[jira] [Commented] (XERCESC-2179) access violation in win32transservice.cpp with 64 bit compile

Mon, 04 Nov 2019 07:48:29 -0800 


    [ 
https://issues.apache.org/jira/browse/XERCESC-2179?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16966767#comment-16966767
 ] 

martin goodall commented on XERCESC-2179:
-----------------------------------------

sure my comment was wrong - I just noticed should have said "(64 bits bytes not 
32)". But the code is wrong and u keep defending it. I gave an example and ask 
you to comment where we disagree so lets go back to it:-

unsigned int var = 0; // this is 32 bits on a 64 bit platform being set to 0

func(LPDWORD *ptr); // function prototype defined as/expects 64 bits as LPDWORD 
is a "far/long dword which is 64 bits"

...

func((LPDWORD *) &var); // call to function

...

void func(LPDWORD *ptr)

{color:#172b4d} \{ *ptr = 0; // seg - overwrites 64 bits but only 32 bits 
available } {color}

 

passing in an address of a stack variable into a function that expects a longer 
length is a classic 101 bug that many developers make but you cant argue the 
above code causes a seg and represents the code in question. take into account 
that the following is accurate since this isn't a manual or knowledge but 
output from code:-

{color:#172b4d}unsigned int = 4{color}
{color:#172b4d} unsigned int* = 8{color}
{color:#172b4d} LPDWORD = 8{color}
{color:#172b4d} LPDWORD* = 8{color}
{color:#172b4d} DWORD = 4{color}
{color:#172b4d} DWORD* = 8{color}
{color:#172b4d} unsigned long = 4{color}
{color:#172b4d} unsigned long* = 8{color}

 

thanks - just trying to help :)!

> access violation in win32transservice.cpp with 64 bit compile
> -------------------------------------------------------------
>
>                 Key: XERCESC-2179
>                 URL: https://issues.apache.org/jira/browse/XERCESC-2179
>             Project: Xerces-C++
>          Issue Type: Bug
>          Components: DOM
>    Affects Versions: 3.2.2
>            Reporter: martin goodall
>            Assignee: Alberto Massari
>            Priority: Blocker
>             Fix For: 3.2.3
>
>         Attachments: Win32TransService.cpp
>
>
> calls to ::Reg... to get registry info are passing in stack variables that 
> are 8 bytes long into functions that overwrite 16 bytes, causing memory 
> overwrite and very random segs.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

Reply via email to