[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Heap corruption issue seen on Japanese systems

From: Karl Nedwed <Karl_Nedwed_at_inode.at>
Date: Tue, 4 Dec 2012 15:12:37 +0100

Hello,

I am writing on behalf of our software development group at Bio-Rad Laboratories. We discovered a crash in our software on a Japanese system that appears to point at a problem inside SVN code. Details are as follows:

Our software (Bio-Rad KnowItAll 9.5) uses the standard File Open dialog box to import files into the software. On one Japanese system, there is a crash almost every time a user invokes the File Open dialog box. The Windows event log (exception code 0xc0000374) indicates a heap corruption, and the crash dump that you can find below also points to the File Open dialog box (location 0x4ec49b60 inside NT.dll).
We did a thorough review of all relevant code in our software and could not find any problem. Then we noticed that Tortoise SVN (latest version 1.7.10) was installed on that particular system. Uninstalling it fixed the problem.

Among other modules, the Windows shell code also loads some SVN DLLs if it is installed every time the File Open dialog box is invoked. This is why we believe that the SVN code that is executed as part of the standard Windows File Open dialog box is responsible for the heap corruption. Unfortunately we were not able to identify a particular reason why the problem only showed up on this Japanese system. We have been using SVN for a long period of time, and we have never seen any crash problems. We assume that a specific file on the Japanese system causes a heap corruption (buffer overrun?) within the SVN code.

Although we are unfortunately not able to tell you specific steps how to reproduce the problem, we thought that it would be worth reporting the issue to you. There is a possibility that Japanese characters in a file name or some other processing of Japanese characters cause a problem.

Please feel free to contact me any time in case you need more information. Thank you.

With kind regards,

Karl Nedwed
Senior Chemistry Software Engineer

Bio-Rad Laboratories, Inc.
Informatics Division
Radegunderstr. 108 C
8045 Graz
Austria

Phone/Fax: +43 316 695592
Email: Karl_Nedwed_at_inode.at
Web: http://www.informatics.bio-rad.com

_____________________________

The information contained in this transmission may be privileged and confidential and is intended only for the use of the person(s) named above. If you are not the intended recipient, you are hereby notified that any review, dissemination, distribution or duplication of this communication is strictly prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message.
_____________________________

