Community
Participate
Working Groups
Build Identifier: 3.4.2 In formatVmCommandMsg, there is code to format the message. There is a potential problem in "if (list[index][0] == _T_ECLIPSE('-') && *(ch-1) == _T_ECLIPSE(' '))" . "*(ch-1)" may point to an address that is outside the message memory range. The fix is to change the line to "if (list[index][0] == _T_ECLIPSE('-') && ch != message && *(ch-1) == _T_ECLIPSE(' ')) , this avoids the bad access crash. I am trying to create a patch but the network is very slow here today. Since this is a one line fix, so I choose to directly describe here. message = malloc( (length + 5) * sizeof(_TCHAR) ); /* Format the message such that options (args starting with '-') begin on a new line. Otherwise, the Motif MessageBox does not automatically wrap the messages and the message window can extend beyond both sides of the display. */ ch = message; if(args != NULL) list = args; else list = vmArgs; while(list != NULL) { for (index = 0; list[index] != NULL; index++) { if (list[index][0] == _T_ECLIPSE('-') && *(ch-1) == _T_ECLIPSE(' ')) *(ch-1) = _T_ECLIPSE('\n'); _tcscpy( ch, list[index] ); ch += _tcslen( list[index] ); *ch++ = _T_ECLIPSE(' '); } if(list == vmArgs) list = progArgs; else list = NULL; } *ch = _T_ECLIPSE('\0'); Reproducible: Always
Created attachment 171237 [details] Crash stacks
Created attachment 171265 [details] patch I think you mean a patch like this. The comment 0 seems to just be a paste of the original code unchanged. This bug looks to be in the 3.6 codebase as well. This patch is against 3.6. Could you provide the arguments (eclipse.ini) that you pass the launcher to cause this error?
In general the progArgs list would be expected to start with a "-" argument, so I would guess we are always at the least reading the invalid memory location at (ch-1). I guess it depends on the OS whether a read in a bad location would cause a crash, but if we happen to read a ' ', then the write on the next line would be worse.
Created attachment 171363 [details] eclipse launcher arguments
The arguments are passed by native rcplauncher to eclipse. You can see the arguments list in the attachments. The crash is intermittent . (In reply to comment #2) > Created an attachment (id=171265) [details] > patch > > I think you mean a patch like this. The comment 0 seems to just be a paste of > the original code unchanged. > > This bug looks to be in the 3.6 codebase as well. This patch is against 3.6. > Could you provide the arguments (eclipse.ini) that you pass the launcher to > cause this error?
I reviewed the patch for 3.6.1.
patch released to branch
