Subject: Re: 0.9.4.1 Crasher
From: Mike Nordell (tamlin@algonet.se)
Date: Thu Sep 27 2001 - 08:32:02 CDT
Randy Kramer wrote:
>
> > you didn't specify what address the pgm tried to access).
>
> Oops, sorry -- next time.
No worries.
> Just to clarify things for myself, I'm assuming that anywhere there is
> an instruction like "ecx,dword ptr [eax+28h]" there is a crash waiting
> to happen?
Not at all. But, if eax (a CPU register) is loaded with an invalid pointer
(such as NULL) then this will crash.
To try to explain. Using the MSVC compiler, a piece of code such as:
something_t* pSomething = getSometPtr();
int some_int = pSomething->getSomeInt();
and assuming getSomeInt() is an inlined function, it generates assembler
code like:
[... allocate space for some_int on the stack]
call getSomePtr
move some_int, [eax+XXh]
where XXh is the hexadecimal offset of the member from the beginning of the
type something_t.
So long as getSomePtr() returns a valid pointer to a something_t object all
is fine. But if getSomePtr() for some reason returen e.g. NULL, and the
client code doesn't check for NULL pointer, then it's a crash waiting to
happen.
> Is there a way to search the entire AbiWord codebase with some regular
> expression to find all the instances of the C++ code that causes the
> problem? (I'm guessing there are some others.)
No. Problems like this can surface anywhere you use a pointer and isn't
checking for validity.
/Mike
This archive was generated by hypermail 2b25 : Thu Sep 27 2001 - 08:32:34 CDT