View Issue Details

IDProjectCategoryView StatusLast Update
0002837Ham Radio DeluxeBugpublic2018-09-11 13:18
ReporterPD9FER 
Assigned ToK7ZCZ 
PrioritynormalSeverityminorReproducibilityunable to reproduce
Status closedResolutionfixed 
Product Version 
Target VersionFixed in Version6.4.0.886 
Summary0002837: Logbook Crash connecting to Cluster (Access Database)
DescriptionWhen connecting to the DX Cluster Logbook crashes and generates a minidump.
Steps To ReproduceNot able to rep.
 
Additional InformationWent in remote with customer, did clean install and also reinstalled the Access and Visual C++ runtimes.
Looks similar to Mantis 0002808 and maybe 0002735

TagsNo tags attached.
ModuleLogbook
Sub-ModuleDX Cluster
Testing Beta Successful

Relationships

Activities

PD9FER

2018-08-13 08:41

viewer   ~0005968

Dump file added in corresponding Dump folder

K7ZCZ

2018-08-13 19:31

manager   ~0005971

This dump has nothing in common with 2808 or 2735.

The dump is produced by build 873 of the Logbook. The three dumps in the RAR file are created each several minutes apart. The third file is a full dump, so let's focus on that one. The call stack in the crashes is the same, and given here:

0:029> .ecxr
eax=18befcc8 ebx=172cae78 ecx=00000000 edx=00000000 esi=00000016 edi=00000000
eip=760fddc2 esp=18befcc8 ebp=18befd24 iopl=0         nv up ei pl zr na pe nc
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00000246
KERNELBASE!RaiseException+0x62:
760fddc2 8b4c2454        mov     ecx,dword ptr [esp+54h] ss:002b:18befd1c=08a78be3
0:029> kb
  *** Stack trace for last set context - .thread/.cxr resets it
 # ChildEBP RetAddr  Args to Child              
00 18befd24 0022adde 00000000 00000000 00000000 KERNELBASE!RaiseException+0x62
01 18befd38 00374add 00000000 00000000 00000000 HRDLogbook!CHRDMiniDumper::InvalidParameterHandler+0xe [c:\ham radio\hrdcommon\hrdminidumper.cpp @ 213] 
02 18befd50 00370293 717d5018 00000017 00000000 HRDLogbook!_invalid_parameter_noinfo+0xc [f:\dd\vctools\crt\crtw32\misc\invarg.c @ 96] 
03 18befd64 00370321 18befdb4 172cae78 00000000 HRDLogbook!_wcstombs_s_l+0x56 [f:\dd\vctools\crt\crtw32\convert\wcstombs.c @ 320] 
04 18befd84 0074e553 18befdb4 172cae78 00000000 HRDLogbook!wcstombs_s+0x19 [f:\dd\vctools\crt\crtw32\convert\wcstombs.c @ 382] 
05 18bfff04 749a8484 058daccc 749a8460 00b5c3c0 HRDLogbook!WorkerThread+0x4b3 [c:\ham radio\logbook\hrdlogbook\dxclusterdlgconnect.cpp @ 376] 
06 18bfff18 77dd2fea 058daccc c792a874 00000000 kernel32!BaseThreadInitThunk+0x24
07 18bfff60 77dd2fba ffffffff 77deec12 00000000 ntdll!__RtlUserThreadStart+0x2f
08 18bfff70 00000000 0074e0a0 058daccc 00000000 ntdll!_RtlUserThreadStart+0x1b


We can see that the WorkerThread() function in the DXClusterDlgConnect implementation has called wcstombs_s() with a bogus parameter, which throws a security exception and shuts down the application.

Dumping the call stack with aparameters shows the string that the code was trying to convert:

