Re: [Kdiff3-user] kdiff3 Ver 0.9.95 stack buffer overrun

[Joachim E. <joa...@gm...>]

Hi,

I tried to reproduce, but on my Windows-Vista machine there seems to be no 
problem.

It would help me most, if you were able to debug this yourself.
If you can't build yourself, I could create an executable that could be 
debugged with gdb.
Would this be ok?

Joachim



> Hi,
> 
> - System Windows XP SP3 (Spanish version)
> 
> - KDiff3 version kdiff3 Version 0.9.95 installed using
> KDiff3Setup_0.9.95-2.exe
> 
> When I mount two iso CD images on two virtual CD drives and attempt a
> directory comparison of the root of this two drives, KDiff3 bombs out
> generating an error report that is supposedly intended to be sent to
> MS.
> 
> Application event viewer records the following error:
> 
> Aplicación con errores: kdiff3.exe, versión: 0.0.0.0, módulo con
> error: kernel32.dll, versión 5.1.2600.5781, dirección de error
> 0x0005a6f2.
> 
> Application Failure  kdiff3.exe 0.0.0.0 in kernel32.dll 5.1.2600.5781
> at offset 0005a6f2
> 
> The same comparison running KDiff3 from withing WinDbg reports a stack
> buffer overrun, as the following info shows:
> 
> ---8<------------------8<------------------8<---------------
> 
>  *** A stack buffer overrun occurred in "C:\Archivos de
> programa\KDiff3\kdiff3.exe" :
> 
> This is usually the result of a memory copy to a local buffer or
> structure where the size is not properly calculated/checked.
> If this bug ends up in the shipping product, it could be a severe security
> hole. The stack trace should show the guilty function (the function
> directly above __report_gsfailure).
>  *** enter .exr 0023E8A0 for the exception record
>  *** then kb to get the faulting stack
> 
> (100.350): Break instruction exception - code 80000003 (first chance)
> eax=00000000 ebx=00020600 ecx=7c978568 edx=0023e62b esi=00000001
> edi=0023ebc8 eip=7c91120e esp=0023e844 ebp=0023e880 iopl=0         nv up
> ei pl zr na pe nc cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000    
>         efl=00000246 ntdll!DbgBreakPoint:
> 7c91120e cc              int     3
> 0:000> .exr 0023E8A0
> *** ERROR: Symbol file could not be found.  Defaulted to export
> symbols for C:\WINDOWS\system32\kernel32.dll -
> ExceptionAddress: 7c85a6f2
> (kernel32!SetClientTimeZoneInformation+0x00000921) ExceptionCode: c0000409
> (Stack buffer overflow)
>   ExceptionFlags: 00000000
> NumberParameters: 0
> 0:000> kb
> ChildEBP RetAddr  Args to Child
> WARNING: Stack unwind information not available. Following frames may be
> wrong. 0023e880 7c9785f1 0023ebc8 7c9785f6 0023ebd0 ntdll!DbgBreakPoint
> 0023e890 7c870ef6 0023ebc8 00000001 c0000409
> ntdll!RtlUnhandledExceptionFilter+0x12
> 0023ebd0 7c85a6f2 00000000 00000024 7c85a6f8
> kernel32!BeginUpdateResourceA+0x13b 0023ee60 7c85a788 0023ee78 0023eed8
> 0000c9a8
> kernel32!SetClientTimeZoneInformation+0x921
> 0023eea4 7c85a7bd 0023eed8 0000c9a8 0023f12c
> kernel32!SetClientTimeZoneInformation+0x9b7
> 0023eebc 7c85a834 0023eed8 0000c9a8 0023f12c
> kernel32!SetClientTimeZoneInformation+0x9ec
> 0023f0e4 7c83b11c 0000c9a8 00000000 0023f12c
> kernel32!SetClientTimeZoneInformation+0xa63
> *** ERROR: Module load completed but symbols could not be loaded for
> C:\Archivos de programa\KDiff3\kdiff3.exe
> 0023f288 00cf6cfc 00000000 0023f410 0023f420 kernel32!ValidateLocale+0x18f4
> 0023f458 00cacbb4 0023f4c0 018acb40 00000001 kdiff3+0x8f6cfc
> 0023f508 00cad3a1 0182b018 00000001 0023f528 kdiff3+0x8acbb4
> 0023f528 004a7493 0023f6b0 0023f650 ffffffff kdiff3+0x8ad3a1
> 0023f6e8 004a8b1e 0023f7b0 0023f8d0 00000000 kdiff3+0xa7493
> 0023f758 0040bbad 0023f7b0 0023f8d0 00000000 kdiff3+0xa8b1e
> 0023f818 00475078 0176cfd4 0023f8d0 0023f8e0 kdiff3+0xbbad
> 0023f9a8 0041c089 0176ce60 00000001 0176cfc0 kdiff3+0x75078
> 0023fb58 004be40e 0176ce60 0023fbd0 0023fbe0 kdiff3+0x1c089
> 0023fc18 00405efb 0173f7f8 00000001 0023fd50 kdiff3+0xbe40e
> 0023fe28 004e5078 00000001 01604f18 01604ed0 kdiff3+0x5efb
> 0023fef8 004e4d18 00400000 00000000 002623a4 kdiff3+0xe5078
> 0023ff78 0040124b 00000001 01603ed8 01602988 kdiff3+0xe4d18
> 
> ---8<------------------8<------------------8<---------------
> 
> More info... It doesn't matter if virtual CDs are Daemon Tools',
> Alcohol 52%'s or Microsoft Virtual CD Control Tool's, the problem
> persists with any of them.
> 
> Mounted ISO images being compared are valid ones, Windows explorer
> sees correctly into mounted drives, and WinMerge works properly.
> 
> Searching for a SetClientTimeZoneInformation function call in sources
> available in kdiff3-0.9.95.tar.gz shows that there is no such call, in
> there at least.
> 
> If you need any further info to help debug/fix this issue, or you want
> me to run whatever test, please don't hesitate to ask it.
> 
> Cheers,