Comments (10)
ariccio
commented on May 14, 2024
(I'm pretty sure that) The problem is that the buffer is NOT correctly null-terminated.
from notepad-plus-plus.
rakekniven
commented on May 14, 2024
Can confirm this too. Just upgraded from 6.7.5 to 6.7.7 and being unable to select cloud option.
from notepad-plus-plus.
ariccio
commented on May 14, 2024
My attempt at explaining this bug:
https://www.youtube.com/watch?v=D-mmjUhVDP8
It's actually fairly obvious if you run static analysis.
from notepad-plus-plus.
ariccio
commented on May 14, 2024
What makes it really bad, is that there's a:
} catch (...) {
//printStr(TEXT("JsonCpp exception captured"));
}
block, which via SEH catches the access violation, and thus "can cause process corruption and lead to bugs that are hard to find and fix" makes Notepad++ more reliable.
Those kinds of "catch-all exceptions" blocks are in 12 places in Notepad++, eleven of which swallow the exception and continue, which silently corrupts the user's data makes life easier for users.
from notepad-plus-plus.
donho
commented on May 14, 2024
@Arbitel & @rakekniven
I'm working on fixing this issue.
from notepad-plus-plus.
ariccio
commented on May 14, 2024
Changing:
int base64ToAscii(char* dest, const char* base64Str)
to:
int base64ToAscii(_Post_z_ _Post_readable_size_( return ) char* dest, _In_z_ const char* base64Str)
...and applying my static analysis patch, yields:
C6054 Zero termination missing
String 'dest' might not be zero-terminated
812 This expression may not zero-terminate 'dest'
841 Skip this loop, (assume 'i<nbLoop' is false)
880 Skip this branch, (assume 'padd==b64_1padded' is false)
883 Skip this branch, (assume 'padd==b64_2padded' is false)
812 'dest' should be zero-terminated but may not be
For reference: C6054
Sure enough, if I set a breakpoint at line 887, and Start Debugging:
ignore the message in the output window that's bitching about allocating executable memory.
...and the string is not null-terminated, in exactly those conditions!
from notepad-plus-plus.
ariccio
commented on May 14, 2024
See: https://github.com/donho/notepad-plus-plus/pull/37
from notepad-plus-plus.
donho
commented on May 14, 2024
@ariccio If you were you, I would try to reproduce the bug, instead shooting (or shouting :) ) in the dark.
The bug has been fixed and the fix will be in the next release.
from notepad-plus-plus.
chadleong
commented on May 14, 2024
@donho Hmm, apparently it is still broken in 6.7.8.1
from notepad-plus-plus.
ariccio
commented on May 14, 2024
Proof that denying an issue doesn't make it go away.
from notepad-plus-plus.
Related Issues (20)
- [BUG] File inaccessible HOT 5
- [BUG] Neither [[:upper:]] nor [[:lower:]] function without ‘Match case’ selected HOT 1
- [BUG] fold_in folds to much !
- [BUG] Clear All Marks Has Different Behavior HOT 1
- [Feature request] Remove horizontal white space HOT 1
- [BUG] Multi-editing not showing multiple cursors HOT 4
- [Feature request] More than one bookmark color HOT 2
- [BUG] Custom draw not working in TreeView controls inside plugins
- Issue with Foxpro for DOS
- [BUG] Verical Edge Incorrect HOT 4
- [BUG] Lua: cannot add additional styles HOT 1
- [BUG] "In all sub-folders" when searching does not go through all sub-folders HOT 3
- Use DIR_O in nppSpecifics.mak properly
- Feature Request: Adding Strike-Through Option for Lines HOT 2
- Try don't use the REST API to get PR message in CI build
- [Feature request] Add user-defined tag or attribute names to HTML parser
- [BUG] No file/tab to "left" or "right" when using Document List
- [BUG] Improper item enabling when "Close Multiple Documents" menu is shown
- [BUG] Find & Replace dialog vertical resize arrows
- [Feature request] Simplify Macro warning message on upgrade
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from notepad-plus-plus.