yang686526

purify errors in v1.10 dlls
purify errors in v1.10 dlls
hi there,
i've just upgraded our product to use dwgdirect v1.10. i use the dll versions of the libraries. we are now seeing random crashes in our tests. i've used purify on the test to spot potential errors and it has shown lots of abr (read beyond array bounds) errors. here's a sample report :
[e] abr: array bounds read in odtextiterator::nextchar(void) {208 occurrences}
reading 1 byte from 0x084b94ed (1 byte at 0x084b94ed illegal)
address 0x084b94ed is 1 byte past the end of a 45 byte block at 0x084b94c0
address 0x084b94ed points to a c++ new block
thread id: 0x2a0
error location
odtextiterator::nextchar(void) [odtextiterator.cpp:418]
odtextiterator::convertfromdxf(char const*,odcodepageid,odfont *,odfont *) [odtextiterator.cpp:621]
odxdataiterator::dxfinitem(oddbdxffiler *) [xdataiterator.cpp:316]
oddbobjectimpl::dxfinxdata(oddbdxffiler *) [dbobject.cpp:1604]
oddbobject::dxfin(oddbdxffiler *) [dbobject.cpp:887]
oddbdxfloader::loadobject(dword) [dbdxfloader.cpp:987]
oddbdxfloader::loadblocks(void) [dbdxfloader.cpp:632]
oddbdxfloader::loaddrawing(void) [dbdxfloader.cpp:226]
oddbdxfloader::enddbloading(void) [dbdxfloader.cpp:95]
oddbdatabase::closeinput(void) [dbdatabaseload.cpp:503]
allocation location
new(uint) [afxmem.cpp:317]
odstring::allocbuffer(int) [odstring.cpp:1085]
odstring::concatcopy(int,char const*,int,char const*) [odstring.cpp:1272]
odstring::concatinplace(int,char const*) [odstring.cpp:1321]
odstring::+=(char) [odstring.cpp:1344]
oddbasciidxffilerimpl::readnext(void) [dbfilerimpl.cpp:1415]
oddbasciidxffilerimpl::readnext(void) [dbfilerimpl.cpp:1479]
oddbasciidxffilerimpl::currentgroupcode(void) [dbfilerimpl.cpp:1442]
oddbasciidxffilerimpl::atendofobject(void) [dbfilerimpl.cpp:1087]
oddbobjectimpl::dxfinxdata(oddbdxffiler *) [dbobject.cpp:1602]
breaking in the assembly code when the crash happens shows that the error is happening in dd_db.dll and i can see that it is trying to read one byte past the end of an array. if this is a valid address then the program survives, if it's an invalid address then the program dies.
the instruction that causes the error is at an offset of 26eb7e from the start of the dll. this loads into 0x0067eb7e when the program is running.
this is a fairly major problem for us because it is causing random crashes.
are you using dd dlls from borland?
sergey slezkin
no - they're the ms compiler dlls
is your platform msvc 6?
sergey slezkin
yes - i'm using msvc6
dwgdirect dlls are supposed to work with msvc projects with non-default struct member alignment but maybe something got broken.
try to set it to 8 in your project.
sergey slezkin
hello,
the struct alignment value is always set to 8 when we compile our code.
we believe that the purify report seems to shows that the code is trying to read the 46th character of a newed array of only 45 characters on line 418 of odtextiterator.cpp.
checking register values in the debugger shows that the code is definitely reading past the end of the array - sometimes from an invalid address.
could you post or e-mail me the dxf file you used in your test (showing results above)?
sergey slezkin
hi,
there should be a file attached to this post. i got similar purify results from most of the files that my unit tests read.
attached files (56.5 kb, 3 views)

thanks. we'll check the file you posted. but have you upgraded to 1.10 or 1.10 update? similar problem was fixed between 1.10 and 1.10 update releases.
sergey slezkin
sorry, i didnt know there was an update - i'm still using the original version 1.10. i'll download the update and see what results i get.
hi there,
i've rebuilt our applicaton using the version 1.10 update libs/dlls and rerun our unit tests. purify now reports no abrs and i cant reproduce the crashes. sorry to have wasted your time.