vncViewer 1.2.4.0 ABORT on CHAT

Developers may discuss here.

vncViewer 1.2.4.0 ABORT on CHAT

Postby splintercode » 2020-02-13 11:30

The CHAT function on release 1.2.4.0 cause the vncviewer to abort!

I have started from the latest source dated 10 february 21:09:16 from cyberfox123 - internal update projectfiles for new signing.

Compiled with vstudio 2017.

When I try to use CHAT, VncViewer go in abort.

Debugging, the code stop on the end of the TextChar:DoDialog

int TextChat::DoDialog()
{
return DialogBoxParam(pApp->m_instance, DIALOG_MAKEINTRESOURCE(IDD_TEXTCHAT_DLG),
NULL, (DLGPROC) TextChatDlgProc, (LONG_PTR) this);
}

The exception say:

Exception thrown at 0x77C2815A (ntdll.dll) in vncviewer.exe: 0xC0000005: access violation while reading the path 0xFEFEFEAE.

I have no problem during the compilation, so I think that my development environment is ok.

Thank you.
splintercode
8
8
 
Posts: 13
Joined: 2010-09-10 14:46

Re: vncViewer 1.2.4.0 ABORT on CHAT

Postby Rudi De Vos » 2020-02-19 20:10

Hard to tell, you should check the callstack.
Possible something goes wrong during initialization, but nit reoeatable on test pc.

Code: Select all
BOOL CALLBACK TextChat::TextChatDlgProc(  HWND hWnd,  UINT uMsg,  WPARAM wParam, LPARAM lParam )
{
    TextChat *_this = helper::SafeGetWindowUserData<TextChat>(hWnd);

   switch (uMsg)
   {

   case WM_INITDIALOG:
Rudi De Vos
Admin & Developer
Admin & Developer
 
Posts: 6108
Joined: 2004-04-23 10:21

Re: vncViewer 1.2.4.0 ABORT on CHAT

Postby kalkal82 » 2020-03-09 07:16

Hi

We also face the same problem in UVNC Viewver new version.

It seems there is something wrong with simultaneous running of the following methods:

1- _this->SendTextChatRequest(CHAT_OPEN); ====> in case WM_INITDIALOG: =====> BOOL CALLBACK TextChat::TextChatDlgProc(HWND hWnd ... method
2- ReadScreenUpdate(); ====> void* ClientConnection::run_undetached(void* arg)

if we omit the _this->SendTextChatRequest method in BOOL CALLBACK TextChat::TextChatDlgProc(HWND hWnd ... method, the exception vanishes.

Maybe the mutual exclusion condition in WriteExact method is violated or something else. I don't know.

The new original source downloaded from the uvnc website also has the problem in chat section without any modification.
kalkal82
 
Posts: 1
Joined: 2019-11-13 10:51

Re: vncViewer 1.2.4.0 ABORT on CHAT

Postby splintercode » 2020-03-11 13:57

Hello,

I have tried to comment the call to _this->SendTextChatRequest(CHAT_OPEN); but unfortunately the CHAR cause the ABORT.

I have tried to debug in single step, but VNCViewer go in ABORT on various part of the code

sometime on this memset( &cf, 0, sizeof(CHARFORMAT) ); // Initialize structure
Code: Select all
void TextChat::SetTextFormat(bool bBold /*= false */, bool bItalic /*= false*/
   , long nSize /*= 0x75*/, const char* szFaceName /*= "MS Sans Serif"*/, DWORD dwColor /*= BLACK*/)
{
   if ( GetDlgItem( m_hDlg, IDC_CHATAREA_EDIT ) )  //  Sanity Check
   {      
      CHARFORMAT cf;
               memset( &cf, 0, sizeof(CHARFORMAT) ); //  Initialize structure


other on strlen, here for (; !last_reached<Mode>(it, last) && *it != '\0'; ++it)
Code: Select all
template <strnlen_mode Mode, typename Element>
_Check_return_
_When_(maximum_count > _String_length_(string), _Post_satisfies_(return == _String_length_(string)))
_When_(maximum_count <= _String_length_(string), _Post_satisfies_(return == maximum_count))
static __forceinline size_t __cdecl common_strnlen_c(
    Element const* const string,
    size_t         const maximum_count
    ) throw()
{
    Element const* const last = string + maximum_count;
    Element const*       it   = string;

for (; !last_reached<Mode>(it, last) && *it != '\0'; ++it)

    {
    }

    return static_cast<size_t>(it - string);


It seems that one thread that dirties the heap....
splintercode
8
8
 
Posts: 13
Joined: 2010-09-10 14:46

Re: vncViewer 1.2.4.0 ABORT on CHAT

Postby splintercode » 2020-03-11 15:57

Hello,

Finally, I have corrected.

I have changed the call to _snprintf on the TextChatDlgProc(), case WM_INITDIALOG

Code: Select all
BOOL CALLBACK TextChat::TextChatDlgProc(  HWND hWnd,  UINT uMsg,  WPARAM wParam, LPARAM lParam )
{
    TextChat *_this = helper::SafeGetWindowUserData<TextChat>(hWnd);

   switch (uMsg)
   {

   case WM_INITDIALOG:
......

this is the correction:
Code: Select all
         // ORIGINAL CODE
         // if (_snprintf_s(_this->m_szRemoteName, TEXTMAXSIZE, MAXNAMESIZE-1,"%s", _this->m_pCC->m_desktopName) < 0 )

         // MY CORRECTION; on the 2nd parameter of _snprintf used MAXNAMESIZE (128) instead of TEXTMAXSIZE(16384)
         if (_snprintf_s(_this->m_szRemoteName, MAXNAMESIZE, MAXNAMESIZE - 1, "%s", _this->m_pCC->m_desktopName) < 0)


On my system the chat is OK now.

Someone can check and test this correction on his computer?

Thank you.
splintercode
8
8
 
Posts: 13
Joined: 2010-09-10 14:46

Re: vncViewer 1.2.4.0 ABORT on CHAT

Postby splintercode » 2020-03-12 10:33

Hi to all,

I have verified that the code from

Code: Select all
         if (_snprintf(_this->m_szRemoteName,MAXNAMESIZE-1,"%s", _this->m_pCC->m_desktopName) < 0 )


on 20 of august of 2019 has been modified with this:

Code: Select all
         if (_snprintf_s(_this->m_szRemoteName, TEXTMAXSIZE, MAXNAMESIZE-1,"%s", _this->m_pCC->m_desktopName) < 0 )


Because TEXTMAXSIZE is equal to 16384
Code: Select all
#define TEXTMAXSIZE 16384


while MAXNAMESIZE is equal 128
Code: Select all
#define MAXNAMESIZE   128


the call to _snprintf_s generate an exception.

for me, this is the correct code:
Code: Select all
         if (_snprintf_s(_this->m_szRemoteName, MAXNAMESIZE, MAXNAMESIZE - 1, "%s", _this->m_pCC->m_desktopName) < 0)


How can I advise the maintainer of the code?

Thank you.
splintercode
8
8
 
Posts: 13
Joined: 2010-09-10 14:46

Re: vncViewer 1.2.4.0 ABORT on CHAT

Postby Neustradamus » 2020-04-05 01:49

@Rudi De Vos: Any news?
Neustradamus
20
20
 
Posts: 35
Joined: 2011-03-26 20:22


Return to Developer discussions (mainly user-mode)

Who is online

Users browsing this forum: No registered users and 2 guests