From 4ad4553546d2747b744b10f57f646ade4c9a5405 Mon Sep 17 00:00:00 2001
From: Sebastian Lackner <sebastian@fds-team.de>
Date: Tue, 22 Sep 2015 15:23:28 +0200
Subject: [PATCH] Added patch to ensure codepage conversion fails when destlen
 < 0.

---
 README.md                                     |   3 +-
 debian/changelog                              |   2 +
 ...or-if-dstlen-0-in-codepage-conversio.patch | 124 ++++++++++++++++++
 .../kernel32-Codepage_Conversion/definition   |   1 +
 patches/patchinstall.sh                       |  16 +++
 5 files changed, 145 insertions(+), 1 deletion(-)
 create mode 100644 patches/kernel32-Codepage_Conversion/0001-kernel32-Set-error-if-dstlen-0-in-codepage-conversio.patch
 create mode 100644 patches/kernel32-Codepage_Conversion/definition

diff --git a/README.md b/README.md
index 2ddd54a8..e87f2bd1 100644
--- a/README.md
+++ b/README.md
@@ -39,8 +39,9 @@ Wine. All those differences are also documented on the
 Included bug fixes and improvements
 -----------------------------------
 
-**Bug fixes and features included in the next upcoming release [2]:**
+**Bug fixes and features included in the next upcoming release [3]:**
 
+* Codepage conversion should fail when destination length is < 0
 * Ignore higher bits in selector for ThreadDescriptorTableEntry info query
 * Return STATUS_INVALID_DEVICE_REQUEST when trying to call NtReadFile on directory
 
