, and removes brackets, the application wants to restore the original, longer string. It does this by editing pszText within the TVITEM. It determines the length of the buffer from cchTextMax. Windows passes 260 and all is well. Wine passes strlenW(pszText)+1, which is of minimal length, and trying to copy a longer string into it causes the MSVC runtime to falsely detect a buffer overflow and raise an exception, crashing the application. Let's pass 260 like Windows. Closes #16808. Signed-off-by: Damjan Jovanovic --- dlls/comctl32/tests/treeview.c | 8 +++++++- dlls/comctl32/treeview.c | 2 +- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/dlls/comctl32/tests/treeview.c b/dlls/comctl32/tests/treeview.c index 56b6c6adbe..a15d63e299 100644 --- a/dlls/comctl32/tests/treeview.c +++ b/dlls/comctl32/tests/treeview.c @@ -1320,7 +1320,13 @@ static LRESULT CALLBACK parent_wnd_proc(HWND hWnd, UINT message, WPARAM wParam, break; } - case TVN_ENDLABELEDITA: return TRUE; + case TVN_ENDLABELEDITA: + { + NMTVDISPINFOA *disp = (NMTVDISPINFOA *)lParam; + if (disp->item.mask & TVIF_TEXT) + ok(disp->item.cchTextMax == 260, "cchTextMax is %d\n", disp->item.cchTextMax); + return TRUE; + } case TVN_ITEMEXPANDINGA: { UINT newmask = pTreeView->itemNew.mask & ~TVIF_CHILDREN; diff --git a/dlls/comctl32/treeview.c b/dlls/comctl32/treeview.c index 3c73964304..afe16a0f21 100644 --- a/dlls/comctl32/treeview.c +++ b/dlls/comctl32/treeview.c @@ -4017,7 +4017,7 @@ TREEVIEW_EndEditLabelNow(TREEVIEW_INFO *infoPtr, BOOL bCancel) tvdi.item.mask = TVIF_TEXT; tvdi.item.pszText = tmpText; - tvdi.item.cchTextMax = iLength + 1; + tvdi.item.cchTextMax = TEXT_CALLBACK_SIZE; } else {