ntdll.dll!_KiFastSystemCallRet_at_0()
user32.dll!_NtUserWaitMessage_at_0() + 0xc bytes
user32.dll!_DialogBox2_at_16() + 0xe8 bytes
user32.dll!_InternalDialogBox_at_24() + 0xb2 bytes
user32.dll!_DialogBoxIndirectParamAorW_at_24() + 0x36 bytes
user32.dll!_DialogBoxIndirectParamW_at_20() + 0x1b bytes
comdlg32.dll!CFileOpenSave::Show() + 0x146 bytes
comdlg32.dll!_InvokeNewFileOpenSave() + 0xab bytes
comdlg32.dll!_CreateNewFileOpenSaveInProc() + 0xae bytes
comdlg32.dll!NewGetFileName() + 0x121 bytes
comdlg32.dll!_NewGetOpenFileName_at_4() + 0xf bytes
comdlg32.dll!_GetFileName_at_8() + 0xcd bytes
comdlg32.dll!_GetOpenFileNameW_at_4() + 0x6a bytes
> mfc100u.dll!CCommDlgWrapper::_GetOpenFileNameW(tagOFNW * unnamed1) Line 362 + 0x67 bytes C++
mfc100u.dll!CFileDialog::DoModal() Line 753 C++
BRDataIO.dll!CBRIOCenter::DisplayDlgAndImportMultipleFiles(IBRDataImportEvents * pEvents, unsigned int dataMask, unsigned int dataSubMask, unsigned int flags, HWND__ * hWndParent, unsigned int dataMaskPrimary) Line 1383 + 0xb bytes C++
RefineIt.dll!CSpectrumHolderWnd::LoadDataSet(bool openNewDoc) Line 96 + 0x43 bytes C++
RefineIt.dll!CProcessItFrameWnd::OnFileOpen() Line 510 + 0x10 bytes C++
mfc100u.dll!_AfxDispatchCmdMsg(CCmdTarget * pTarget, unsigned int nID, int nCode, void (void)* pfn, void * pExtra, unsigned int nSig, AFX_CMDHANDLERINFO * pHandlerInfo) Line 82 C++
mfc100u.dll!CCmdTarget::OnCmdMsg(unsigned int nID, int nCode, void * pExtra, AFX_CMDHANDLERINFO * pHandlerInfo) Line 381 + 0x16 bytes C++
mfc100u.dll!CFrameWnd::OnCmdMsg(unsigned int nID, int nCode, void * pExtra, AFX_CMDHANDLERINFO * pHandlerInfo) Line 973 + 0x13 bytes C++
RefineIt.dll!CProcessItFrameWnd::OnCmdMsg(unsigned int nID, int nCode, void * pExtra, AFX_CMDHANDLERINFO * pHandlerInfo) Line 1738 + 0x11 bytes C++
mfc100u.dll!CWnd::OnCommand(unsigned int wParam, long lParam) Line 2675 + 0xd bytes C++
mfc100u.dll!CFrameWnd::OnCommand(unsigned int wParam, long lParam) Line 370 + 0xd bytes C++
mfc100u.dll!CWnd::OnWndMsg(unsigned int message, unsigned int wParam, long lParam, long * pResult) Line 2081 + 0x10 bytes C++
RefineIt.dll!CBRFrameWnd::OnWndMsg(unsigned int message, unsigned int wParam, long lParam, long * pResult) Line 410 + 0x13 bytes C++
mfc100u.dll!CWnd::WindowProc(unsigned int message, unsigned int wParam, long lParam) Line 2067 + 0x17 bytes C++
mfc100u.dll!AfxCallWndProc(CWnd * pWnd, HWND__ * hWnd, unsigned int nMsg, unsigned int wParam, long lParam) Line 248 + 0x11 bytes C++
mfc100u.dll!AfxWndProc(HWND__ * hWnd, unsigned int nMsg, unsigned int wParam, long lParam) Line 410 + 0x10 bytes C++
RefineIt.dll!AfxWndProcDllStatic(HWND__ * hWnd, unsigned int nMsg, unsigned int wParam, long lParam) Line 54 + 0x15 bytes C++
user32.dll!_InternalCallWinProc_at_20() + 0x23 bytes
user32.dll!_UserCallWinProcCheckWow_at_32() + 0xb3 bytes
user32.dll!_SendMessageWorker_at_20() + 0xee bytes
user32.dll!_SendMessageW_at_16() + 0x49 bytes
comctl32.dll!_TBOnLButtonUp_at_20() + 0x131 bytes
comctl32.dll!_ToolbarWndProc_at_16() + 0x2f64 bytes
user32.dll!_InternalCallWinProc_at_20() + 0x23 bytes
user32.dll!_UserCallWinProcCheckWow_at_32() + 0xb3 bytes
user32.dll!_CallWindowProcAorW_at_24() + 0x51 bytes
user32.dll!_CallWindowProcW_at_20() + 0x1b bytes
mfc100u.dll!CWnd::DefWindowProcW(unsigned int nMsg, unsigned int wParam, long lParam) Line 1075 + 0x13 bytes C++
mfc100u.dll!CWnd::WindowProc(unsigned int message, unsigned int wParam, long lParam) Line 2068 + 0x13 bytes C++
mfc100u.dll!CControlBar::WindowProc(unsigned int nMsg, unsigned int wParam, long lParam) Line 506 + 0xc bytes C++
mfc100u.dll!AfxCallWndProc(CWnd * pWnd, HWND__ * hWnd, unsigned int nMsg, unsigned int wParam, long lParam) Line 248 + 0x11 bytes C++
mfc100u.dll!AfxWndProc(HWND__ * hWnd, unsigned int nMsg, unsigned int wParam, long lParam) Line 410 + 0x10 bytes C++
RefineIt.dll!AfxWndProcDllStatic(HWND__ * hWnd, unsigned int nMsg, unsigned int wParam, long lParam) Line 54 + 0x15 bytes C++
user32.dll!_InternalCallWinProc_at_20() + 0x23 bytes
user32.dll!_UserCallWinProcCheckWow_at_32() + 0xb3 bytes
user32.dll!_DispatchMessageWorker_at_8() + 0xe6 bytes
user32.dll!_DispatchMessageW_at_4() + 0xf bytes
user32.dll!_IsDialogMessageW_at_8() + 0xe7 bytes
mfc100u.dll!CWnd::IsDialogMessageW(tagMSG * lpMsg) Line 197 + 0xc bytes C++
mfc100u.dll!CWnd::PreTranslateInput(tagMSG * lpMsg) Line 4659 + 0x6 bytes C++
mfc100u.dll!CControlBar::PreTranslateMessage(tagMSG * pMsg) Line 445 + 0x8 bytes C++
mfc100u.dll!CWnd::WalkPreTranslateTree(HWND__ * hWndStop, tagMSG * pMsg) Line 3258 + 0xb bytes C++
mfc100u.dll!AfxInternalPreTranslateMessage(tagMSG * pMsg) Line 233 + 0xe bytes C++
mfc100u.dll!CWinThread::PreTranslateMessage(tagMSG * pMsg) Line 777 + 0x8 bytes C++
RefineIt.dll!BRPlugInImpl<CMainObject,CRefineItIRFrameWnd>::FilterDllMsg(tagMSG * lpMsg) Line 303 + 0xa bytes C++
KnowItAll.exe!CKnowItAllApp::PreTranslateMessage(tagMSG * pMsg) Line 1311 + 0x11 bytes C++
mfc100u.dll!AfxPreTranslateMessage(tagMSG * pMsg) Line 255 C++
mfc100u.dll!AfxInternalPumpMessage() Line 178 + 0xf bytes C++
mfc100u.dll!CWinThread::Run() Line 629 + 0x7 bytes C++
mfc100u.dll!AfxWinMain(HINSTANCE__ * hInstance, HINSTANCE__ * hPrevInstance, wchar_t * lpCmdLine, int nCmdShow) Line 47 + 0x7 bytes C++
KnowItAll.exe!__tmainCRTStartup() Line 547 + 0x1c bytes C
kernel32.dll!@BaseThreadInitThunk_at_12() + 0x12 bytes
ntdll.dll!___RtlUserThreadStart_at_8() + 0x27 bytes
ntdll.dll!__RtlUserThreadStart_at_8() + 0x1b bytes

------------------------------------------------------
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=3033163

To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_tortoisesvn.tigris.org].
Received on 2012-12-04 15:19:06 CET

This is an archived mail posted to the TortoiseSVN Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.