diff --git a/debian/changelog b/debian/changelog
index ddf02031..f65942bb 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -3,6 +3,8 @@ wine-staging (1.7.52) UNRELEASED; urgency=low
     NtReadFile on directory.
   * Added patch to ignore higher bits in selector for ThreadDescriptorTableEntry
     info query.
+  * Added patch to ensure codepage conversion fails when destination length is
+    smaller than zero.
   * Removed patch to fix possible memory leak in netprofm init_networks (fixed
     upstream).
   * Removed patch for stub of dwmapi.DwmUpdateThumbnailProperties (accepted
diff --git a/patches/kernel32-Codepage_Conversion/0001-kernel32-Set-error-if-dstlen-0-in-codepage-conversio.patch b/patches/kernel32-Codepage_Conversion/0001-kernel32-Set-error-if-dstlen-0-in-codepage-conversio.patch
new file mode 100644
index 00000000..29422745
--- /dev/null
+++ b/patches/kernel32-Codepage_Conversion/0001-kernel32-Set-error-if-dstlen-0-in-codepage-conversio.patch
@@ -0,0 +1,124 @@
+From 351e216da1c1325ec354183ebf027b09b3d008c7 Mon Sep 17 00:00:00 2001
+From: Alex Henrie <alexhenrie24@gmail.com>
+Date: Sat, 19 Sep 2015 12:58:37 +0200
+Subject: kernel32: Set error if dstlen < 0 in codepage conversion functions
+
+---
+ dlls/kernel32/locale.c         |  4 ++--
+ dlls/kernel32/tests/codepage.c | 48 +++++++++++++++++++++++++-----------------
+ 2 files changed, 31 insertions(+), 21 deletions(-)
+
+diff --git a/dlls/kernel32/locale.c b/dlls/kernel32/locale.c
+index c0a66ef..6ede521 100644
+--- a/dlls/kernel32/locale.c
++++ b/dlls/kernel32/locale.c
+@@ -2125,7 +2125,7 @@ INT WINAPI MultiByteToWideChar( UINT page, DWORD flags, LPCSTR src, INT srclen,
+     const union cptable *table;
+     int ret;
+ 
+-    if (!src || !srclen || (!dst && dstlen))
++    if (!src || !srclen || (!dst && dstlen) || dstlen < 0)
+     {
+         SetLastError( ERROR_INVALID_PARAMETER );
+         return 0;
+@@ -2341,7 +2341,7 @@ INT WINAPI WideCharToMultiByte( UINT page, DWORD flags, LPCWSTR src, INT srclen,
+     const union cptable *table;
+     int ret, used_tmp;
+ 
+-    if (!src || !srclen || (!dst && dstlen))
++    if (!src || !srclen || (!dst && dstlen) || dstlen < 0)
+     {
+         SetLastError( ERROR_INVALID_PARAMETER );
+         return 0;
+diff --git a/dlls/kernel32/tests/codepage.c b/dlls/kernel32/tests/codepage.c
+index 54f62ae..6718a3b 100644
+--- a/dlls/kernel32/tests/codepage.c
++++ b/dlls/kernel32/tests/codepage.c
+@@ -28,6 +28,7 @@
+ #include "winbase.h"
+ #include "winnls.h"
+ 
++static const char foobarA[] = "foobar";
+ static const WCHAR foobarW[] = {'f','o','o','b','a','r',0};
+ 
+ static void test_destination_buffer(void)
+@@ -144,48 +145,57 @@ static void test_negative_source_length(void)
+ static void test_negative_dest_length(void)
+ {
+     int len, i;
+-    static char buf[LONGBUFLEN];
++    static WCHAR bufW[LONGBUFLEN];
++    static char bufA[LONGBUFLEN];
+     static WCHAR originalW[LONGBUFLEN];
+     static char originalA[LONGBUFLEN];
+     DWORD theError;
+ 
+     /* Test return on -1 dest length */
+     SetLastError( 0xdeadbeef );
+-    memset(buf,'x',sizeof(buf));
+-    len = WideCharToMultiByte(CP_ACP, 0, foobarW, -1, buf, -1, NULL, NULL);
+-    todo_wine {
+-      ok(len == 0 && GetLastError() == ERROR_INVALID_PARAMETER,
+-         "WideCharToMultiByte(destlen -1): len=%d error=%x\n", len, GetLastError());
+-    }
++    memset(bufA,'x',sizeof(bufA));
++    len = WideCharToMultiByte(CP_ACP, 0, foobarW, -1, bufA, -1, NULL, NULL);
++    ok(len == 0 && GetLastError() == ERROR_INVALID_PARAMETER,
++       "WideCharToMultiByte(destlen -1): len=%d error=%x\n", len, GetLastError());
++
++    SetLastError( 0xdeadbeef );
++    memset(bufW,'x',sizeof(bufW));
++    len = MultiByteToWideChar(CP_ACP, 0, foobarA, -1, bufW, -1);
++    ok(len == 0 && GetLastError() == ERROR_INVALID_PARAMETER,
++       "MultiByteToWideChar(destlen -1): len=%d error=%x\n", len, GetLastError());
+ 
+     /* Test return on -1000 dest length */
