------------------------------------------------------------
[BUG/PRB.] VFP 9.0 FIX - MODIFY MENU COMMAND
December 2024
------------------------------------------------------------
CCB
1. BUG:
In vfp9 (and vfp6, vfp7, vfp8), sometimes vfp will crash when using the Menu designer with the MODIFY MENU command (or the CREATE MENU command).
The bug also occurs in some Expression Builder dialog boxes, but vfp will not crash.
The bug was reported by Ajit Abraham.
2. CAUSE:
In the Menu designer, vfp will remove all trailing space, carriage return, and line feed characters for the menu item text, usually there is no problem.
But if the menu item text is a backslash and a dash (\-), or the menu item text is an empty string,
the menu item text will be converted to an empty string,
and then vfp will remove all trailing space, carriage return, and line feed characters for the empty string.
Please refer to the memory dump data:
0019F334 90 16 80 0A 00 2D 00 72 74 20 6F 66 20 41 63 63
dword [0019F334] is a memory handle, now it is correct,
byte [0019F338] is an empty string.
dword [0019F334] == 0x0A801690, the high byte is 0x0A, it is same as the line feed character.
After vfp removes all trailing space, carriage return, and line feed characters for the empty string,
the high byte 0x0A will be changed to 0x00 (buffer overflow),
so dword [0019F334] == 0x00801690, it is a incorrect memory handle,
and then vfp will crash.
If the memory handle is 0x0A??????, 0x0D?????? or 0x20??????,
it will be changed to 0x00?????? (buffer overflow), it is a incorrect memory handle,
and then vfp will crash.
There are some BUGs in the following code.
3. RESOLUTION:
We can write some code to fix the BUG.
Fun62cc91 :: ; proc near
xor dl , dl ;0x0062cc91 : 32d2
;
; -------------------------------------------------
; VFP 9.0 FIX - MODIFY MENU COMMAND
; December 2024
; -------------------------------------------------
; CCB
;
; Sometimes vfp will crash when using the Menu designer with the MODIFY MENU command (or the CREATE MENU command).
;
; 2024/12/6, by ccb
;
cmp byte ptr [eax] , 00h
je Label62ccb0
jmp Label62cc96 ;0x0062cc93 : eb01
Label62cc95 ::
inc eax ;0x0062cc95 : 40
Label62cc96 ::
cmp byte ptr [eax] , dl ;0x0062cc96 : 3810
jne Label62cc95 ;0x0062cc98 : 75fb
Label62cc9a ::
dec eax ;0x0062cc9a : 48
mov cl , byte ptr [eax] ;0x0062cc9b : 8a08
cmp cl , 020h ;0x0062cc9d : 80f920
je Label62ccac ;0x0062cca0 : 740a
cmp cl , 0Dh ;0x0062cca2 : 80f90d
je Label62ccac ;0x0062cca5 : 7405
cmp cl , 0Ah ;0x0062cca7 : 80f90a
jne Label62ccb0 ;0x0062ccaa : 7504
Label62ccac ::
mov byte ptr [eax] , dl ;0x0062ccac : 8810
jmp Label62cc9a ;0x0062ccae : ebea
Label62ccb0 ::
ret ;0x0062ccb0 : c3
4. APPLIES TO:
VFP 6.0.8167.0
VFP 6.0.8961.0 (SP5)
VFP 7.0.0.9262
VFP 7.0.0.9465 (SP1)
VFP 8.0.0.2521
VFP 8.0.0.3117 (SP1)
VFP 9.0.0.2412
VFP 9.0.0.3504 (SP1)
VFP 9.0.0.4611 (SP2)
VFP 9.0.0.5015 (SP2)
VFP 9.0.0.5411 (SP2)
VFP 9.0.0.5721 (SP2)
VFP 9.0.0.5815 (SP2)
VFP 9.0.0.6303 (SP2)
VFP 9.0.0.6602 (SP2)
VFP 9.0.0.7423 (SP2)
The bug has been fixed in VFP Advanced.
5. REFERENCE WEBSITES:
1, baiyujia.com:
http://www.baiyujia.com
6. OTHER:
For reference only, there is no guarantees.
Any questions or suggestions, please send me an email at ccb2000@163.com.
|