Community
Participate
Working Groups
+++ This bug was initially created as a clone of Bug #315939 +++ Build Identifier: 3.4.2 In formatVmCommandMsg, there is code to format the message. There is a potential problem in "if (list[index][0] == _T_ECLIPSE('-') && *(ch-1) == _T_ECLIPSE(' '))" . "*(ch-1)" may point to an address that is outside the message memory range. The fix is to change the line to "if (list[index][0] == _T_ECLIPSE('-') && ch != message && *(ch-1) == _T_ECLIPSE(' ')) , this avoids the bad access crash. I am trying to create a patch but the network is very slow here today. Since this is a one line fix, so I choose to directly describe here. message = malloc( (length + 5) * sizeof(_TCHAR) ); /* Format the message such that options (args starting with '-') begin on a new line. Otherwise, the Motif MessageBox does not automatically wrap the messages and the message window can extend beyond both sides of the display. */ ch = message; if(args != NULL) list = args; else list = vmArgs; while(list != NULL) { for (index = 0; list[index] != NULL; index++) { if (list[index][0] == _T_ECLIPSE('-') && *(ch-1) == _T_ECLIPSE(' ')) *(ch-1) = _T_ECLIPSE('\n'); _tcscpy( ch, list[index] ); ch += _tcslen( list[index] ); *ch++ = _T_ECLIPSE(' '); } if(list == vmArgs) list = progArgs; else list = NULL; } *ch = _T_ECLIPSE('\0'); Reproducible: Always
Fix in Head for 3.7, binaries will be recompiled for I20100622
