This looks like a buffer overflow has been detected. Looking at the code in
GetKnownEvents, this could happen if the IF condition on line 5187
evaluates to false, The fix should be to move the two lines starting at
line 5187 inside the curly braces for that condition.
Rick
On Wed, May 11, 2022 at 9:39 AM Rony G. Flatscher <rony.flatsc...@wu.ac.at>
wrote:
> Running a simple ooRexx script:
>
> -- Start Word with empty document
> Word = .OLEObject~New("Word.Application")
> Word~Visible = .TRUE -- make Word visible
> Document = Word~Documents~Add -- add document
> say .line "Document:" document", before 'call createOleInfo document, ...'"
> -- the following call causes a crash in oleinfo*call createOleInfo
> document, "word~documents~add"*
> say .line "before document~textEndoding ..."
> textEncoding=document~textEncoding
> say "Document~textEncoding:" textEncoding
> Selection = word~selection
>
> Selection~Style = "Normal" -- Create selection with style: normal
> Selection~TypeText("I am Normal Text. Document's textEncoding:" textEncoding)
> -- give selection a text
> Selection~TypeParagraph
>
> say "Done."
>
> Threads:
>
> *Not Flagged > 1688 0 Main Thread Main Thread
> orexxole.dll!__report_securityfailure Normal*
> Not Flagged 23848 0 Worker Thread
> ntdll.dll!TppWorkerThread ntdll.dll!_NtWaitForWorkViaWorkerFactory@20
> Normal
> Not Flagged 16364 0 Worker Thread
> ntdll.dll!TppWorkerThread ntdll.dll!_NtWaitForWorkViaWorkerFactory@20
> Normal
> Not Flagged 9940 0 Worker Thread
> ntdll.dll!TppWorkerThread ntdll.dll!_NtWaitForWorkViaWorkerFactory@20
> Normal
> Not Flagged 23076 0 Worker Thread
> combase.dll!CRpcThreadCache::RpcWorkerThreadEntry
> combase.dll!WaitCoalesced Normal
> Not Flagged 12240 0 Worker Thread
> ntdll.dll!TppWorkerThread ntdll.dll!_NtWaitForWorkViaWorkerFactory@20
> Normal
> Not Flagged 20944 0 Worker Thread
> ntdll.dll!TppWorkerThread ntdll.dll!_NtWaitForWorkViaWorkerFactory@20
> Normal
> Not Flagged 23568 0 Worker Thread ANSI32.dll thread
> ANSI32.dll!59e2223f Normal
>
> Call Stack
>
> > *orexxole.dll!__report_securityfailure(unsigned long failure_code=8)
> > Line 446 C** orexxole.dll!__report_rangecheckfailure(...) Line 539
> > C** orexxole.dll!OLEObject_GetKnownEvents_impl(RexxMethodContext_ *
> > context=0x0067cb00, _RexxObjectPtr * self=0x027d9dd8) Line 5197 C++**
> > orexxole.dll!OLEObject_GetKnownEvents(RexxMethodContext_ *
> > context=0x0067cb00, _ValueDescriptor * arguments=0x0067cb18) Line 5123
> > C++*
> rexx.dll!NativeActivation::run(MethodClass * _method=0x00c42380,
> NativeMethod * _code=0x00c42670, RexxObject * _receiver=0x027d9dd8,
> RexxString * _msgname=0x02822750, RexxObject * * _arglist=0x02dd3a60,
> unsigned int _argcount=0, ProtectedObject & resultObj={...}) Line 1306
> C++
> rexx.dll!NativeMethod::run(Activity * activity=0x027d0318, MethodClass
> * method=0x00c42380, RexxObject * receiver=0x027d9dd8, RexxString *
> messageName=0x02822750, RexxObject * * argPtr=0x02dd3a60, unsigned int
> count=0, ProtectedObject & result={...}) Line 329 C++
> rexx.dll!MethodClass::run(Activity * activity=0x027d0318, RexxObject *
> receiver=0x027d9dd8, RexxString * msgname=0x02822750, RexxObject * *
> argPtr=0x02dd3a60, unsigned int count=0, ProtectedObject & result={...}) Line
> 171 C++
> rexx.dll!RexxObject::messageSend(RexxString * msgname=0x02822750,
> RexxObject * * arguments=0x02dd3a60, unsigned int count=0, ProtectedObject &
> result={...}) Line 902 C++
> rexx.dll!ExpressionStack::send(RexxString * message=0x02822750,
> unsigned int count=0, ProtectedObject & result={...}) Line 80 C++
> rexx.dll!RexxExpressionMessage::evaluate(RexxActivation *
> context=0x02865de8, ExpressionStack * stack=0x02865ec0) Line 191 C++
> rexx.dll!RexxInstructionAssignment::execute(RexxActivation *
> context=0x02865de8, ExpressionStack * stack=0x02865ec0) Line 129 C++
> rexx.dll!RexxActivation::run(RexxObject * _receiver=0x02865dd0,
> RexxString * name=0x00b70388, RexxObject * * _arglist=0x02dd3988, unsigned
