?
Solved

VS2005 C++ CString::Format() crashed if invalid format specifier is used

Posted on 2009-05-06
12
Medium Priority
?
1,582 Views
Last Modified: 2013-12-14
A VS2005 release compiled program will crash on the Format instruction below.  Why?  Note the use of the letter O as opposed to the number 0 in the format specifier.

   CString cs;
   try
   {
      cs.Format("%2.Of",0); // as opposed to cs.Format("%2.0f",0);
   }
   catch (...)
   {
      // we neverget here
   }
0
Comment
Question by:mogulza
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
  • 2
12 Comments
 
LVL 40

Expert Comment

by:evilrix
ID: 24315710
it's probably a Windows structured exception being thrown and not a C++ exception. A C++ exception handler cannot be used to catch a structured exception.
0
 
LVL 40

Expert Comment

by:evilrix
ID: 24315738
it's probably a Windows structured exception being thrown and not a C++ exception. A C++ exception handler cannot be used to catch a structured exception.
0
 

Author Comment

by:mogulza
ID: 24316033
Thanks evilrix.  The funny thing is that this does not happen with VS 6.0.  So Microsoft have changed the rules for VS2005.  Can you show me what code to use to catchthe exception?
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:mogulza
ID: 24316185
evilrix .. have consulted MSDN and added SEH code (isong _set_se_translator) and this does not help.  Crash still happens .. which implies it is not a structured exception ..... ?
0
 
LVL 40

Expert Comment

by:evilrix
ID: 24316367
VC 6 did indeed catch structured exceptions but this was changed because it was not correct behavior. When I get home I'll see if I can assist more. Meanwhile though since we know the problem it the format string isn't the solution just to correct that?
0
 
LVL 40

Expert Comment

by:evilrix
ID: 24316368
VC 6 did indeed catch structured exceptions but this was changed because it was not correct behavior. When I get home I'll see if I can assist more. Meanwhile though since we know the problem it the format string isn't the solution just to correct that?
0
 

Accepted Solution

by:
mogulza earned 0 total points
ID: 24316492
evilrix .. after further MSDN research I have found the fix !!!  _set_invalid_parameter_handler() resolves the problem.  Thanks for your input
0
 
LVL 40

Expert Comment

by:evilrix
ID: 24316771
>> _set_invalid_parameter_handler()
That's interesting because according to the docs, "Sets a function to be called when the CRT detects an invalid argument." of which CString.Format() isn't a part of (the CRT being the C Runtime). Anyway, further analysis show that the callstack goes into vswprintf_s, which is one of Microsoft's "secure" CRT functions and it seem this is the reason why the CRT invalid parameter handler is fired.

http://msdn.microsoft.com/en-us/library/wd3wzwts.aspx

0
 

Author Comment

by:mogulza
ID: 24322904
evilrix ... to answer a previous question of yours in this thread ... our software program allows users to specify a format string ... so when they enter an incorrect format, thats when things go wrong. Thanks again for your input
0
 
LVL 40

Expert Comment

by:evilrix
ID: 24322934
>> our software program allows users to specify a format string
Ah ok.

>> Thanks again for your input
No worries... sorry I couldn't give you an immediate answer but I was stuck on the train when you first posted your question :)
0
 
LVL 39

Expert Comment

by:itsmeandnobodyelse
ID: 24323390
>>>> our software program allows users to specify a format string ... so when they enter an incorrect format, thats when things go wrong. Thanks again for your input
That is very dangerous. The printf functionality - also used in the CString::Format) - is one of the main reasons for security leaks and process hijacking by malicious attackers. The problem is - beside of the crash issues which hardly can be handled - that wrong format statements may cause printf to overwrite stack addresses what can be used to process malicious code with the access rights of the current user. It is possible that the vswprintf_s behind CString::Format was secure regarding that issue but I wouldn't bet on it.
0
 
LVL 39

Expert Comment

by:itsmeandnobodyelse
ID: 24545211
>>>> Found it myself after further research

Please post your solution so that the thread can be PAQ'd.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will show you some of the more useful Standard Template Library (STL) algorithms through the use of working examples.  You will learn about how these algorithms fit into the STL architecture, how they work with STL containers, and why t…
C++ Properties One feature missing from standard C++ that you will find in many other Object Oriented Programming languages is something called a Property (http://www.experts-exchange.com/Programming/Languages/CPP/A_3912-Object-Properties-in-C.ht…
The viewer will learn how to use NetBeans IDE 8.0 for Windows to connect to a MySQL database. Open Services Panel: Create a new connection using New Connection Wizard: Create a test database called eetutorial: Create a new test tabel called ee…
The goal of the video will be to teach the user the difference and consequence of passing data by value vs passing data by reference in C++. An example of passing data by value as well as an example of passing data by reference will be be given. Bot…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question