Re: [Kdiff3-user] kdiff3 Ver 0.9.95 stack buffer overrun

[Yang T. <yan...@gm...>]

2011/5/2 Joachim Eibl wrote:

> Now I can see the lower KDiff3-part of the stack. But the upper
> kernel32-part is probably not correct yet.
>
> If you also want to fix that, use Windbg again and set this as a symbolpath:
>
> SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
>
> Windbg will load Microsoft pdb-files from the net into your local directory
>
> c:\symbols which should be created first. The kdiff3-part will be unclear to
> Windbg again though.

Yes, the windbg does not show the mingw debug info. I'm inlining the
windbg backtrace for the first kdiff3 you provided with debug info in
case you are yet interested in it. More comments after this
backtrace...

------8<------8<------8<------8<------8<------8<------8<------8<------8<
Microsoft (R) Windows Debugger Version 6.12.0002.633 X86
Copyright (c) Microsoft Corporation. All rights reserved.

CommandLine: C:\kdiff3_1\kdiff3.exe
Symbol search path is:
SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
ModLoad: 00400000 01bf4000   image00400000
ModLoad: 7c910000 7c9c8000   ntdll.dll
ModLoad: 7c800000 7c903000   C:\WINDOWS\system32\kernel32.dll
ModLoad: 64d00000 64d33000   C:\Archivos de programa\Alwil
Software\Avast5\snxhk.dll
ModLoad: 77da0000 77e4c000   C:\WINDOWS\system32\ADVAPI32.DLL
ModLoad: 77e50000 77ee3000   C:\WINDOWS\system32\RPCRT4.dll
ModLoad: 77fc0000 77fd1000   C:\WINDOWS\system32\Secur32.dll
ModLoad: 76360000 763aa000   C:\WINDOWS\system32\COMDLG32.DLL
ModLoad: 58c30000 58cca000   C:\WINDOWS\system32\COMCTL32.dll
ModLoad: 77ef0000 77f39000   C:\WINDOWS\system32\GDI32.dll
ModLoad: 7e390000 7e421000   C:\WINDOWS\system32\USER32.dll
ModLoad: 7e6a0000 7eec1000   C:\WINDOWS\system32\SHELL32.dll
ModLoad: 77be0000 77c38000   C:\WINDOWS\system32\msvcrt.dll
ModLoad: 77f40000 77fb6000   C:\WINDOWS\system32\SHLWAPI.dll
ModLoad: 76340000 7635d000   C:\WINDOWS\system32\IMM32.DLL
ModLoad: 774b0000 775ee000   C:\WINDOWS\system32\OLE32.dll
ModLoad: 770f0000 7717b000   C:\WINDOWS\system32\OLEAUT32.DLL
ModLoad: 76b00000 76b2e000   C:\WINDOWS\system32\WINMM.DLL
ModLoad: 72f80000 72fa6000   C:\WINDOWS\system32\WINSPOOL.DRV
ModLoad: 71a30000 71a47000   C:\WINDOWS\system32\WS2_32.DLL
ModLoad: 71a20000 71a28000   C:\WINDOWS\system32\WS2HELP.dll
ModLoad: 6e940000 6e950000   C:\kdiff3_1\libgcc_s_dw2-1.dll
(a78.eb0): Break instruction exception - code 80000003 (first chance)
eax=00351ea4 ebx=7ffd6000 ecx=00000001 edx=00000002 esi=00351f18 edi=00351ea4
eip=7c91120e esp=0022fb20 ebp=0022fc94 iopl=0         nv up ei pl nz na po nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000202
ntdll!DbgBreakPoint:
7c91120e cc              int     3
0:000> g
ModLoad: 773a0000 774a3000
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
ModLoad: 76630000 766e5000   C:\WINDOWS\system32\userenv.dll
ModLoad: 5b150000 5b188000   C:\WINDOWS\system32\uxtheme.dll
ModLoad: 02790000 02a66000   C:\WINDOWS\system32\xpsp2res.dll
ModLoad: 76310000 76320000   C:\WINDOWS\system32\winsta.dll
ModLoad: 597f0000 59845000   C:\WINDOWS\system32\NETAPI32.dll
(a78.eb0): Unknown exception - code 000006ba (first chance)
ModLoad: 76f90000 7700f000   C:\WINDOWS\system32\CLBCATQ.DLL