> int _argcount=2, RexxInstruction * start=0x00000000, ProtectedObject &
> resultObj={...}) Line 591 C++
> rexx.dll!RexxCode::run(Activity * activity=0x027d0318, MethodClass *
> method=0x02824230, RexxObject * receiver=0x02865dd0, RexxString *
> msgname=0x00b70388, RexxObject * * argPtr=0x02dd3988, unsigned int
> argcount=2, ProtectedObject & result={...}) Line 211 C++
> rexx.dll!MethodClass::run(Activity * activity=0x027d0318, RexxObject *
> receiver=0x02865dd0, RexxString * msgname=0x00b70388, RexxObject * *
> argPtr=0x02dd3988, unsigned int count=2, ProtectedObject & result={...}) Line
> 171 C++
> rexx.dll!RexxObject::messageSend(RexxString * msgname=0x00b70388,
> RexxObject * * arguments=0x02dd3988, unsigned int count=2, ProtectedObject &
> result={...}) Line 902 C++
> rexx.dll!RexxObject::sendMessage(RexxString * message=0x00b70388,
> RexxObject * * args=0x02dd3988, unsigned int argCount=2, ProtectedObject &
> result={...}) Line 510 C++
> rexx.dll!RexxClass::completeNewObject(RexxObject * obj=0x02865dd0,
> RexxObject * * initArgs=0x02dd3988, unsigned int argCount=2) Line 1900
> C++
> rexx.dll!RexxObject::newRexx(RexxObject * * arguments=0x02dd3988,
> unsigned int argCount=2) Line 2672 C++
> rexx.dll!CPPCode::run(Activity * activity=0x027d0318, MethodClass *
> method=0x00b6fe58, RexxObject * receiver=0x0282dcb0, RexxString *
> messageName=0x027e8e70, RexxObject * * argPtr=0x02dd3988, unsigned int
> count=2, ProtectedObject & result={...}) Line 147 C++
> rexx.dll!MethodClass::run(Activity * activity=0x027d0318, RexxObject *
> receiver=0x0282dcb0, RexxString * msgname=0x027e8e70, RexxObject * *
> argPtr=0x02dd3988, unsigned int count=2, ProtectedObject & result={...}) Line
> 171 C++
> rexx.dll!RexxObject::messageSend(RexxString * msgname=0x027e8e70,
> RexxObject * * arguments=0x02dd3988, unsigned int count=2, ProtectedObject &
> result={...}) Line 902 C++
> rexx.dll!ExpressionStack::send(RexxString * message=0x027e8e70,
> unsigned int count=2, ProtectedObject & result={...}) Line 80 C++
> rexx.dll!RexxExpressionMessage::evaluate(RexxActivation *
> context=0x02865690, ExpressionStack * stack=0x02865768) Line 191 C++
> rexx.dll!RexxInstructionAssignment::execute(RexxActivation *
> context=0x02865690, ExpressionStack * stack=0x02865768) Line 129 C++
> rexx.dll!RexxActivation::run(RexxObject * _receiver=0x00000000,
> RexxString * name=0x027e0630, RexxObject * * _arglist=0x02dd38f0, unsigned
> int _argcount=3, RexxInstruction * start=0x00000000, ProtectedObject &
> resultObj={...}) Line 591 C++
> rexx.dll!RexxCode::call(Activity * activity=0x027d0318, RoutineClass *
> routine=0x02815098, RexxString * routineName=0x027e0630, RexxObject * *
> argPtr=0x02dd38f0, unsigned int argcount=3, RexxString * calltype=0x00c75bb8,
> RexxString * environment=0x00000000, ActivationContext context=EXTERNALCALL,
> ProtectedObject & result={...}) Line 188 C++
> rexx.dll!RoutineClass::call(Activity * activity=0x027d0318, RexxString
> * routineName=0x027e0630, RexxObject * * argPtr=0x02dd38f0, unsigned int
> argcount=3, RexxString * calltype=0x00c75bb8, RexxString *
> environment=0x00000000, ActivationContext context=EXTERNALCALL,
> ProtectedObject & result={...}) Line 193 C++
> rexx.dll!RexxActivation::externalCall(RoutineClass * &
> routine=0x02815098, RexxString * target=0x027e0630, RexxObject * *
> arguments=0x02dd38f0, unsigned int argcount=3, RexxString *
> calltype=0x00c75bb8, ProtectedObject & resultObj={...}) Line 2935 C++
> rexx.dll!RexxExpressionFunction::evaluate(RexxActivation *
> context=0x027e3c28, ExpressionStack * stack=0x027e3d00) Line 214 C++
> rexx.dll!RexxInstructionAssignment::execute(RexxActivation *
> context=0x027e3c28, ExpressionStack * stack=0x027e3d00) Line 129 C++
> rexx.dll!RexxActivation::run(RexxObject * _receiver=0x00000000,
> RexxString * name=0x027d6558, RexxObject * * _arglist=0x02dd3890, unsigned
> int _argcount=2, RexxInstruction * start=0x00000000, ProtectedObject &
> resultObj={...}) Line 591 C++
