Steven Engelhardt

Mar 15

Debugging Lesson

Today, I had to debug a crash which was caused by a developer providing an untrusted string to a printf() function. This string had escape sequences in it which caused printf() to start popping parameters off the stack when no such parameters existed. While I was fortunate in that the crash was immediate and reproducible, I must note the following:

DO NOT DO THIS. Either use printf("%s", str); or one of the puts() functions.
Variable-argument functions are inherently brittle and crash-prone.
If you suspect the crash is due to a buffer-overflow problem such as this, and you are trying to debug after the behavior has already happened (for example, after the access violation exception has been thrown) don’t blindly trust the values of any variables the debugger tells you after this point, as the stack is likely garbage.

March 2004

M T W T F S S

« Feb May »

1 2 3 4 5 6 7

8 9 10 11 12 13 14

15 16 17 18 19 20 21

22 23 24 25 26 27 28

29 30 31
Categories
- Baseball (10)
- Economics (18)
  - Political Economy (12)
- Finance (8)
  - Investing (3)
- General (30)
- Programming (137)
  - C (15)
  - C# (24)
    - Silverlight (1)
  - C++ (59)
    - MFC (3)
    - STL (7)
  - Error Handling (8)
  - Excel Interop (3)
  - HTML (4)
    - CSS (1)
  - JavaScript (1)
  - Make (1)
  - Python (2)
  - Regular Expressions (2)
  - Shell Scripting (1)
  - SQL (1)
  - Unix (1)
  - Win32 (25)
    - COM (3)
  - XML (34)
    - XPath (3)
    - XSLT (4)
- Software / Technology (18)
  - Apache (4)
  - Email (4)
  - IIS (1)
  - Mutt (3)
  - Unix (7)
- Statistics (3)
Meta

Debugging Lesson

Categories

Meta

Recent Posts

Recent Comments

About

March 2004
M	T	W	T	F	S	S
« Feb				May »
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30	31