On 3/20/2013 00:35, Janne Hyvärinen wrote: >> >> As for calling __wgetmainargs, I have some concerns about the security >> implications: >> LoadLibrary("msvcrt.dll") <- Which msvcrt? Theoretical security exploit. > > There is msvcrt.dll in the System32 dir in all supported Windows > systems. That is what the function targets, but of course LoadLibrary > searches from exe's dir first. I think security exploit concerns are > warrantless, if you can place malicious replacement c-runtime dll in the > exe's path you have already won. >
Yeah, which is why I said it was theoretical. I've seen code that use __ImageBase to over the import tables to find out which MSVCR* DLL is used and use GetModuleHandleA to avoid LoadLibrary. >> >> I think it is best to link it directly, please use the following >> prototype and call it directly: >> >> ============================================= >> #ifdef _DLL >> #define CALL_DLLIMPORT __declspec(dllimport) >> #else >> #define CALL_DLLIMPORT >> #endif >> int __cdecl CALL_DLLIMPORT __wgetmainargs(int*, wchar_t***, wchar_t***, >> int, int*); >> ============================================= >> >> This should simplify the error handling logic and help against >> LoadLibrary handle leaks, though the leak should not be an issue in >> practice since it is only called once. The symbol should also be present >> in MSVCR* DLLs. > > This alone does nothing. It requires linking with an object file that > then deals with the function. If we link against msvcrt.lib the flac.exe > binary will no longer be static and it won't work without external > runtimes (which would also be loaded from the exe's dir if they exist > there). Linking with msvcmrt.lib won't find the function and unicode > version msvcurt.lib causes this error: > Error 1 error LNK2005: ___iob_func already defined in > msvcurt.lib(MSVCR110.dll) G:\test\LIBCMT.lib(_file.obj) test > Error 2 error LNK1169: one or more multiply defined symbols > found G:\test\Release\test.exe test > There is no __wgetmainargs in the static libcmt? Interesting.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ flac-dev mailing list flac-dev@xiph.org http://lists.xiph.org/mailman/listinfo/flac-dev