Opened 15 years ago

Last modified 15 years ago

#5596 closed bug

BMessage::PrintToStream() can crash — at Version 4

Reported by: jackburton Owned by: axeld
Priority: normal Milestone: R1
Component: Kits/Application Kit Version: R1/Development
Keywords: Cc:
Blocked By: Blocking:
Platform: All

Description (last modified by jackburton)

This can be reproduced by adding a string, an int32 and an int8 (in that order) to a BMessage and then calling PrintToStream().

Change History (5)

by jackburton, 15 years ago

Attachment: backtrace.png added

comment:1 by stippi, 15 years ago

I think I've fixed a similar bug recently. It should probably use the field data length instead of letting vprintf figure out the length, if something is not terminated.

comment:2 by jackburton, 15 years ago

The culprit seems to be the following code in BMessage::_PrintToStream()

case B_STRING_TYPE:
  printf("string(\"%.*s\", %ld bytes)\n", (int)size,
     (char *)pointer, (long)size);
  break;

Which is already correct, though: it uses the passed size to print the string. Maybe something becomes corrupt.

in reply to:  2 comment:3 by jackburton, 15 years ago

Replying to jackburton:

Which is already correct, though: it uses the passed size to print the string. Maybe something becomes corrupt.

Reproducible with the following test case:

Add a string, an int32 and an int8 (in that order) to a BMessage and call PrintToStream().

comment:4 by jackburton, 15 years ago

Description: modified (diff)
Summary: calling BMessage::PrintToStream() on an archived BPicture causes a crashBMessage::PrintToStream() can crash
Note: See TracTickets for help on using tickets.