[ https://issues.apache.org/jira/browse/XERCESC-2179?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16966743#comment-16966743 ]
Alberto Massari commented on XERCESC-2179: ------------------------------------------ The current code in the trunk is here: [http://svn.apache.org/viewvc/xerces/c/trunk/src/xercesc/util/Transcoders/Win32/Win32TransService.cpp?view=markup#l159] |{| |[163|http://svn.apache.org/viewvc/xerces/c/trunk/src/xercesc/util/Transcoders/Win32/Win32TransService.cpp?view=markup#l163]|unsigned long theType;| |[164|http://svn.apache.org/viewvc/xerces/c/trunk/src/xercesc/util/Transcoders/Win32/Win32TransService.cpp?view=markup#l164]|unsigned long theSize = nameBufSz;| |[165|http://svn.apache.org/viewvc/xerces/c/trunk/src/xercesc/util/Transcoders/Win32/Win32TransService.cpp?view=markup#l165]|return (::RegQueryValueExA| |[166|http://svn.apache.org/viewvc/xerces/c/trunk/src/xercesc/util/Transcoders/Win32/Win32TransService.cpp?view=markup#l166]|(| |[167|http://svn.apache.org/viewvc/xerces/c/trunk/src/xercesc/util/Transcoders/Win32/Win32TransService.cpp?view=markup#l167]|encodingKey| |[168|http://svn.apache.org/viewvc/xerces/c/trunk/src/xercesc/util/Transcoders/Win32/Win32TransService.cpp?view=markup#l168]|, "AliasForCharset"| |[169|http://svn.apache.org/viewvc/xerces/c/trunk/src/xercesc/util/Transcoders/Win32/Win32TransService.cpp?view=markup#l169]|, 0| |[170|http://svn.apache.org/viewvc/xerces/c/trunk/src/xercesc/util/Transcoders/Win32/Win32TransService.cpp?view=markup#l170]|, &theType| |[171|http://svn.apache.org/viewvc/xerces/c/trunk/src/xercesc/util/Transcoders/Win32/Win32TransService.cpp?view=markup#l171]|, (unsigned char*)aliasBuf| |[172|http://svn.apache.org/viewvc/xerces/c/trunk/src/xercesc/util/Transcoders/Win32/Win32TransService.cpp?view=markup#l172]|, &theSize| |[173|http://svn.apache.org/viewvc/xerces/c/trunk/src/xercesc/util/Transcoders/Win32/Win32TransService.cpp?view=markup#l173]|) == ERROR_SUCCESS);| |[174|http://svn.apache.org/viewvc/xerces/c/trunk/src/xercesc/util/Transcoders/Win32/Win32TransService.cpp?view=markup#l174]|}| theType is not unsigned int, it's unsigned long that is identical to DWORD theType after the preprocessor expands the macro. > access violation in win32transservice.cpp with 64 bit compile > ------------------------------------------------------------- > > Key: XERCESC-2179 > URL: https://issues.apache.org/jira/browse/XERCESC-2179 > Project: Xerces-C++ > Issue Type: Bug > Components: DOM > Affects Versions: 3.2.2 > Reporter: martin goodall > Assignee: Alberto Massari > Priority: Blocker > Fix For: 3.2.3 > > Attachments: Win32TransService.cpp > > > calls to ::Reg... to get registry info are passing in stack variables that > are 8 bytes long into functions that overwrite 16 bytes, causing memory > overwrite and very random segs. -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org For additional commands, e-mail: c-dev-h...@xerces.apache.org