Re: Problem with szone_free and corrupted free memory block

From: Gilles Kohl <gilles_delete_this@xxxxxxxxxxxxxx>
Date: Fri, 22 May 2009 00:49:23 +0200

On Thu, 21 May 2009 13:36:16 -0700 (PDT), Lothar Behrens
<lothar.behrens@xxxxxxxxxxxx> wrote:

Hi,

I wonder about an error that I do not got on my Windows platform, but
I got it on Mac OS X (10.5.2/PPC).

The following code is used several times to rewrite database ALTER
TABLE rules to triggers and it crashed at the end of the code:

[...]

Now I have solved the problem by finding a discrepancy in variables
used in strlen calls to malloc and the sprintf function.
That solved it still crashed. The next thing I tried was to add an
extra size different to 1 (100). Then it worked.

Is there something wrong in that code (except the missing checks of
strings be NULL before passing to strlen)?

If my count is correct, you've got 11 %s placeholders in your
template, but only 10 corresponding char * in your call to sprintf:

table->name,fk->col,table->name,fk->fcol,fk->ftab,fk->fcol,fk->col,fk->col,fk->ftab,fk->fcol

That means that depending on what is on the stack at the time sprintf
is called, you will or won't get a memory overwrite or access
violation.

I guess the way you are currently doing this is just too error-prone -
my suggestion would be to drop the sprintf style altogether, and move
to something with readable placeholders, e.g.

CREATE TRIGGER \"fk_{Table}_{Column}_ins\" BEFORE INSERT ON {Table}

(etc., you get the idea)

You'll need to create your own "ReplaceTemplateParameters"
function (and be careful with computing memory requirements), but this
will have several advantages:

- readable templates

- ability to change template without changing code

- ability to read template from file or resource

- ability to harden code against SQL injection

Regards,
Gilles.

.

References:
- Problem with szone_free and corrupted free memory block
  - From: Lothar Behrens

Prev by Date: Problem with szone_free and corrupted free memory block
Next by Date: Google Icon Vase Speaker - Black
Previous by thread: Problem with szone_free and corrupted free memory block
Next by thread: Google Icon Vase Speaker - Black
Index(es):
- Date
- Thread

Relevant Pages

Re: Bugs fixed in 2007?
... see that having the ability to list only a particular heading level would be ... I set my numbering styles properly, but still have a lot of problems ... I set up my own template but again, pulling styles from it into other ...
(microsoft.public.word.docmanagement)
Re: Tiefling and Aasimar: not just black & white
... allowing them to vary by creature. ... etc.) choose another appropriate ability. ... where a Spell-like ability is granted by a template below, ... Creating a Planeblood Creature ...
(rec.games.frp.dnd)
problem with inserting/deleting file w/ section break and page bre
... I have a template that has the ability to add/delete files. ... Latest request is to insert another file, however with this file, because of ...
(microsoft.public.word.vba.general)
RE: not able to unprotect
... future users to enable macros, if they hit yes the form will work. ... > re-opened the ability to type in my form fields is gone, ... > template, and created a "new" document based off the template... ...
(microsoft.public.word.docmanagement)
Re: How to stop Word inserting auto dates
... It's a shame that Word doesn't offer the ability ... users of the template have W2007 or the compatibility pack. ... auto inserting todays date ?? ...
(microsoft.public.word.formatting.longdocs)