On 18/08/2010 18:54, Sergey Khorev wrote:
It is by design in the recent VC CRT libraries (VS2005 onwards?) Any
unsupported format specifier will result in a crash. On Windows, or at
least builds that use recent VC CRT libraries, VIM needs to validate the
format string that it only contains supported format specifiers. I'm
guessing mingw is using older versions of the Windows CRT or has its own
version.
Attached is a patch to check for allowed specifiers for Windows. Not sure
if any other platforms need a similar check (I doubt it). Don't know if
need extra code to cope with multi-byte format strings. Don't know if
having the check function in eval.c is the right thing to do. Does stop the
crash for me.
Perhaps another options would be installation of custom validation
handler via _set_invalid_parameter_handler as described on
http://msdn.microsoft.com/en-us/library/ksazx244(v=VS.80).aspx
Unfortunately I cannot provide a patch at the moment. Maybe later if
no one outruns me.
F1rst! :-)
Pros: All Windows specific code.
Cons: Can't do anything clever with an invalid format string.
Should be ok with mingw32.
TTFN
Mike
--
Adversity makes men, and prosperity makes monsters.
--
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php
diff --git a/src/os_win32.c b/src/os_win32.c
--- a/src/os_win32.c
+++ b/src/os_win32.c
@@ -1615,6 +1615,27 @@
return TRUE;
}
+/*
+ * Bad parameter handler.
+ *
+ * Certain MS CRT functions will intentionally crash when passed invalid
+ * parameters to highlight possible security holes. Setting this function as
+ * the bad parameter handler will prevent the crash.
+ *
+ * In debug builds the parameters contain CRT information that might help track
+ * down the source of a problem, but in non-debug builds the arguments are all
+ * NULL/0. Debug builds will also produce assert dialogs from the CRT, it is
+ * worth allowing these to make debugging of issues easier.
+ */
+static void
+bad_param_handler(const wchar_t* expression,
+ const wchar_t* function,
+ const wchar_t* file,
+ unsigned int line,
+ uintptr_t pReserved)
+{
+}
+
#ifdef FEAT_GUI_W32
/*
@@ -1627,6 +1648,9 @@
extern int _fmode;
#endif
+ /* Silently handle invalid parameters to CRT functions */
+ (void)_set_invalid_parameter_handler(bad_param_handler);
+
/* Let critical errors result in a failure, not in a dialog box. Required
* for the timestamp test to work on removed floppies. */
SetErrorMode(SEM_FAILCRITICALERRORS);
@@ -2103,6 +2127,9 @@
extern int _fmode;
#endif
+ /* Silently handle invalid parameters to CRT functions */
+ (void)_set_invalid_parameter_handler(bad_param_handler);
+
/* Let critical errors result in a failure, not in a dialog box. Required
* for the timestamp test to work on removed floppies. */
SetErrorMode(SEM_FAILCRITICALERRORS);