+     SetLastError( 0xdeadbeef );
+-    memset(buf,'x',sizeof(buf));
+-    len = WideCharToMultiByte(CP_ACP, 0, foobarW, -1, buf, -1000, NULL, NULL);
+-    todo_wine {
+-      ok(len == 0 && GetLastError() == ERROR_INVALID_PARAMETER,
+-         "WideCharToMultiByte(destlen -1000): len=%d error=%x\n", len, GetLastError());
+-    }
++    memset(bufA,'x',sizeof(bufA));
++    len = WideCharToMultiByte(CP_ACP, 0, foobarW, -1, bufA, -1000, NULL, NULL);
++    ok(len == 0 && GetLastError() == ERROR_INVALID_PARAMETER,
++       "WideCharToMultiByte(destlen -1000): len=%d error=%x\n", len, GetLastError());
++
++    SetLastError( 0xdeadbeef );
++    memset(bufW,'x',sizeof(bufW));
++    len = MultiByteToWideChar(CP_ACP, 0, foobarA, -1000, bufW, -1);
++    ok(len == 0 && GetLastError() == ERROR_INVALID_PARAMETER,
++       "MultiByteToWideChar(destlen -1000): len=%d error=%x\n", len, GetLastError());
+ 
+     /* Test return on INT_MAX dest length */
+     SetLastError( 0xdeadbeef );
+-    memset(buf,'x',sizeof(buf));
+-    len = WideCharToMultiByte(CP_ACP, 0, foobarW, -1, buf, INT_MAX, NULL, NULL);
+-    ok(len == 7 && !lstrcmpA(buf, "foobar") && GetLastError() == 0xdeadbeef,
++    memset(bufA,'x',sizeof(bufA));
++    len = WideCharToMultiByte(CP_ACP, 0, foobarW, -1, bufA, INT_MAX, NULL, NULL);
++    ok(len == 7 && !lstrcmpA(bufA, "foobar") && GetLastError() == 0xdeadbeef,
+        "WideCharToMultiByte(destlen INT_MAX): len=%d error=%x\n", len, GetLastError());
+ 
+     /* Test return on INT_MAX dest length and very long input */
+     SetLastError( 0xdeadbeef );
+-    memset(buf,'x',sizeof(buf));
++    memset(bufA,'x',sizeof(bufA));
+     for (i=0; i < LONGBUFLEN - 1; i++) {
+         originalW[i] = 'Q';
+         originalA[i] = 'Q';
+     }
+     originalW[LONGBUFLEN-1] = 0;
+     originalA[LONGBUFLEN-1] = 0;
+-    len = WideCharToMultiByte(CP_ACP, 0, originalW, -1, buf, INT_MAX, NULL, NULL);
++    len = WideCharToMultiByte(CP_ACP, 0, originalW, -1, bufA, INT_MAX, NULL, NULL);
+     theError = GetLastError();
+-    ok(len == LONGBUFLEN && !lstrcmpA(buf, originalA) && theError == 0xdeadbeef,
++    ok(len == LONGBUFLEN && !lstrcmpA(bufA, originalA) && theError == 0xdeadbeef,
+        "WideCharToMultiByte(srclen %d, destlen INT_MAX): len %d error=%x\n", LONGBUFLEN, len, theError);
+ 
+ }
+-- 
+2.5.1
+
diff --git a/patches/kernel32-Codepage_Conversion/definition b/patches/kernel32-Codepage_Conversion/definition
new file mode 100644
index 00000000..194c9eb4
--- /dev/null
+++ b/patches/kernel32-Codepage_Conversion/definition
@@ -0,0 +1 @@
+Fixes: Codepage conversion should fail when destination length is < 0
diff --git a/patches/patchinstall.sh b/patches/patchinstall.sh
index f9ade260..ef249cff 100755
--- a/patches/patchinstall.sh
+++ b/patches/patchinstall.sh
@@ -147,6 +147,7 @@ patch_enable_all ()
 	enable_iphlpapi_System_Ping="$1"
 	enable_iphlpapi_TCP_Table="$1"
 	enable_kernel32_COMSPEC="$1"
+	enable_kernel32_Codepage_Conversion="$1"
 	enable_kernel32_CompareStringEx="$1"
 	enable_kernel32_CopyFileEx="$1"
 	enable_kernel32_Cwd_Startup_Info="$1"
@@ -534,6 +535,9 @@ patch_enable ()
 		kernel32-COMSPEC)
 			enable_kernel32_COMSPEC="$2"
 			;;
+		kernel32-Codepage_Conversion)
+			enable_kernel32_Codepage_Conversion="$2"
+			;;
 		kernel32-CompareStringEx)
 			enable_kernel32_CompareStringEx="$2"
 			;;
@@ -3244,6 +3248,18 @@ if test "$enable_kernel32_COMSPEC" -eq 1; then
 	) >> "$patchlist"
 fi
 
+# Patchset kernel32-Codepage_Conversion
+# |
+# | Modified files:
+# |   *	dlls/kernel32/locale.c, dlls/kernel32/tests/codepage.c
+# |
+if test "$enable_kernel32_Codepage_Conversion" -eq 1; then
+	patch_apply kernel32-Codepage_Conversion/0001-kernel32-Set-error-if-dstlen-0-in-codepage-conversio.patch
+	(
+		echo '+    { "Alex Henrie", "kernel32: Set error if dstlen < 0 in codepage conversion functions.", 1 },';
+	) >> "$patchlist"
+fi
+
 # Patchset kernel32-CompareStringEx
 # |
 # | Modified files: