View Issue Details

IDProjectCategoryView StatusLast Update
0002836Ham Radio DeluxeBugpublic2018-09-11 13:18
ReporterK7ZCZ 
Assigned ToK7ZCZ 
PrioritynormalSeverityminorReproducibilityhave not tried
Status closedResolutionfixed 
Product Version6.4.0.873 
Target VersionFixed in Version6.4.0.886 
Summary0002836: Logbook: buffer overrun in Databases Manager code causes crash
DescriptionThe Microsoft Dev Dashboard reports that code in the Databases Manager implementation causes crashes due to buffer overflows. The CDatabasesManager::EnumHRDODBC() implementation is very sloppy with string length management, and has several string manipulations which use stack-allocated fixed-length strings. This is antithetical to C++ best practice, which dictates that unknown strings be dynamically allocated for processing. Further, most of the involved Windows APIs make it easy to measure the strings in question to get a known length.

I've got no specific repro steps, but it's clear that customers are hitting this from the stacks available on the Dashboard. Looks like this problem accounts for a little bit more than 1% of the reported crashes we see. A resolved stack involving build 873 is attached in a spreadsheet. This problem crashes the logbook at startup (as we can see from InitInstance() in the call stack) and probably causes the logbook to fail at startup -- it won't load an run.

TagsNo tags attached.
ModuleLogbook
Sub-ModuleData
Testing Beta Successful

Relationships

Activities

K7ZCZ

2018-08-11 10:26

manager   ~0005963

This shelfset is available with a fix
https://hrdsoftware.visualstudio.com/HRD/_versionControl/shelveset?ss=Databases%20Manager%20buffer%20overrun%20%282836%29%3Bmikeblas%40msn.com

K7ZCZ

2018-08-13 09:46

manager   ~0005969

Sorry, forgot to attach the spreadsheet with the stack from Dev Center. Here it is.

Mantis2836Stack.xlsx (13,533 bytes)

K7ZCZ

2018-08-15 07:05

manager   ~0005977

This fix is checked in
https://hrdsoftware.visualstudio.com/HRD/_versionControl/changeset/4280

WA9PIE

2018-09-07 16:56

administrator   ~0006119

Unable to test. Accepting this as validated; developer managed topic.

Issue History

Date Modified Username Field Change
2018-08-11 09:41 K7ZCZ New Issue
2018-08-11 10:26 K7ZCZ Note Added: 0005963
2018-08-13 09:46 K7ZCZ File Added: Mantis2836Stack.xlsx
2018-08-13 09:46 K7ZCZ Note Added: 0005969
2018-08-15 07:05 K7ZCZ Assigned To => K7ZCZ
2018-08-15 07:05 K7ZCZ Status new => resolved
2018-08-15 07:05 K7ZCZ Resolution open => fixed
2018-08-15 07:05 K7ZCZ Note Added: 0005977
2018-08-29 18:40 K7ZCZ Fixed in Version => 6.4.0.877
2018-09-07 16:56 WA9PIE Status resolved => closed
2018-09-07 16:56 WA9PIE Description Updated View Revisions
2018-09-07 16:56 WA9PIE Testing Not Started => Beta Successful
2018-09-07 16:56 WA9PIE Note Added: 0006119
2018-09-11 13:15 WA9PIE Project 3 - Current Dev List => Ham Radio Deluxe
2018-09-11 13:18 WA9PIE Fixed in Version 6.4.0.877 => 6.4.0.886