Somewhere between 0.9.23 and 0.9.24, a commit introduced a bug in oleaut32 which results in a nasty crash when parsing some MSFT typelibs. Notably, regsvr32 msvbvm60.dll" will crash on this bug, although I experienced it with DBGRID32.OCX too. I have traced the point of the crash to typelib.c:1814
if ( pFuncRec->FKCCIC & 0x2000 ) { (*pptfd)->Entry = SysAllocString((WCHAR*)pFuncRec->OptAttr[2]); }
Apparently, 0x2000 as a flag in FKCCIC indicates that pFuncRec->OptAttr[2] is a pointer to some string. If what little understanding I have of typelib loading is correct, these typelibs are read from DLL resources on disk. Therefore, I fail to grasp how they can possibly refer to valid memory locations. I have this attached patch that temporarily plugs the crash, but I don't think the code is right in the first place. Or am I missing some crucial fact about typelib parsing?
From compare with version 1.266:
if ( pFuncRec->FKCCIC & 0x2000 ) { (*pptfd)->Entry = (WCHAR*) pFuncRec->OptAttr[2] ; }
I would dare to say that it has always been wrong, only now is crashing because the code now attempts to strdup() it with SysAllocString.
Alex Villacís Lasso
On 29.10.2006 02:54, a_villacis@palosanto.com wrote:
Apparently, 0x2000 as a flag in FKCCIC indicates that pFuncRec->OptAttr[2] is a pointer to some string. If what little understanding I have of typelib loading is correct, these typelibs are read from DLL resources on disk. Therefore, I fail to grasp how they can possibly refer to valid memory locations.
Hmm, perhaps check if interpreting the value as an offset from the start of the typelib data is sensible?
-f.r.
-
a_villacis@palosanto.com -
Frank Richter