ModLoad: 77010000 770e0000   C:\WINDOWS\system32\COMRes.dll
ModLoad: 77bd0000 77bd8000   C:\WINDOWS\system32\VERSION.dll
ModLoad: 7e210000 7e383000   C:\WINDOWS\system32\shdocvw.dll
ModLoad: 77a50000 77ae6000   C:\WINDOWS\system32\CRYPT32.dll
ModLoad: 77af0000 77b02000   C:\WINDOWS\system32\MSASN1.dll
ModLoad: 76890000 76914000   C:\WINDOWS\system32\CRYPTUI.dll
ModLoad: 597f0000 59845000   C:\WINDOWS\system32\NETAPI32.dll
ModLoad: 77180000 7722b000   C:\WINDOWS\system32\WININET.dll
ModLoad: 76bf0000 76c1e000   C:\WINDOWS\system32\WINTRUST.dll
ModLoad: 76c50000 76c78000   C:\WINDOWS\system32\IMAGEHLP.dll
ModLoad: 76f20000 76f4d000   C:\WINDOWS\system32\WLDAP32.dll
ModLoad: 74dc0000 74e2d000   C:\WINDOWS\system32\RichEd20.dll
ModLoad: 77b10000 77b32000   C:\WINDOWS\system32\appHelp.dll
ModLoad: 64e40000 64e62000   C:\Archivos de programa\Alwil
Software\Avast5\ashShell.dll
ModLoad: 66080000 6609a000   C:\ARCHIV~1\ALWILS~1\Avast5\3082\Base.dll
ModLoad: 7d1f0000 7d4ac000   C:\WINDOWS\system32\msi.dll
ModLoad: 779f0000 77a45000   C:\WINDOWS\System32\cscui.dll
ModLoad: 765b0000 765cd000   C:\WINDOWS\System32\CSCDLL.dll
ModLoad: 75f30000 7602d000   C:\WINDOWS\system32\browseui.dll
ModLoad: 778f0000 779e7000   C:\WINDOWS\system32\SETUPAPI.dll
ModLoad: 71aa0000 71ab2000   C:\WINDOWS\system32\MPR.dll
ModLoad: 75f10000 75f17000   C:\WINDOWS\System32\drprov.dll
ModLoad: 71bb0000 71bbe000   C:\WINDOWS\System32\ntlanman.dll
ModLoad: 71c70000 71c87000   C:\WINDOWS\System32\NETUI0.dll
ModLoad: 71c30000 71c70000   C:\WINDOWS\System32\NETUI1.dll
ModLoad: 71c20000 71c27000   C:\WINDOWS\System32\NETRAP.dll
ModLoad: 71b90000 71ba3000   C:\WINDOWS\System32\SAMLIB.dll
ModLoad: 75f20000 75f2a000   C:\WINDOWS\System32\davclnt.dll
ModLoad: 16210000 1648e000   C:\WINDOWS\system32\wpdshext.dll
ModLoad: 4eba0000 4ed4b000
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\gdiplus.dll
ModLoad: 10930000 10979000   C:\WINDOWS\system32\PortableDeviceApi.dll
ModLoad: 73cf0000 73d03000   C:\WINDOWS\system32\shgina.dll
ModLoad: 75920000 75a19000   C:\WINDOWS\system32\MSGINA.dll
ModLoad: 745e0000 7461d000   C:\WINDOWS\system32\ODBC32.dll
ModLoad: 76310000 76320000   C:\WINDOWS\system32\WINSTA.dll
ModLoad: 1f840000 1f858000   C:\WINDOWS\system32\odbcint.dll
(a78.2a0): Unknown exception - code 000006ba (first chance)
ModLoad: 76940000 76948000   C:\WINDOWS\system32\LINKINFO.dll
ModLoad: 76950000 76976000   C:\WINDOWS\system32\ntshrui.dll
ModLoad: 76ae0000 76af1000   C:\WINDOWS\system32\ATL.DLL
(a78.2a0): Unknown exception - code 000006ba (first chance)
ModLoad: 07160000 071a6000   C:\WINDOWS\system32\Audiodev.dll
ModLoad: 15110000 1536d000   C:\WINDOWS\system32\WMVCore.DLL
ModLoad: 11c70000 11caa000   C:\WINDOWS\system32\WMASF.DLL
ModLoad: 16210000 1648e000   C:\WINDOWS\system32\wpdshext.dll
ModLoad: 4eba0000 4ed4b000
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\gdiplus.dll
ModLoad: 73cf0000 73d03000   C:\WINDOWS\system32\shgina.dll
(a78.2a0): Unknown exception - code 000006ba (first chance)
ModLoad: 07160000 071a6000   C:\WINDOWS\system32\Audiodev.dll
ModLoad: 15110000 1536d000   C:\WINDOWS\system32\WMVCore.DLL
ModLoad: 11c70000 11caa000   C:\WINDOWS\system32\WMASF.DLL