> rexx.dll!RexxCode::call(Activity * activity=0x027d0318, RoutineClass *
> routine=0x027e3c08, RexxString * routineName=0x027d6558, RexxObject * *
> argPtr=0x02dd3890, unsigned int argcount=2, RexxString * calltype=0x00c75ff8,
> RexxString * environment=0x00c75be8, ActivationContext context=EXTERNALCALL,
> ProtectedObject & result={...}) Line 188 C++
> rexx.dll!RoutineClass::call(Activity * activity=0x027d0318, RexxString
> * routineName=0x027d6558, RexxObject * * argPtr=0x02dd3890, unsigned int
> argcount=2, RexxString * calltype=0x00c75ff8, RexxString *
> environment=0x00c75be8, ActivationContext context=EXTERNALCALL,
> ProtectedObject & result={...}) Line 193 C++
> rexx.dll!RexxActivation::callExternalRexx(RexxString *
> target=0x027d6558, RexxObject * * arguments=0x02dd3890, unsigned int
> argcount=2, RexxString * calltype=0x00c75ff8, ProtectedObject &
> resultObj={...}) Line 3010 C++
> rexx.dll!SystemInterpreter::invokeExternalFunction(RexxActivation *
> activation=0x027d7508, Activity * activity=0x027d0318, RexxString *
> target=0x027d6558, RexxObject * * arguments=0x02dd3890, unsigned int
> argcount=2, RexxString * calltype=0x00c75ff8, ProtectedObject & result={...})
> Line 107 C++
> rexx.dll!RexxActivation::externalCall(RoutineClass * &
> routine=0x00000000, RexxString * target=0x027d6558, RexxObject * *
> arguments=0x02dd3890, unsigned int argcount=2, RexxString *
> calltype=0x00c75ff8, ProtectedObject & resultObj={...}) Line 2951 C++
> rexx.dll!RexxInstructionCall::execute(RexxActivation *
> context=0x027d7508, ExpressionStack * stack=0x027d75e0) Line 200 C++
> rexx.dll!RexxActivation::run(RexxObject * _receiver=0x00000000,
> RexxString * name=0x027d33a8, RexxObject * * _arglist=0x027d2fa8, unsigned
> int _argcount=0, RexxInstruction * start=0x00000000, ProtectedObject &
> resultObj={...}) Line 591 C++
> rexx.dll!RexxCode::call(Activity * activity=0x027d0318, RoutineClass *
> routine=0x027d74e8, RexxString * routineName=0x027d33a8, RexxObject * *
> argPtr=0x027d2fa8, unsigned int argcount=0, RexxString * calltype=0x00bacd90,
> RexxString * environment=0x00c75be8, ActivationContext context=PROGRAMCALL,
> ProtectedObject & result={...}) Line 188 C++
> rexx.dll!RoutineClass::runProgram(Activity * activity=0x027d0318,
> RexxObject * * arguments=0x027d2fa8, unsigned int argCount=0, ProtectedObject
> & result={...}) Line 264 C++
> rexx.dll!CallProgramDispatcher::run() Line 242 C++
> rexx.dll!NativeActivation::run(ActivityDispatcher & dispatcher={...})
> Line 1641 C++
> rexx.dll!Activity::run(ActivityDispatcher & target={...}) Line 3314
> C++
> rexx.dll!CallProgram(RexxThreadContext_ * c=0x027d032c, const char *
> p=0x00a832c9, _RexxArrayObject * a=0x027d2f78) Line 516 C++
> rexx.exe!RexxThreadContext_::CallProgram(const char * n=0x00a832c9,
> _RexxArrayObject * a=0x027d2f78) Line 998 C++
> rexx.exe!main(int argc=2, char * * argv=0x00a832b8) Line 226 C++
> rexx.exe!invoke_main() Line 64 C++
> rexx.exe!__scrt_common_main_seh() Line 253 C++
> rexx.exe!__scrt_common_main() Line 296 C++
> rexx.exe!mainCRTStartup() Line 17 C++
> kernel32.dll!@BaseThreadInitThunk@12 () Unknown
> ntdll.dll!__RtlUserThreadStart() Unknown
> ntdll.dll!__RtlUserThreadStart@8 () Unknown
>
> This is with a 32-bit debug version of ooRexx (r12377).
>
> ---
>
> Using the external program "createOleInfo.rex" and supplying an OLEObject
> (in this case Word's 'document' object) allows one to get an on-the-fly
> html-documentation of that particular OLEObject, which works just fine,
> hence surprised that it crashes ooRexx.
>
> Will keep the MSVS-Debugger open for a while in case further information
> is needed.
>
> ---rony
>
>
> _______________________________________________
> Oorexx-devel mailing list
> Oorexx-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/oorexx-devel
>
_______________________________________________
Oorexx-devel mailing list
Oorexx-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/oorexx-devel
