Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.

Bug 317200

Summary: [launcher] Crash in formatVmCommandMsg
Product: [Eclipse Project] Equinox Reporter: Andrew Niefer <aniefer>
Component: FrameworkAssignee: equinox.framework-inbox <equinox.framework-inbox>
Status: RESOLVED FIXED QA Contact:
Severity: critical    
Priority: P3 CC: aniefer, linyunz, mukund, raji
Version: 3.4.2   
Target Milestone: 3.7 M1   
Hardware: Macintosh   
OS: Mac OS X - Carbon (unsup.)   
Whiteboard:
Bug Depends on: 315939, 342748    
Bug Blocks:    

Description Andrew Niefer CLA 2010-06-17 11:15:32 EDT 
+++ This bug was initially created as a clone of Bug #315939 +++

Build Identifier: 3.4.2

In formatVmCommandMsg, there is code to format the message. There is a potential problem in "if (list[index][0] == _T_ECLIPSE('-') && *(ch-1) == _T_ECLIPSE(' '))"  .  "*(ch-1)" may point to an address that is outside the message memory range.  The fix is to change the line to "if (list[index][0] == _T_ECLIPSE('-') && ch != message && *(ch-1) == _T_ECLIPSE(' ')) , this avoids the bad access crash. 

I am trying to create a patch but the network is very slow here today. Since this is a one line fix, so I choose to directly describe here. 


	message = malloc( (length + 5) * sizeof(_TCHAR) );

	/* Format the message such that options (args starting with '-') begin
	   on a new line. Otherwise, the Motif MessageBox does not automatically wrap
	   the messages and the message window can extend beyond both sides of the display. */
	ch = message;
	if(args != NULL) list = args;
	else             list = vmArgs;
	while(list != NULL) {
		for (index = 0; list[index] != NULL; index++)
		{
			if (list[index][0] == _T_ECLIPSE('-') && *(ch-1) == _T_ECLIPSE(' '))
				*(ch-1) = _T_ECLIPSE('\n');
			_tcscpy( ch, list[index] );
			ch += _tcslen( list[index] );
			*ch++ = _T_ECLIPSE(' ');
		}
		if(list == vmArgs) list = progArgs;
		else 			   list = NULL;
	}
	*ch = _T_ECLIPSE('\0');

Reproducible: Always
Comment 1 Andrew Niefer CLA 2010-06-17 11:16:25 EDT 
Fix in Head for 3.7, binaries will be recompiled for I20100622