[rt.cpan.org #77048] USHORT type causes uninitialized memory crash

Front page | perl.libwin32 | Postings from May 2012
[rt.cpan.org #77048] USHORT type causes uninitialized memory crash

Thread Previous
From:
patcat via RT
Date:
May 7, 2012 11:55
Subject:
[rt.cpan.org #77048] USHORT type causes uninitialized memory crash
Message ID:
rt-3.8.HEAD-20170-1336416932-1463.77048-15-0@rt.cpan.org
Mon May 07 14:55:32 2012: Request 77048 was acted upon.
Transaction: Ticket created by patcat88
       Queue: Win32-API
     Subject: USHORT type causes uninitialized memory crash
   Broken in: 0.68
    Severity: Critical
       Owner: Nobody
  Requestors: bulk88@hotmail.com
      Status: new
 Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=77048 >


I have a function with the protoype of "DWORD __stdcall PtrUShortCall
(DWORD_PTR ptr, USHORT num)". This crashes Win32::API 0.68 with
DEBUGGING Perl 5.12. VS 2003 was used to compile Win32::API 0.68 and the
test DLL and the DEBUGGING Perl 5.12. Changing the USHORT to a DWORD in
the string prototype given
to Win32::API makes everything superficially fine. Changing USHORT to
SHORT causes same exact crash. Changing USHORT to short fails, see way
way down for output of this test case. If I run testdll.pl
on the commandline, the error is "Can't call method "Pack" on an
undefined value at testdll.pl line 8.", if I run it in VS debugger,
which includes the Win32 debugging heap, I get a crash, because of the
BAADF00D poisoning. testdll.dll was generated by running compile.bat. I
am 32 bit Win XP.
_________________________________________________
First-chance exception at 0x2815faf4 (perl512.dll) in perl.exe:
0xC0000005: Access violation reading location 0xbaadf015.
_________________________________________________
>	perl512.dll!Perl_newSVsv(interpreter * my_perl=0x003940a4, sv * const
old=0xbaadf00d)  Line 8099 + 0x3	C
 	API.dll!XS_Win32__API_Call(interpreter * my_perl=0x003940a4, cv *
cv=0x009603c4)  Line 614 + 0x58	C
 	perl512.dll!Perl_pp_entersub(interpreter * my_perl=0x003940a4)  Line
2882 + 0x10	C
 	perl512.dll!Perl_runops_debug(interpreter * my_perl=0x003940a4)  Line
2049 + 0xd	C
 	perl512.dll!S_run_body(interpreter * my_perl=0x003940a4, long
oldscope=1)  Line 2308 + 0xd	C
 	perl512.dll!perl_run(interpreter * my_perl=0x003940a4)  Line 2233 + 0xd	C
 	perl512.dll!RunPerl(int argc=2, char * * argv=0x00282510, char * *
env=0x002828d8)  Line 270 + 0x9	C++
 	perl.exe!main(int argc=2, char * * argv=0x00282510, char * *
env=0x00282d50)  Line 23 + 0x12	C
 	perl.exe!mainCRTStartup()  Line 398 + 0xe	C
 	kernel32.dll!_BaseProcessStart@4()  + 0x23	
________________________________________________________
Line 614 in api.c is
________________________________________________________
 610    
 611                    ENTER;
 612                    SAVETMPS;
 613                    PUSHMARK(SP);
 614                    XPUSHs(sv_2mortal(newSVsv(origST[i])));
 615                    PUTBACK;
 616                    count = call_method("Pack", G_DISCARD);
 617                    PUTBACK;
 618    
 619                    FREETMPS;
 620                    LEAVE; 
_________________________________________________________
origST array seems to be uninitialized garbage, 8 is "good sized" number
I choose to view the array, var nin is 1 BTW
____________________________________________________________
-	origST,8	0x008346d4	sv * *
+	[0]	0xbaadf00d {sv_any=??? sv_refcnt=??? sv_flags=??? ...}	sv *
+	[1]	0xbaadf00d {sv_any=??? sv_refcnt=??? sv_flags=??? ...}	sv *
+	[2]	0xabababab {sv_any=??? sv_refcnt=??? sv_flags=??? ...}	sv *
+	[3]	0xabababab {sv_any=??? sv_refcnt=??? sv_flags=??? ...}	sv *
+	[4]	0xfeeefeee {sv_any=??? sv_refcnt=??? sv_flags=??? ...}	sv *
+	[5]	0x00000000 {sv_any=??? sv_refcnt=??? sv_flags=??? ...}	sv *
+	[6]	0x00000000 {sv_any=??? sv_refcnt=??? sv_flags=??? ...}	sv *
+	[7]	0x00080148 {sv_any=0x000000b0 sv_refcnt=218 sv_flags=1 ...}	sv *
______________________________________________________________
The output of testdll.pl on the command line is
_________________________________________________________
C:\Documents and Settings\Owner\Desktop\w32api>perl testdll.pl
Win32::API 0.68
Win32::API::new: Loading library 'testdll.dll'
(PM)parse_prototype: got PROC '_PtrUShortCall@8'
(PM)parse_prototype: got PARAMS 'DWORD_PTR ptr, USHORT num'
(PM)parse_prototype: IN='DWORD_PTR' PACKING='L' API_TYPE=1
(PM)parse_prototype: IN='USHORT' PACKING='S' API_TYPE=51
parse_prototype: IN=[ 1 51 ]
parse_prototype: OUT='DWORD' PACKING='L' API_TYPE=1
GetProcAddress('_PtrUShortCall@8') = '3801664'
Object blessed!
Can't call method "Pack" on an undefined value at testdll.pl line 8.
Win32::API::DESTROY: Freeing library 'testdll.dll'

