Re: Crasher

Subject: Re: Crasher
From: Mike Nordell (
Date: Thu Sep 27 2001 - 08:32:02 CDT

Randy Kramer wrote:
> > you didn't specify what address the pgm tried to access).
> Oops, sorry -- next time.

No worries.

> Just to clarify things for myself, I'm assuming that anywhere there is
> an instruction like "ecx,dword ptr [eax+28h]" there is a crash waiting
> to happen?

Not at all. But, if eax (a CPU register) is loaded with an invalid pointer
(such as NULL) then this will crash.

To try to explain. Using the MSVC compiler, a piece of code such as:

    something_t* pSomething = getSometPtr();
    int some_int = pSomething->getSomeInt();

and assuming getSomeInt() is an inlined function, it generates assembler
code like:

    [... allocate space for some_int on the stack]
    call getSomePtr
    move some_int, [eax+XXh]

where XXh is the hexadecimal offset of the member from the beginning of the
type something_t.

So long as getSomePtr() returns a valid pointer to a something_t object all
is fine. But if getSomePtr() for some reason returen e.g. NULL, and the
client code doesn't check for NULL pointer, then it's a crash waiting to

> Is there a way to search the entire AbiWord codebase with some regular
> expression to find all the instances of the C++ code that causes the
> problem? (I'm guessing there are some others.)

No. Problems like this can surface anywhere you use a pointer and isn't
checking for validity.


This archive was generated by hypermail 2b25 : Thu Sep 27 2001 - 08:32:34 CDT