On 30.08.2012 17:32, Derek Smart wrote:
> Thanks Stefan.
>
> I first became aware of this and reported it to Symantec in the forum
> thread below. I hadn't reported it here yet because I was still
> researching the problem with Symantec support. Then I noticed that
> the person who created this thread, saw my post over there and
> reported it here.
>
> Thanks for the quick fix.
>
> However, I am still very much concerned that _any_ program is capable
> of completely disabling an AV program in this manner. As I said in
> the thread below, had I not noticed that the NIS desktop gadget had
> done dark (meaning that the NIS service had been terminated), I would
> never have noticed that something was up. After checking the Event
> Viewer and inspecting the dump (using SysInternals procdump), it
> became obvious that TSVN was causing this unusual behavior.
>
> From one dev to another, do you know what caused such a serious
> exception event which would terminate NIS? From what I can tell, it
> appears to be related to the NIS firewall. Since you have addressed
> the problem in the nightly, you probably know what issue in TSVN was
> that would cause a crash (as per your changelog) in certain programs
> (such as NIS)
The problem was that the shell extension part of TSVN called
AddVectoredExceptionHandler().
http://msdn.microsoft.com/en-us/library/windows/desktop/ms679274%28v=vs.85%29.aspx
And as the remarks on that page clearly indicate:
"If the VectoredHandler parameter points to a function in a DLL and that
DLL is unloaded, the handler is still registered. This can lead to
application errors."
Unfortunately, TSVN failed to remove that handler when the dll got
unloaded. So what happened was exactly what's described above.
Yup, we screwed up. One line of code wrong has a huge impact.
But why any security related tool would even use shell APIs knowing that
such APIs will load third party dlls - now that's another issue.
Might be worth mentioning that to the Norton devs...
Stefan
--
___
oo // \\ "De Chelonian Mobile"
(_,\/ \_/ \ TortoiseSVN
\ \_/_\_/> The coolest Interface to (Sub)Version Control
/_/ \_\ http://tortoisesvn.net
------------------------------------------------------
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=3002278
To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_tortoisesvn.tigris.org].
Received on 2012-08-30 22:28:33 CEST