[twsocket] Found serious bug in HdrEncodeInline and/or StrEncodeQPEx

Tue, 16 Oct 2012 15:52:19 -0700 

Hi All,

Just found serious bug in HdrEncodeInLine (ICS v7 latest release) !
Probably ICS v8 contains it to !

It's happens only with 'Q' (quoted-printable) encoding !

It's happens only with strings leading with many spaces.

Just run this code to reproduce it:

AnsiString tmpStr="
bla bla bla";
HdrEncodeInLine(tmpStr,SpecialsRFC822,'Q',"windows-1251",60,true);

And you get Out of Memory or Invalid Pointer Operation or AV in random
places of your App.

Here is FastMM log:

--------------------------------2012/10/17
2:38:54--------------------------------
FastMM has detected an error during a ReallocMem operation. The block footer
has been corrupted. 

The block size is: 50

This block was allocated by thread 0x13CC, and the stack trace (return
addresses) at the time was:
6093FA [sys\system.pas][sys\system.pas][@GetMem][2654]
60C0A1 [sys\system.pas][sys\system.pas][@NewAnsiString][12429]
60C79D [sys\system.pas][sys\system.pas][@LStrSetLength][13786]
BC6C64
[OverbyteIcsMimeUtils.pas][OverbyteIcsMimeUtils.pas][StrEncodeQPEx][2045]
6093FA [sys\system.pas][sys\system.pas][@GetMem][2654]
60C0A1 [sys\system.pas][sys\system.pas][@NewAnsiString][12429]
60C3F8 [sys\system.pas][sys\system.pas][@LStrCatN][13037]
BC621F
[OverbyteIcsMimeUtils.pas][OverbyteIcsMimeUtils.pas][HdrEncodeInLine][1796]
507B06 [MainUnit.cpp][MainUnit.cpp][StartBtnClick][1785]

The block is currently used for an object of class: Unknown
----------------------------------------------------------------------------
--------

Line 2045 in OverbyteICSMiceUtils.pas is here:

function StrEncodeQPEx(
    const Buf     : RawByteString;
    MaxCol        : Integer;
    Specials      : TSysCharSet;
    ShortSpace    : Boolean;
    var cPos      : Integer;
    DoFold        : Boolean;
    CodePage      : LongWord = CP_ACP;
    IsMultibyteCP : Boolean = FALSE) : RawByteString;
var
    lPosRes : Integer;
    NextCharIdx : Integer;
begin
    lPosRes := 1;
    NextCharIdx := cPos;
    if not DoFold then
        MaxCol := Length(Buf) * 3;                                     { AG
}
    if MaxCol < 16 then MaxCol := 16;                                  { AG
}
    SetLength(Result, MaxCol); <<<< HERE IS LINE 2045

Any suggestions to fix this problem ?

Many thanks !

---
With best regards, Max Terentiev.
Business Software Products.
AMS Development Team.
supp...@bspdev.com



--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be

Reply via email to