0:029> kp
  *** Stack trace for last set context - .thread/.cxr resets it
 # ChildEBP RetAddr  
00 18befd24 0022adde KERNELBASE!RaiseException+0x62
01 18befd38 00374add HRDLogbook!CHRDMiniDumper::InvalidParameterHandler(wchar_t * __formal = 0x00000000 "", wchar_t * __formal = 0x00000000 "", wchar_t * __formal = 0x00000000 "", unsigned int __formal = 0, unsigned int __formal = 0x370293)+0xe [c:\ham radio\hrdcommon\hrdminidumper.cpp @ 213] 
02 18befd50 00370293 HRDLogbook!_invalid_parameter_noinfo(void)+0xc [f:\dd\vctools\crt\crtw32\misc\invarg.c @ 96] 
03 18befd64 00370321 HRDLogbook!_wcstombs_s_l(unsigned int * pConvertedChars = 0x18befdb4, char * dst = 0x172cae78 "h???", unsigned int sizeInBytes = 0, wchar_t * src = 0x717d5018 "L’opération a réussi...", unsigned int n = 0x17, struct localeinfo_struct * plocinfo = 0x00000000)+0x56 [f:\dd\vctools\crt\crtw32\convert\wcstombs.c @ 320] 
04 18befd84 0074e553 HRDLogbook!wcstombs_s(unsigned int * pConvertedChars = 0x18befdb4, char * dst = 0x172cae78 "h???", unsigned int sizeInBytes = 0, wchar_t * src = 0x717d5018 "L’opération a réussi...", unsigned int n = 0x17)+0x19 [f:\dd\vctools\crt\crtw32\convert\wcstombs.c @ 382] 
05 18bfff04 749a8484 HRDLogbook!WorkerThread(void * WorkContext = 0x058daccc)+0x4b3 [c:\ham radio\logbook\hrdlogbook\dxclusterdlgconnect.cpp @ 376] 
06 18bfff18 77dd2fea kernel32!BaseThreadInitThunk+0x24
07 18bfff60 77dd2fba ntdll!__RtlUserThreadStart+0x2f
08 18bfff70 00000000 ntdll!_RtlUserThreadStart+0x1b
0:029> db 717d5018
717d5018  4c 00 19 20 6f 00 70 00-e9 00 72 00 61 00 74 00  L.. o.p...r.a.t.
717d5028  69 00 6f 00 6e 00 20 00-61 00 20 00 72 00 e9 00  i.o.n. .a. .r...
717d5038  75 00 73 00 73 00 69 00-2e 00 0d 00 0a 00 00 00  u.s.s.i.........
717d5048  00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00  ................
717d5058  00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00  ................
717d5068  00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00  ................
717d5078  00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00  ................
717d5088  00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 


We have the French-language string "L’opération a réussi", which means "the operation was successful". The code is trying to convert this localized string from a wide-character string to a multi-byte string. The code that does so looks like this:

BOOL HandleIncomingData(const WCHAR* pBuffer)
{
    size_t len = wcslen(pBuffer);
    size_t size;

    wcstombs_s(&size, NULL, 0, pBuffer, len);
    LPSTR lpPtr = new CHAR[size + 1];
    wcstombs_s(&size, lpPtr, size, pBuffer, len);
    BOOL bResult = HandleIncomingData((UCHAR *)lpPtr);
    delete[] lpPtr;

    return bResult;
}


The return value from wcstombs_s is ignored, which is unfortunate: it returns an error indicating that the string can't be converted to MBCS in the current code page. The size value is set to 0, so the second call to wcstombs_s() throws the exception because the output buffer has a maximum size of zero characters. The string comes from GetLastErrorMessage(), which uses MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT) to get the user's default langauge. But the CRTL isn't set to use that same default language, so the string can't be properly converted and the error results.

Worse, if the code were working, it would be telling the user "The operation succeeded". That's not an error, so something is wrong in the ReadFile() loop which calls this function.





K7ZCZ

2018-08-19 15:08

manager   ~0005984

fixed with this checkin
https://hrdsoftware.visualstudio.com/HRD/_versionControl/changeset/4288

PD9FER

2018-09-10 00:20

viewer   ~0006162

Contacted Customer from Ticket# 680720
Waiting for confirmation.

PD9FER

2018-09-10 01:26

viewer   ~0006163

Customer sent a reply.
He's not available during the coming week...
So can't verify.

g3ucq

2018-09-10 02:46

viewer   ~0006168

Not a problem for me. Fixed

PD9FER

2018-09-10 09:11

viewer   ~0006169

Latest Beta has sent to the Customer, will hear next week from him.

WA9PIE

2018-09-10 10:09

administrator   ~0006170

Ok... given that we've got some positive testing results... but that this one customer can't test for a week, I'm going to pass this one.

Ferry - when you hear back from him, let me know and I'll update this (closed) issue with that final feedback.

Issue History

Date Modified Username Field Change
2018-08-13 08:39 PD9FER New Issue
2018-08-13 08:41 PD9FER Note Added: 0005968
2018-08-13 19:31 K7ZCZ Note Added: 0005971
2018-08-19 15:08 K7ZCZ Assigned To => K7ZCZ
2018-08-19 15:08 K7ZCZ Status new => resolved
2018-08-19 15:08 K7ZCZ Resolution open => fixed
2018-08-19 15:08 K7ZCZ Note Added: 0005984
2018-08-29 18:38 K7ZCZ Project 1 - Backlog => 3 - Current Dev List
2018-08-29 18:40 K7ZCZ Fixed in Version => 6.4.0.877
2018-09-10 00:20 PD9FER Note Added: 0006162
2018-09-10 01:26 PD9FER Note Added: 0006163
2018-09-10 02:46 g3ucq Note Added: 0006168
2018-09-10 09:11 PD9FER Note Added: 0006169
2018-09-10 10:09 WA9PIE Note Added: 0006170
2018-09-10 10:10 WA9PIE Status resolved => closed
2018-09-10 10:10 WA9PIE Testing Not Started => Beta Successful
2018-09-11 13:15 WA9PIE Project 3 - Current Dev List => Ham Radio Deluxe
2018-09-11 13:18 WA9PIE Fixed in Version 6.4.0.877 => 6.4.0.886