 *** A stack buffer overrun occurred in C:\kdiff3_1\kdiff3.exe:

This is usually the result of a memory copy to a local buffer or
structure where the size is not properly calculated/checked.
If this bug ends up in the shipping product, it could be a severe security hole.
The stack trace should show the guilty function (the function directly
above __report_gsfailure).
 *** enter .exr 0022E9D0 for the exception record
 *** then kb to get the faulting stack

(a78.eb0): Break instruction exception - code 80000003 (first chance)
eax=00000000 ebx=00020648 ecx=7c978568 edx=0022e75b esi=00000001 edi=0022ecf8
eip=7c91120e esp=0022e974 ebp=0022e9b0 iopl=0         nv up ei pl zr na pe nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00200246
ntdll!DbgBreakPoint:
7c91120e cc              int     3
0:000> .exr 0022E9D0
ExceptionAddress: 7c85a6f2 (kernel32!FindRegTziForCurrentYear+0x000001a5)
   ExceptionCode: c0000409 (Stack buffer overflow)
  ExceptionFlags: 00000000
NumberParameters: 0
0:000> kb
ChildEBP RetAddr  Args to Child
0022e970 7c977ede 0022ea20 00000001 0022f6f0 ntdll!DbgBreakPoint
0022e9b0 7c9785f1 0022ecf8 7c9785f6 0022ed00
ntdll!RtlUnhandledExceptionFilter2+0x27b
0022e9c0 7c870ef6 0022ecf8 00000001 c0000409
ntdll!RtlUnhandledExceptionFilter+0x12
0022ed00 7c85a6f2 00000000 00000024 7c85a6f8 kernel32!__report_gsfailure+0xda
0022ef90 7c85a788 0022efa8 0022f008 0000c2e3
kernel32!FindRegTziForCurrentYear+0x1a5
0022efd4 7c85a7bd 0022f008 0000c2e3 0022f25c
kernel32!CheckDynamicTimeZoneInformation+0x29
0022efec 7c85a834 0022f008 0000c2e3 0022f25c
kernel32!GetDynamicTimeZoneInfoForTimeZone+0x17
0022f214 7c83b11c 0000c2e3 00000000 0022f25c
kernel32!GetTimeZoneInformationForYear+0x58
*** ERROR: Module load completed but symbols could not be loaded for
image00400000
0022f3b8 00b340ca 00000000 0022f3f8 0022f3e8
kernel32!SystemTimeToTzSpecificLocalTime+0x3c
WARNING: Stack unwind information not available. Following frames may be wrong.
0022f428 00b3651d 023ba218 00000000 0022f6ac image00400000+0x7340ca
0022f728 00af6639 0022f75c 0245a858 00000000 image00400000+0x73651d
0022f778 00af6799 024751b8 00000000 0022ffe0 image00400000+0x6f6639
0022f798 00461d44 0022f844 0022f818 00000004 image00400000+0x6f6799
0022f8a8 00460e0d 0022f8f8 0022fa04 00000000 image00400000+0x61d44
0022f8d8 00405108 0022f8f8 0022fa04 00000000 image00400000+0x60e0d
0022f948 0044608d 0238e858 0022fa04 0022f9fc image00400000+0x5108
0022fa68 00418525 0238e6e0 00000001 0238e840 image00400000+0x4608d
0022fb68 0047429b 0238e6e0 0022fbb4 0022fbb0 image00400000+0x18525
0022fbd8 00404803 023812d0 00000001 0022fc14 image00400000+0x7429b
0022feb8 0048a4cf 00000001 02204460 02204428 image00400000+0x4803
0022fef8 0048a198 00400000 00000000 0025236e image00400000+0x8a4cf
0022ff78 0040124b 00000001 02202790 022029f0 image00400000+0x8a198
0022ffb0 004012b8 00000002 00000009 0022fff0 image00400000+0x124b
0022ffc0 7c817077 0150f6ee 0150f736 7ffd6000 image00400000+0x12b8
0022fff0 00000000 004012a0 00000000 78746341 kernel32!BaseProcessStart+0x23
------8<------8<------8<------8<------8<------8<------8<------8<------8<

It seems there's some problem related with UTC/local time conversion.

> Nevertheless I think, that the only way to avoid the problem would be
> not to query the time unless really needed. The bug seems to be in the
> Windows-XP-dlls or in your specific environment.

Certainly the change you introduced, postponing date retrieval, seems
to have fixed the issue given that the last version you provided does
not exhibit the problem previous version had.

I don't know if it is actually a MS-dll problem, a
configuration/corruption problem, or whatever else. What I know is
that the last change you've introduced fixes the issue I was able to
reproduce on to different XP boxes.

Thanks a lot.

Looking forward to next kdiff3 release
-- 
-=[Yang]=-