Search

access violation in afxcustomizemenubutton.cpp by Vardenis

Closed
as Fixed Help for as Fixed

2
0
Sign in
 to vote
Type: Bug
ID: 611434
Opened: 10/7/2010 8:07:05 AM
Access Restriction: Public
0
Workaround(s)
0
User(s) can reproduce this bug
memory read access violation at the lines:
                CMFCCustomizeMenuButton* pBtn = (CMFCCustomizeMenuButton*)pMenuBar->GetButton(i);
                if ((pBtn->m_uiIndex >= nNewIndex) && (pBtn->m_uiIndex != ID_AFXBARRES_TOOLBAR_RESET_PROMT))

The violation is because the button is incorrectly casted to the CMFCCustomizeMenuButton, while it is CMFCToolBarButton.
Details (expand)

Visual Studio/Silverlight/Tooling version

Visual Studio 2010

What category (if any) best represents this feedback?

Reliability

Steps to reproduce

Take any MFC feature pack sample that demonstrates new toolbars, C++\MFC\Visual C++ 2008 Feature Pack\VisualStudioDemo for example.
Use gflags.exe from Debugging Tool to enable page heap for VisualStudioDemo.exe or modify registry directly:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VisualStudioDemo.exe]
"GlobalFlag"=dword:02000000
"PageHeapFlags"=dword:00000003

It is needed to catch an access of non valid memory.

Compile the sample and run it.
Invoke Tools->Customize dialog. Switch to the Toolbars tab. Press New. Give any name to the new toolbar.
Don't close the dialog and drag'n'drop any toolbar button from standard toolbars to the new toolbar. Close the Customize dialog.
Now press the little black triangle on the right bottom of the toolbar you removed a button from (I believe it is called Quick Customize Button).
"Add or Remove Buttons"->"Toolbar name".
You will see a menu with the all toolbar buttons checked, except the one you have removed.
Click on it. You will hit memory read access violation at the lines:
                CMFCCustomizeMenuButton* pBtn = (CMFCCustomizeMenuButton*)pMenuBar->GetButton(i);
                if ((pBtn->m_uiIndex >= nNewIndex) && (pBtn->m_uiIndex != ID_AFXBARRES_TOOLBAR_RESET_PROMT))

The violation is because the button is incorrectly casted to the CMFCCustomizeMenuButton, while it is CMFCToolBarButton.

This is not a bug in the sample, but a bug in the MFC internals.

Product Language

English

Operating System

Windows 7

Operating System Language

English

Actual results

Memory access violation (with page heap enabled) or Undefined behavior with PH disabled.

Expected results

No crash
File Attachments
File Name Submitted By Submitted On File Size  
yeahright.avi Vardenis 10/8/2010 153.56 MB
yeahright.avi Vardenis 10/8/2010 153.56 MB
Sign in to post a comment.
Posted by Vardenis on 11/3/2010 at 1:25 PM
Would it be possible to get the fix as a hotfix for VS2010?
Posted by Microsoft on 11/3/2010 at 10:44 AM
Hello,

Thanks for the report. This issue has been fixed in MFC for the next major release of Visual Studio.

Pat Brenner
Visual C++ Libraries Development
Posted by Microsoft on 10/29/2010 at 1:16 AM
Thank you for uploading the dump again and again. We have sent it to appropriate group within the Visual Studio Product Team for investigation. These specialized experts will follow-up with your issue.
Posted by Microsoft on 10/27/2010 at 2:40 AM
We are very sorry to say that we don't see your attachment in the mentioned workspace.
And we create a new workspace, could you please try to upload it again?

https://sftus.one.microsoft.com/choosetransfer.aspx?key=cb5a4995-ebf5-4746-9470-7a8e0fc566c8
Password:5CB#pUvd2K2Nf46

Sorry again for the inconvenience.
Posted by Vardenis on 10/25/2010 at 2:56 AM
Done.
Posted by Microsoft on 10/25/2010 at 2:10 AM
Hi [vIva],

It seems that there was something wrong with file upload functionality of the connect site. Could you please try to upload it to our workspace?
Posted by Vardenis on 10/20/2010 at 3:06 AM
I have checked "submit these files to Microsoft only". The file name is FeedbackID-611434.zip
Posted by Microsoft on 10/19/2010 at 11:46 PM
Thanks again for your feedback.
We cannot find your dump anywhere. Could you please upload it again to the mentioned workspace?
Posted by Vardenis on 10/19/2010 at 7:17 AM
I have attached a crash dump here.
Posted by Microsoft on 10/19/2010 at 2:17 AM
Thank you for attaching the repro video.
But we cannot still reproduce this issue with your video.
Could you please provide us with a mini dump file? You can get detailed steps about how to get the dump file at :

http://blogs.msdn.com/debugger/archive/2009/12/30/what-is-a-dump-and-how-do-i-create-one.aspx

It would be greatly appreciated if you could provide us with that information as quickly as possible.

You can upload your dump to the workspace:
https://sftasia.one.microsoft.com/choosetransfer.aspx?key=64b8c383-9225-4638-9247-8fe73b6f6790
Password:zDyRp0LOnmJU5

Please use "FeedbackID-611434" as the file name.

Thanks!
Posted by Vardenis on 10/8/2010 at 5:10 AM
I have attached a video. http://camstudio.org/ in case you need the codec.
Posted by Microsoft on 10/8/2010 at 12:33 AM
Thank you for reporting this issue.
But we were not able to reproduce it with the steps you provided. Could you please attach a video to help us investigate this issue?
Posted by Microsoft on 10/7/2010 at 8:22 AM
Thank you for your feedback, we are currently reviewing the issue you have submitted. If this issue is urgent, please contact support directly(http://support.microsoft.com)
Sign in to post a workaround.
© 2013 Microsoft Corporation. All rights reserved. Microsoft Connect Terms of Use | Trademarks | Privacy Statement