Access violation error
in [MFC]
|
Prev: CHtmlView
Next: using MXXMLWriter to pretty print xml
From: Joseph M. Newcomer on 6 Jul 2007 10:21 See below... On Fri, 6 Jul 2007 04:32:00 -0700, karim <karim(a)discussions.microsoft.com> wrote: >Hi All, >i have the following code in my cpp file >************************************************** >int i = 0; > >char *passwordToEncrypt = "080000151F6ECF67"; ***** CString passwordToEncrypt = _T("08,,,67"); **** >char *encpwd8 = NULL; >char *encpwd16 = NULL; > >//if i uncomment below line,then it throwing access violation error during >runtime >//i = 0605; > >int l = E3Des(passwordToEncrypt, encpwd8, encpwd16, &i); > >**************************************************** > >the method "E3Des" is defined in a dll and it is linked. so no compilation >errors:-). i have only runtime error. **** I suppose that the method E3Des is defined somewhere, but you know, without TELLING US what that definition is, we have no chance of analyzing what is going on here. Would it have inconvenienced you too much to have told us what its prototype is and what it is supposed to do? For example, if it is defined as E3Des(char * passwordToEncrypt, char * & encpwd8, wchar_t * & encpwd16, int *something) that would be quite different from the specification I suspect it might be, which is E3Des(char * passwordToEncrypt, char * encpwd8, wchar_t * encpwd16, int * something); without knowing the meaning of the parameter, how are we supposed to guess what is going on here? Of course, if you are somehow magically expecting that it is going to be able to write to NULL pointers, you are going to be disappointed; I did not see you doing any allocation of space to initialize those pointers. When posing questions, it is essential to give appropriate specifications of what is going on. joe ***** > >can anybody help me out. > >Thanks, >karimulla. > Joseph M. Newcomer [MVP] email: newcomer(a)flounder.com Web: http://www.flounder.com MVP Tips: http://www.flounder.com/mvp_tips.htm
From: Mihajlo Cvetanovic on 6 Jul 2007 10:46 karim wrote: > i don't have any problem with above parameter. i got error when i pass +ve > value to "i" variable. The i parameter seems to be some kind of flag that indicates what to do with the rest of parameters. If i==0 then the function probably does nothing, and the value l should indicate that, but if i==0605 then the function tries to do something with three buffers, two of which point to NULL. For i==0605 these encpwd8 and encpwd16 should probably point to some buffers large enough to hold appropriate result. We don't know what is "appropriate size" for these buffers, but you should know. So, the code should maybe look like this: const char *passwordToEncrypt = "080000151F6ECF67"; char encpwd8[LARGE_ENOUGH_8]; char encpwd16[LARGE_ENOUGH_16]; i = 0605; int l = E3Des(passwordToEncrypt, encpwd8, encpwd16, &i);
From: Doug Harrison [MVP] on 6 Jul 2007 11:09 On Fri, 6 Jul 2007 04:32:00 -0700, karim <karim(a)discussions.microsoft.com> wrote: >Hi All, >i have the following code in my cpp file >************************************************** >int i = 0; > >char *passwordToEncrypt = "080000151F6ECF67"; >char *encpwd8 = NULL; >char *encpwd16 = NULL; > >//if i uncomment below line,then it throwing access violation error during >runtime >//i = 0605; > >int l = E3Des(passwordToEncrypt, encpwd8, encpwd16, &i); > >**************************************************** > >the method "E3Des" is defined in a dll and it is linked. so no compilation >errors:-). i have only runtime error. > >can anybody help me out. Without knowing how E3Des uses i, it's hard to say, but I hope you realize that 0605 is an octal integer literal equal to decimal 389 and hex 0x185. -- Doug Harrison Visual C++ MVP
From: Joseph M. Newcomer on 6 Jul 2007 15:59 And it surely serves some purpose, unknown and unknowable to us. Is it the seed of a key? Is it a count of buffer sizes? For example, it might be the case that if it set to 0 and the function is called, the function returns the value of the buffer sizes without doing any conversion; you would then have to allocate the buffers of the indicated size, and call it again with a nonzero size. In that case, calling with an initial nonzero size and passing in two uninitialized buffer pointers would certainly cause an access violation, and this would be no real surprise. Of course, we are somehow supposed to know the specifications of this undefined function... joe On Fri, 06 Jul 2007 10:09:08 -0500, "Doug Harrison [MVP]" <dsh(a)mvps.org> wrote: >On Fri, 6 Jul 2007 04:32:00 -0700, karim <karim(a)discussions.microsoft.com> >wrote: > >>Hi All, >>i have the following code in my cpp file >>************************************************** >>int i = 0; >> >>char *passwordToEncrypt = "080000151F6ECF67"; >>char *encpwd8 = NULL; >>char *encpwd16 = NULL; >> >>//if i uncomment below line,then it throwing access violation error during >>runtime >>//i = 0605; >> >>int l = E3Des(passwordToEncrypt, encpwd8, encpwd16, &i); >> >>**************************************************** >> >>the method "E3Des" is defined in a dll and it is linked. so no compilation >>errors:-). i have only runtime error. >> >>can anybody help me out. > >Without knowing how E3Des uses i, it's hard to say, but I hope you realize >that 0605 is an octal integer literal equal to decimal 389 and hex 0x185. Joseph M. Newcomer [MVP] email: newcomer(a)flounder.com Web: http://www.flounder.com MVP Tips: http://www.flounder.com/mvp_tips.htm
