[Issue 6144] Unexpected OPTLINK Termination at EIP=00428DA3

d-bugmail at puremagic.com d-bugmail at puremagic.com
Mon Sep 17 08:06:32 PDT 2012 

http://d.puremagic.com/issues/show_bug.cgi?id=6144


Sönke Ludwig <sludwig at outerproduct.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |sludwig at outerproduct.org


--- Comment #4 from Sönke Ludwig <sludwig at outerproduct.org> 2012-09-17 08:07:18 PDT ---
I'm also hit by this quite often. Changing random things will make it work or
break it.

This is the disassembly of the offending function:

0x00428d82 c8040000         enter       0004,00
0x00428d86 53               push        ebx
0x00428d87 56               push        esi
0x00428d88 c745fc00000000   mov         dword ptr [ebp-04],00000000
0x00428d8f 8b45fc           mov         eax,dword ptr [ebp-04]
0x00428d92 3b4510           cmp         eax,dword ptr [ebp+10]
0x00428d95 7314             jae         00428dab
0x00428d97 8b4d0c           mov         ecx,dword ptr [ebp+0c]
0x00428d9a 8b55fc           mov         edx,dword ptr [ebp-04]
0x00428d9d 8a1c11           mov         bl,byte ptr [edx+ecx]
0x00428da0 8b7508           mov         esi,dword ptr [ebp+08]
0x00428da3 881c16           mov         byte ptr [edx+esi],bl     <<< Access
Violation
0x00428da6 ff45fc           inc         dword ptr [ebp-04]
0x00428da9 ebe4             jmp         00428d8f
0x00428dab 8b4508           mov         eax,dword ptr [ebp+08]
0x00428dae 5e               pop         esi
0x00428daf 5b               pop         ebx
0x00428db0 c9               leave
0x00428db1 c3               retn

ESI contains 0x028a3cd0 and EDX contains 0x330.

A couple of bytes after [ESI] there comes a very long mangled string:

D921TypeInfo_S4vibe5templ4diet295__T19parseDietFileCompatVAyaa11_73686f775f626f782e6474TC4vibe4http6server17HttpServerRequestVAyaa3_726571TPS5index8show_boxFC4vibe4http6server17HttpServerRequestC4vibe4http6server18HttpServerResponseAyaZv11ShowBoxInfoVAyaa4_696e666fTC8moneybox3api11MoneyBoxApiVAyaa3_617069TAyaVAyaa5_6572726f72Z19parseDietFileCompatFC4vibe6stream6stream12OutputStreamAS3std7variant17__T8VariantNVk20Z8VariantNXv480__T12FilterResultS4284vibe5templ4diet295__T19parseDietFileCompatVAyaa11_73686f775f626f782e6474TC4vibe4http6server17HttpServerRequestVAyaa3_726571TPS5index8show_boxFC4vibe4http6server17HttpServerRequestC4vibe4http6server18HttpServerResponseAyaZv11ShowBoxInfoVAyaa4_696e666fTC8moneybox3api11MoneyBoxApiVAyaa3_617069TAyaVAyaa5_6572726f72Z19parseDietFileCompatFC4vibe6strea

The string is terminated with the end of the memory page, after which there is
no more mapped memory. Looks like a simple buffer overrun.

-- 
Configure issuemail: http://d.puremagic.com/issues/userprefs.cgi?tab=email
------- You are receiving this mail because: -------

More information about the Digitalmars-d-bugs mailing list