Don't assume UNICODE_STRINGs are nul terminated Modified: trunk/reactos/subsys/csrss/win32csr/conio.c _____ Modified: trunk/reactos/subsys/csrss/win32csr/conio.c --- trunk/reactos/subsys/csrss/win32csr/conio.c 2005-09-09 11:43:26 UTC (rev 17761) +++ trunk/reactos/subsys/csrss/win32csr/conio.c 2005-09-09 12:22:01 UTC (rev 17762) @@ -2343,7 +2343,8 @@ RtlZeroMemory(&Request->Data.GetTitleRequest, sizeof(CSRSS_GET_TITLE)); Request->Data.GetTitleRequest.ConsoleHandle = Request->Data.GetTitleRequest.ConsoleHandle; Request->Data.GetTitleRequest.Length = Console->Title.Length; - wcscpy (Request->Data.GetTitleRequest.Title, Console->Title.Buffer); + memcpy (Request->Data.GetTitleRequest.Title, Console->Title.Buffer, + Console->Title.Length); Length = CSR_API_MESSAGE_HEADER_SIZE(CSRSS_SET_TITLE) + Console->Title.Length; ConioUnlockConsole(Console);