From: Joseph M. Newcomer on 6 Jul 2007 16:46
See below... On Fri, 6 Jul 2007 05:38:04 -0700, karim <karim(a)discussions.microsoft.com> wrote: >hi David, > >"David Wilkinson" wrote: > >> karim wrote: >> > Hi All, >> > i have the following code in my cpp file >> > ************************************************** >> > int i = 0; >> > >> > char *passwordToEncrypt = "080000151F6ECF67"; >> > char *encpwd8 = NULL; >> > char *encpwd16 = NULL; >> > >> > //if i uncomment below line,then it throwing access violation error during >> > runtime >> > //i = 0605; >> > >> > int l = E3Des(passwordToEncrypt, encpwd8, encpwd16, &i); >> > >> > **************************************************** >> > >> > the method "E3Des" is defined in a dll and it is linked. so no compilation >> > errors:-). i have only runtime error. >> > >> > can anybody help me out. >> >> karimulla: >> >> What is the declaration of E3Des()? Does it modify the first parameter? >see the declaration below >int E3Des(char *Passwd_en_Claro, char *Passwd_Encriptado8, char* >Passwd_Encriptado16, int *version); **** Of course, this actually says NOTHING about whether or not the first parameter is modified; far too many programmers are sloppy about the use of the word const in specifying parameters (generally, these are the same programmers who think 'char *' is still a data type that should be used for general-purpose programming, as opposed to LPTSTR or LPCTSTR). So it is entirely possible that a CORRECT declaration might have been int E3Des(const char * Passwd_en_Claro, char * Passwd_Encriptado8, char * Passwd_Encriptado16, int * version); I had hypothesized something about the last argument being a possible buffer count, but a key here is that we have not yet actually seen a specification of what is going on here, but my suspiction is that it expects that valid pointers are passed in for the second and third parameters, which is not happening here. If the version is given as 0, it probably rejects the operation and returns 0, quite possibly calling ::SetLastError, or alternatively, returning a negative number, but of course lacking any concept of what this function is really supposed to do to its arguments or what its return type is makes it difficult to infer what is going on or suggest alternative approaches. Why is the version number a pointer? Is it changed on completion of the function? What is it changed to, and why? I can see that you might have something that takes a (and shades of retrocomputing) an octal version number 0605 representing version 6.05, and returns an updated value, such as 0622, meaning the function could support features in the 6.22 release, but why octal? As far as I know, the last byte-oriented machine to use octal was the PDP-11. (Although the failure to use const and the assumption of 8-bit characters suggests the coder has not progressed beyond PDP-11 C) I suspect it is uninitialized pointers caused by someone who doesn't understand the C language trying to write code, and who is calling a function written by someone who doesn't understand either C or modern programming practice. In addition to the abuse of the data type 'char', as if characters are really only 8 bits wide all the time everywhere, and the likely omission of the 'const' on the first parameter, DO YOU SEE A BUFFER LENGTH BEING PASSED IN? Of course not! We have here a security function designed to create security holes! Buffer overrun! This looks like it was written by someone who learned C programming from the K&R book. ***** >and it doesn't modify the first parameter. **** So why is the first parameter not declared 'const'???? The function definition is, to put it mildly, the result of slovenly programming. **** >> It would seem that it does. In that case you must pass it a modifiable >> character string >> >> char passwordToEncrypt[1024] = "080000151F6ECF67"; >> >> (assuming that 1024 is long enough). >> >> Additional point: when you assign a string literal to a char pointer you >> should always write >> >> const char *passwordToEncrypt = "080000151F6ECF67"; >i don't have any problem with above parameter. i got error when i pass +ve >value to "i" variable. >> Then the compiler will stop you from passing it to a function that will >> modify the string (i.e. one that takes char* as argument). >> >> -- >> David Wilkinson >> Visual C++ MVP >> >-karimulla. Joseph M. Newcomer [MVP] email: newcomer(a)flounder.com Web: http://www.flounder.com MVP Tips: http://www.flounder.com/mvp_tips.htm |