Menu
▾
▴
[Kdiff3-user] kdiff3 Ver 0.9.95 stack buffer overrun
|
From: Yang T. <yan...@gm...> - 2011-04-29 16:25:40
|
Hi, - System Windows XP SP3 (Spanish version) - KDiff3 version kdiff3 Version 0.9.95 installed using KDiff3Setup_0.9.95-2.exe When I mount two iso CD images on two virtual CD drives and attempt a directory comparison of the root of this two drives, KDiff3 bombs out generating an error report that is supposedly intended to be sent to MS. Application event viewer records the following error: Aplicación con errores: kdiff3.exe, versión: 0.0.0.0, módulo con error: kernel32.dll, versión 5.1.2600.5781, dirección de error 0x0005a6f2. Application Failure kdiff3.exe 0.0.0.0 in kernel32.dll 5.1.2600.5781 at offset 0005a6f2 The same comparison running KDiff3 from withing WinDbg reports a stack buffer overrun, as the following info shows: ---8<------------------8<------------------8<--------------- *** A stack buffer overrun occurred in "C:\Archivos de programa\KDiff3\kdiff3.exe" : This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked. If this bug ends up in the shipping product, it could be a severe security hole. The stack trace should show the guilty function (the function directly above __report_gsfailure). *** enter .exr 0023E8A0 for the exception record *** then kb to get the faulting stack (100.350): Break instruction exception - code 80000003 (first chance) eax=00000000 ebx=00020600 ecx=7c978568 edx=0023e62b esi=00000001 edi=0023ebc8 eip=7c91120e esp=0023e844 ebp=0023e880 iopl=0 nv up ei pl zr na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 ntdll!DbgBreakPoint: 7c91120e cc int 3 0:000> .exr 0023E8A0 *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\kernel32.dll - ExceptionAddress: 7c85a6f2 (kernel32!SetClientTimeZoneInformation+0x00000921) ExceptionCode: c0000409 (Stack buffer overflow) ExceptionFlags: 00000000 NumberParameters: 0 0:000> kb ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 0023e880 7c9785f1 0023ebc8 7c9785f6 0023ebd0 ntdll!DbgBreakPoint 0023e890 7c870ef6 0023ebc8 00000001 c0000409 ntdll!RtlUnhandledExceptionFilter+0x12 0023ebd0 7c85a6f2 00000000 00000024 7c85a6f8 kernel32!BeginUpdateResourceA+0x13b 0023ee60 7c85a788 0023ee78 0023eed8 0000c9a8 kernel32!SetClientTimeZoneInformation+0x921 0023eea4 7c85a7bd 0023eed8 0000c9a8 0023f12c kernel32!SetClientTimeZoneInformation+0x9b7 0023eebc 7c85a834 0023eed8 0000c9a8 0023f12c kernel32!SetClientTimeZoneInformation+0x9ec 0023f0e4 7c83b11c 0000c9a8 00000000 0023f12c kernel32!SetClientTimeZoneInformation+0xa63 *** ERROR: Module load completed but symbols could not be loaded for C:\Archivos de programa\KDiff3\kdiff3.exe 0023f288 00cf6cfc 00000000 0023f410 0023f420 kernel32!ValidateLocale+0x18f4 0023f458 00cacbb4 0023f4c0 018acb40 00000001 kdiff3+0x8f6cfc 0023f508 00cad3a1 0182b018 00000001 0023f528 kdiff3+0x8acbb4 0023f528 004a7493 0023f6b0 0023f650 ffffffff kdiff3+0x8ad3a1 0023f6e8 004a8b1e 0023f7b0 0023f8d0 00000000 kdiff3+0xa7493 0023f758 0040bbad 0023f7b0 0023f8d0 00000000 kdiff3+0xa8b1e 0023f818 00475078 0176cfd4 0023f8d0 0023f8e0 kdiff3+0xbbad 0023f9a8 0041c089 0176ce60 00000001 0176cfc0 kdiff3+0x75078 0023fb58 004be40e 0176ce60 0023fbd0 0023fbe0 kdiff3+0x1c089 0023fc18 00405efb 0173f7f8 00000001 0023fd50 kdiff3+0xbe40e 0023fe28 004e5078 00000001 01604f18 01604ed0 kdiff3+0x5efb 0023fef8 004e4d18 00400000 00000000 002623a4 kdiff3+0xe5078 0023ff78 0040124b 00000001 01603ed8 01602988 kdiff3+0xe4d18 ---8<------------------8<------------------8<--------------- More info... It doesn't matter if virtual CDs are Daemon Tools', Alcohol 52%'s or Microsoft Virtual CD Control Tool's, the problem persists with any of them. Mounted ISO images being compared are valid ones, Windows explorer sees correctly into mounted drives, and WinMerge works properly. Searching for a SetClientTimeZoneInformation function call in sources available in kdiff3-0.9.95.tar.gz shows that there is no such call, in there at least. If you need any further info to help debug/fix this issue, or you want me to run whatever test, please don't hesitate to ask it. Cheers, -- -=[Yang]=- |
