S�nke Ludwig <> changed:

           What    |Removed                     |Added
                 CC|                            |

--- Comment #4 from S�nke Ludwig <> 2012-09-17 08:07:18 
PDT ---
I'm also hit by this quite often. Changing random things will make it work or
break it.

This is the disassembly of the offending function:

0x00428d82 c8040000         enter       0004,00
0x00428d86 53               push        ebx
0x00428d87 56               push        esi
0x00428d88 c745fc00000000   mov         dword ptr [ebp-04],00000000
0x00428d8f 8b45fc           mov         eax,dword ptr [ebp-04]
0x00428d92 3b4510           cmp         eax,dword ptr [ebp+10]
0x00428d95 7314             jae         00428dab
0x00428d97 8b4d0c           mov         ecx,dword ptr [ebp+0c]
0x00428d9a 8b55fc           mov         edx,dword ptr [ebp-04]
0x00428d9d 8a1c11           mov         bl,byte ptr [edx+ecx]
0x00428da0 8b7508           mov         esi,dword ptr [ebp+08]
0x00428da3 881c16           mov         byte ptr [edx+esi],bl     <<< Access
0x00428da6 ff45fc           inc         dword ptr [ebp-04]
0x00428da9 ebe4             jmp         00428d8f
0x00428dab 8b4508           mov         eax,dword ptr [ebp+08]
0x00428dae 5e               pop         esi
0x00428daf 5b               pop         ebx
0x00428db0 c9               leave
0x00428db1 c3               retn

ESI contains 0x028a3cd0 and EDX contains 0x330.

A couple of bytes after [ESI] there comes a very long mangled string:


The string is terminated with the end of the memory page, after which there is
no more mapped memory. Looks like a simple buffer overrun.

Configure issuemail:
------- You are receiving this mail because: -------

Reply via email to