C:\Documents and Settings\Owner\Desktop\w32api>
____________________________________________________________
The command line output of testdll.pl under VS debugger is
____________________________________________________________
Win32::API 0.68
Win32::API::new: Loading library 'testdll.dll'
(PM)parse_prototype: got PROC '_PtrUShortCall@8'
(PM)parse_prototype: got PARAMS 'DWORD_PTR ptr, USHORT num'
(PM)parse_prototype: IN='DWORD_PTR' PACKING='L' API_TYPE=1
(PM)parse_prototype: IN='USHORT' PACKING='S' API_TYPE=51
parse_prototype: IN=[ 1 51 ]
parse_prototype: OUT='DWORD' PACKING='L' API_TYPE=1
GetProcAddress('_PtrUShortCall@8') = '3801664'
Object blessed!
____________________________________________________________
Changing USHORT to short fails, CL output is
_____________________________________________________________
C:\Documents and Settings\Owner\Desktop\w32api>perl testdll.pl
Win32::API 0.68
Win32::API::new: Loading library 'testdll.dll'
(PM)parse_prototype: got PROC '_PtrUShortCall@8'
(PM)parse_prototype: got PARAMS 'DWORD_PTR ptr, short num'
(PM)parse_prototype: IN='DWORD_PTR' PACKING='L' API_TYPE=1
Win32::API::parse_prototype: WARNING unknown parameter type 'short' at
C:/perl51
2/site/lib/Win32/API.pm line 305.
parse_prototype: IN=[ 1 3 ]
parse_prototype: OUT='DWORD' PACKING='L' API_TYPE=1
GetProcAddress('_PtrUShortCall@8') = '3801664'
Object blessed!
exiting
Win32::API::DESTROY: Freeing library 'testdll.dll'

C:\Documents and Settings\Owner\Desktop\w32api>
______________________________________________________________
C:\Documents and Settings\Owner\Desktop\w32api>perl -V
Summary of my perl5 (revision 5 version 12 subversion 2) configuration:

  Platform:
    osname=MSWin32, osvers=5.1, archname=MSWin32-x86-multi-thread
    uname=''
    config_args='undef'
    hint=recommended, useposix=true, d_sigaction=undef
    useithreads=define, usemultiplicity=define
    useperlio=define, d_sfio=undef, uselargefiles=define, usesocks=undef
    use64bitint=undef, use64bitall=undef, uselongdouble=undef
    usemymalloc=n, bincompat5005=undef
  Compiler:
    cc='cl', ccflags ='-nologo -GF -W3 -Od -MD -Zi -DDEBUGGING -DWIN32
-D_CONSOL
E -DNO_STRICT -DHAVE_DES_FCRYPT  -DPERL_IMPLICIT_CONTEXT
-DPERL_IMPLICIT_SYS -DU
SE_PERLIO',
    optimize='-Od -MD -Zi -DDEBUGGING',
    cppflags='-DWIN32'
    ccversion='13.10.3077', gccversion='', gccosandvers=''
    intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=1234
    d_longlong=undef, longlongsize=8, d_longdbl=define, longdblsize=8
    ivtype='long', ivsize=4, nvtype='double', nvsize=8, Off_t='__int64',
lseeksi
ze=8
    alignbytes=8, prototype=define
  Linker and Libraries:
    ld='link', ldflags ='-nologo -nodefaultlib -debug 
-libpath:"c:\perl512\lib\
CORE"  -machine:x86'
    libpth="c:\Program Files\Microsoft Visual Studio .NET 2003\VC7\lib"
    libs=  oldnames.lib kernel32.lib user32.lib gdi32.lib winspool.lib 
comdlg32
.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib  netapi32.lib
uuid.lib ws2_
32.lib mpr.lib winmm.lib  version.lib odbc32.lib odbccp32.lib
comctl32.lib msvcr
t.lib
    perllibs=  oldnames.lib kernel32.lib user32.lib gdi32.lib
winspool.lib  comd
lg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib  netapi32.lib
uuid.lib
ws2_32.lib mpr.lib winmm.lib  version.lib odbc32.lib odbccp32.lib
comctl32.lib m
svcrt.lib
    libc=msvcrt.lib, so=dll, useshrplib=true, libperl=perl512.lib
    gnulibc_version=''
  Dynamic Linking:
    dlsrc=dl_win32.xs, dlext=dll, d_dlsymun=undef, ccdlflags=' '
    cccdlflags=' ', lddlflags='-dll -nologo -nodefaultlib -debug 
-libpath:"c:\p
erl512\lib\CORE"  -machine:x86'


Characteristics of this binary (from libperl):
  Compile-time options: DEBUGGING MULTIPLICITY PERL_DONT_CREATE_GVSV
                        PERL_IMPLICIT_CONTEXT PERL_IMPLICIT_SYS
                        PERL_MALLOC_WRAP PERL_TRACK_MEMPOOL PL_OP_SLAB_ALLOC
                        USE_ITHREADS USE_LARGE_FILES USE_PERLIO
                        USE_PERL_ATOF
  Built under MSWin32
  Compiled at Mar 23 2011 08:10:43
  %ENV:
    PERL_JSON_BACKEND="JSON::XS"
    PERL_YAML_BACKEND="YAML"
  @INC:
    C:/perl512/site/lib
    C:/perl512/lib
    .

C:\Documents and Settings\Owner\Desktop\w32api>
_____________________________________________________
Thread Previous
[rt.cpan.org #77048] USHORT type causes uninitialized memory crash by patcat via RT
[rt.cpan.org #77048] USHORT type causes uninitialized memory crash by patcat via RT
nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About