[ https://issues.apache.org/jira/browse/XERCESC-2179?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16966771#comment-16966771 ]
Alberto Massari edited comment on XERCESC-2179 at 11/4/19 3:50 PM: ------------------------------------------------------------------- That code is correct too: {code} 362 unsigned long theSize; ... 405 unsigned long theType; 406 unsigned int CPId; 407 unsigned int IEId; 408 409 theSize = sizeof(unsigned int); 410 if (::RegQueryValueExA 411 ( 412 encodingKey 413 , "Codepage" 414 , 0 415 , &theType 416 , (unsigned char*)&CPId 417 , &theSize) != ERROR_SUCCESS) 418 { 419 ::RegCloseKey(encodingKey); 420 continue; 421 } {code} The Codepage (and the InternetEncoding queried later) are defined as REG_DWORD, so they need just 32 bit to be stored, and both the CPId and the sizeof(unsigned int) are enough to hold its value, with no need to add space for a NULL terminator that in any case would be a wrong value to add just to theSize (because CPId would not have room for 5 bytes, only for 4). Changing the code to use the Windows macros would help reading the code, but I don't see an actual issue here was (Author: amassari): That code is correct too: {code} 362 unsigned long theSize; ... 405 unsigned long theType; 406 unsigned int CPId; 407 unsigned int IEId; 408 409 theSize = sizeof(unsigned int); 410 if (::RegQueryValueExA 411 ( 412 encodingKey 413 , "Codepage" 414 , 0 415 , &theType 416 , (unsigned char*)&CPId 417 , &theSize) != ERROR_SUCCESS) 418 { 419 ::RegCloseKey(encodingKey); 420 continue; 421 } {code} The Codepage (and the InternetEncoding quried later) are defined as REG_DWORD, so they need just 32 bit to be stored, and both the CPId and the sizeof(unsigned int) are enough to hold its value, with no need to add space for a NULL terminator that in any case would be a wrong value to add just to theSize (because CPId would not have room for 5 bytes, only for 4). Changing the code to use the Windows macros would help reading the code, but I don't see an actual issue here > access violation in win32transservice.cpp with 64 bit compile > ------------------------------------------------------------- > > Key: XERCESC-2179 > URL: https://issues.apache.org/jira/browse/XERCESC-2179 > Project: Xerces-C++ > Issue Type: Bug > Components: DOM > Affects Versions: 3.2.2 > Reporter: martin goodall > Assignee: Alberto Massari > Priority: Blocker > Fix For: 3.2.3 > > Attachments: Win32TransService.cpp > > > calls to ::Reg... to get registry info are passing in stack variables that > are 8 bytes long into functions that overwrite 16 bytes, causing memory > overwrite and very random segs. -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org For additional commands, e-mail: c-dev-h...@xerces.apache.org