You are viewing a plain text version of this content. The canonical link for it is here.

Posted to c-dev@xerces.apache.org by "Alberto Massari (Jira)" <xe...@xml.apache.org> on 2019/11/04 09:38:00 UTC

[jira] [Commented] (XERCESC-2179) access violation in win32transservice.cpp with 64 bit compile

    [ https://issues.apache.org/jira/browse/XERCESC-2179?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16966506#comment-16966506 ] 

Alberto Massari commented on XERCESC-2179:
------------------------------------------

The definition for RegQueryValueExA ([https://docs.microsoft.com/en-us/windows/win32/api/winreg/nf-winreg-regqueryvalueexa)] uses LPDWORD, but DWORD is defined as "unsigned long" ([https://docs.microsoft.com/en-us/windows/win32/winprog/windows-data-types)]

 
|*DWORD*|A 32-bit unsigned integer. The range is 0 through 4294967295 decimal.
 This type is declared in IntSafe.h as follows:
 {{typedef unsigned long DWORD;}}|

 

So, there should be no difference between an unsigned long and a DWORD.

As for the changes that add a +1 to some string lengths, the size of the buffer is set to 1024, and it should be big enough to hold any possible encoding name; in other cases the data to be read is a number, so the NULL terminator would not be added.

Are you targeting a non-desktop version of Windows? I don't see how that code could fail

> access violation in win32transservice.cpp with 64 bit compile
> -------------------------------------------------------------
>
>                 Key: XERCESC-2179
>                 URL: https://issues.apache.org/jira/browse/XERCESC-2179
>             Project: Xerces-C++
>          Issue Type: Bug
>          Components: DOM
>    Affects Versions: 3.2.2
>            Reporter: martin goodall
>            Assignee: Alberto Massari
>            Priority: Blocker
>             Fix For: 3.2.3
>
>         Attachments: Win32TransService.cpp
>
>
> calls to ::Reg... to get registry info are passing in stack variables that are 8 bytes long into functions that overwrite 16 bytes, causing memory overwrite and very random segs.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: c-dev-unsubscribe@xerces.apache.org
For additional commands, e-mail: c-dev-help@xerces.apache.org