Utf8UpperCase in combination with HeapTrace may crash program
Original Reporter info from Mantis: Bart @flyingsheep
-
Reporter name: Bart Broersma
Original Reporter info from Mantis: Bart @flyingsheep
- Reporter name: Bart Broersma
Description:
Utf8UpperCase(#$C9#91#
C9#$91) can crash a program.
Steps to reproduce:
See attached demo
Additional information:
This only seems to happen when:
- HeapTrace is enabled (-gh)
- The string contains codepoints that, when processed to their uppercase counterpart, make up more bytes than the original one: e.g the "upper" of #$C9#
91 = #
E2#B#
AD
- You need at least 2 of those codepoint in the string
Tried to get a backtrace, but got "no stack"...
C:\Users\Bart\LazarusProjecten\bugs\Utf8UC>gdb uc.exe
GNU gdb (GDB) 7.2
Copyright (C) 2010 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later &LtPos;http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "mingw32".
For bug reporting instructions, please see:
&LtPos;http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from C:\Users\Bart\LazarusProjecten\bugs\Utf8UC/uc.exe...done.
(gdb) run
Starting program: C:\Users\Bart\LazarusProjecten\bugs\Utf8UC/uc.exe
[New Thread 3760.0x334]
UTF8 seems valid
Marked memory at $00240D80 invalid
Wrong signature $50EA5AF2 instead of 61F7CA44
$0040D6C8
$004272EE TFORM1__BUTTON1CLICK, line 42 of main.pp
$004F99B2 TCONTROL__CLICK, line 2718 of ./include/control.inc
$00510C1F TBUTTONCONTROL__CLICK, line 56 of ./include/buttoncontrol.inc
$0051120F TCUSTOMBUTTON__CLICK, line 175 of ./include/buttons.inc
$00511861 TBUTTON__CLICK, line 355 of ./include/buttons.inc
$00510B5A TBUTTONCONTROL__WMDEFAULTCLICKED, line 26 of ./include/buttoncontr
ol.inc
$0040ADC6
$004ED9FE TWINCONTROL__WNDPROC, line 5322 of ./include/wincontrol.inc
WARNING: TLCLComponent.Destroy with LCLRefCount>0. Hint: Maybe the component is
processing an event?
Heap dump by heaptrc unit
854 memory blocks allocated : 1543625/1545400
853 memory blocks freed : 1543612/1545384
1 unfreed memory blocks : 13
True heap size : 688128 (112 used in System startup)
True free heap : 687920
Should be : 687936
Marked memory at $00240D80 invalid
Wrong signature $50EA5AF2 instead of 61F7CA44
$004141A7
$0040D6C8
$004272EE TFORM1__BUTTON1CLICK, line 42 of main.pp
$004F99B2 TCONTROL__CLICK, line 2718 of ./include/control.inc
$00510C1F TBUTTONCONTROL__CLICK, line 56 of ./include/buttoncontrol.inc
$0051120F TCUSTOMBUTTON__CLICK, line 175 of ./include/buttons.inc
$00511861 TBUTTON__CLICK, line 355 of ./include/buttons.inc
$00510B5A TBUTTONCONTROL__WMDEFAULTCLICKED, line 26 of ./include/buttoncontr
ol.inc
Program exited with code 01.
(gdb) bt
No stack.
Mantis conversion info:
- Mantis ID: 23428
- OS: Window
- OS Build: Win7
- Build: r39272
- Platform: i386
- Version: 1.1 (SVN)
- Fixed in version: 1.1 (SVN)
- Target version: 1.2.0