[
https://issues.apache.org/jira/browse/XERCESC-2179?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16966771#comment-16966771
]
Alberto Massari edited comment on XERCESC-2179 at 11/4/19 3:50 PM:
-------------------------------------------------------------------
That code is correct too:
{code}
362 unsigned long theSize;
...
405 unsigned long theType;
406 unsigned int CPId;
407 unsigned int IEId;
408
409 theSize = sizeof(unsigned int);
410 if (::RegQueryValueExA
411 (
412 encodingKey
413 , "Codepage"
414 , 0
415 , &theType
416 , (unsigned char*)&CPId
417 , &theSize) != ERROR_SUCCESS)
418 {
419 ::RegCloseKey(encodingKey);
420 continue;
421 }
{code}
The Codepage (and the InternetEncoding queried later) are defined as REG_DWORD,
so they need just 32 bit to be stored, and both the CPId and the
sizeof(unsigned int) are enough to hold its value, with no need to add space
for a NULL terminator that in any case would be a wrong value to add just to
theSize (because CPId would not have room for 5 bytes, only for 4).
Changing the code to use the Windows macros would help reading the code, but I
don't see an actual issue here
was (Author: amassari):
That code is correct too:
{code}
362 unsigned long theSize;
...
405 unsigned long theType;
406 unsigned int CPId;
407 unsigned int IEId;
408
409 theSize = sizeof(unsigned int);
410 if (::RegQueryValueExA
411 (
412 encodingKey
413 , "Codepage"
414 , 0
415 , &theType
416 , (unsigned char*)&CPId
417 , &theSize) != ERROR_SUCCESS)
418 {
419 ::RegCloseKey(encodingKey);
420 continue;
421 }
{code}
The Codepage (and the InternetEncoding quried later) are defined as REG_DWORD,
so they need just 32 bit to be stored, and both the CPId and the
sizeof(unsigned int) are enough to hold its value, with no need to add space
for a NULL terminator that in any case would be a wrong value to add just to
theSize (because CPId would not have room for 5 bytes, only for 4).
Changing the code to use the Windows macros would help reading the code, but I
don't see an actual issue here
> access violation in win32transservice.cpp with 64 bit compile
> -------------------------------------------------------------
>
> Key: XERCESC-2179
> URL: https://issues.apache.org/jira/browse/XERCESC-2179
> Project: Xerces-C++
> Issue Type: Bug
> Components: DOM
> Affects Versions: 3.2.2
> Reporter: martin goodall
> Assignee: Alberto Massari
> Priority: Blocker
> Fix For: 3.2.3
>
> Attachments: Win32TransService.cpp
>
>
> calls to ::Reg... to get registry info are passing in stack variables that
> are 8 bytes long into functions that overwrite 16 bytes, causing memory
> overwrite and very random segs.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
