[
https://issues.apache.org/jira/browse/XERCESC-2179?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16966746#comment-16966746
]
martin goodall commented on XERCESC-2179:
-----------------------------------------
here is some code inserted in Win32TransService.c:-
printf("unsigned int = %1ld\n", sizeof(unsigned int));
printf("unsigned int* = %1ld\n", sizeof(unsigned int *));
printf("LPDWORD = %1ld\n", sizeof(LPDWORD));
printf("LPDWORD* = %1ld\n", sizeof(LPDWORD *));
printf("DWORD = %1ld\n", sizeof(DWORD));
printf("DWORD* = %1ld\n", sizeof(DWORD *));
printf("unsigned long = %1ld\n", sizeof(unsigned long));
printf("unsigned long* = %1ld\n", sizeof(unsigned long *));
and the output on 64 bit machine (VS 2019):-
unsigned int = 4
unsigned int* = 8
LPDWORD = 8
LPDWORD* = 8
DWORD = 4
DWORD* = 8
unsigned long = 4
unsigned long* = 8
when I follow "far" its #defined to "" so ignore far.
The above output confirms the bug.
unsigned int is 4 bytes. The address is used of the stack variable. the
function overwrites 8 bytes.
Hope this helps
> access violation in win32transservice.cpp with 64 bit compile
> -------------------------------------------------------------
>
> Key: XERCESC-2179
> URL: https://issues.apache.org/jira/browse/XERCESC-2179
> Project: Xerces-C++
> Issue Type: Bug
> Components: DOM
> Affects Versions: 3.2.2
> Reporter: martin goodall
> Assignee: Alberto Massari
> Priority: Blocker
> Fix For: 3.2.3
>
> Attachments: Win32TransService.cpp
>
>
> calls to ::Reg... to get registry info are passing in stack variables that
> are 8 bytes long into functions that overwrite 16 bytes, causing memory
> overwrite and very random segs.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
