Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1691
  • Last Modified:

VS2005 C++ CString::Format() crashed if invalid format specifier is used

A VS2005 release compiled program will crash on the Format instruction below.  Why?  Note the use of the letter O as opposed to the number 0 in the format specifier.

   CString cs;
   try
   {
      cs.Format("%2.Of",0); // as opposed to cs.Format("%2.0f",0);
   }
   catch (...)
   {
      // we neverget here
   }
0
mogulza
Asked:
mogulza
  • 6
  • 4
  • 2
1 Solution
 
evilrixSenior Software Engineer (Avast)Commented:
it's probably a Windows structured exception being thrown and not a C++ exception. A C++ exception handler cannot be used to catch a structured exception.
0
 
evilrixSenior Software Engineer (Avast)Commented:
it's probably a Windows structured exception being thrown and not a C++ exception. A C++ exception handler cannot be used to catch a structured exception.
0
 
mogulzaAuthor Commented:
Thanks evilrix.  The funny thing is that this does not happen with VS 6.0.  So Microsoft have changed the rules for VS2005.  Can you show me what code to use to catchthe exception?
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
mogulzaAuthor Commented:
evilrix .. have consulted MSDN and added SEH code (isong _set_se_translator) and this does not help.  Crash still happens .. which implies it is not a structured exception ..... ?
0
 
evilrixSenior Software Engineer (Avast)Commented:
VC 6 did indeed catch structured exceptions but this was changed because it was not correct behavior. When I get home I'll see if I can assist more. Meanwhile though since we know the problem it the format string isn't the solution just to correct that?
0
 
evilrixSenior Software Engineer (Avast)Commented:
VC 6 did indeed catch structured exceptions but this was changed because it was not correct behavior. When I get home I'll see if I can assist more. Meanwhile though since we know the problem it the format string isn't the solution just to correct that?
0
 
mogulzaAuthor Commented:
evilrix .. after further MSDN research I have found the fix !!!  _set_invalid_parameter_handler() resolves the problem.  Thanks for your input
0
 
evilrixSenior Software Engineer (Avast)Commented:
>> _set_invalid_parameter_handler()
That's interesting because according to the docs, "Sets a function to be called when the CRT detects an invalid argument." of which CString.Format() isn't a part of (the CRT being the C Runtime). Anyway, further analysis show that the callstack goes into vswprintf_s, which is one of Microsoft's "secure" CRT functions and it seem this is the reason why the CRT invalid parameter handler is fired.

http://msdn.microsoft.com/en-us/library/wd3wzwts.aspx

0
 
mogulzaAuthor Commented:
evilrix ... to answer a previous question of yours in this thread ... our software program allows users to specify a format string ... so when they enter an incorrect format, thats when things go wrong. Thanks again for your input
0
 
evilrixSenior Software Engineer (Avast)Commented:
>> our software program allows users to specify a format string
Ah ok.

>> Thanks again for your input
No worries... sorry I couldn't give you an immediate answer but I was stuck on the train when you first posted your question :)
0
 
itsmeandnobodyelseCommented:
>>>> our software program allows users to specify a format string ... so when they enter an incorrect format, thats when things go wrong. Thanks again for your input
That is very dangerous. The printf functionality - also used in the CString::Format) - is one of the main reasons for security leaks and process hijacking by malicious attackers. The problem is - beside of the crash issues which hardly can be handled - that wrong format statements may cause printf to overwrite stack addresses what can be used to process malicious code with the access rights of the current user. It is possible that the vswprintf_s behind CString::Format was secure regarding that issue but I wouldn't bet on it.
0
 
itsmeandnobodyelseCommented:
>>>> Found it myself after further research

Please post your solution so that the thread can be PAQ'd.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

  • 6
  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now