Home Dashboard Directory Help
Search

LocalFree called twice in CDatabase (MFC 11) by psc161


Status: 

Closed
 as Fixed Help for as Fixed


18
0
Sign in
to vote
Type: Bug
ID: 760371
Opened: 8/30/2012 5:58:54 AM
Access Restriction: Public
1
Workaround(s)
view
10
User(s) can reproduce this bug

Description

If a call to CDatabase::OpenEx is aborted (for example because of a wrong password) the following code is called twice:

LocalFree(m_blobConnect.pbData);

First in CDatabase::Connect(), then in CDatabase::Free(). This causes a memory corruption.
Details
Sign in to post a comment.
Posted by Microsoft on 4/29/2014 at 12:31 PM
Thank you for reporting this issue. This issue has been fixed in Visual Studio 2013. You can install a trial version of Visual Studio 2013 with the fix from: http://go.microsoft.com/?linkid=9832436
Posted by Pat Brenner MSFT on 5/14/2013 at 11:29 AM
Hi all,

I apologize for not providing more information when the issue was closed. This has been fixed in MFC for the next major release of Visual Studio, but not in any update for Visual Studio 2012.

Pat Brenner
Visual C++ Libraries Development
Posted by Markus Buttler on 4/4/2013 at 12:16 AM
Is there a fix available ?

I hate it that these issues are just closed without any further information.
Posted by René Bormann on 1/17/2013 at 2:00 AM
Hello, we have faced this issue when building with Visual C++ 11 (on TFS 2012). Can someone please tell me how we can solve this problem? Is there any fix available that I can update my Visual C++ 11 with?
Posted by Mat Kramer on 12/5/2012 at 9:22 AM
Does anyone have any workarounds for this problem?

The following MFC command-line program can be used to demonstrate the problem:

#include "stdafx.h"
#include "afxdb.h"

BOOL Connect(LPCTSTR szDatabase);

int _tmain(int argc, _TCHAR* argv[])
{
    printf("Connecting to an existing database...........");
    Connect("master");

    printf("Connecting to a non-existing database...........");
    Connect("does_not_exist");

    printf("Done!\n");
    getchar();
    return 0;
}

BOOL Connect(LPCTSTR szDatabase)
{
    BOOL bSucceeded = FALSE;
    TRY
    {
        CDatabase db;
        char szConnection[1000];
        sprintf_s(szConnection, 999,
             "DRIVER={SQL Server};DATABASE=%s;SERVER=np:(local)\\sqlexpress;Trusted_Connection=YES;)",
             szDatabase);
        bSucceeded = db.OpenEx(szConnection, CDatabase::noOdbcDialog);
        db.Close();
        printf("Success!\n\n\n");
    }
    CATCH(CDBException, e)
    {
        printf("Failure:\n     - ");
        char szError[1000];
        e->GetErrorMessage(szError, 999);
        printf(szError);
        printf("\n\n\n");
    }
    END_CATCH;

    return bSucceeded;
}
Posted by GüntherH on 11/9/2012 at 1:04 AM
The problem is, that m_blobConnect.pbData is not set to NULL after freeing it with LocalFree() in CDatabase::Connect() and CDatabase::Free(), so dangling pointer remains causing heap corruption. (dbcore.cpp)
Posted by Microsoft on 9/2/2012 at 7:17 PM
Thank you for submitting feedback on Visual Studio and .NET Framework. Your issue has been routed to the appropriate VS development team for investigation. We will contact you if we require any additional information.
Posted by psc161 on 8/31/2012 at 1:46 AM
I've added a demo project.
Posted by Microsoft on 8/30/2012 at 8:52 PM
Thanks for your feedback.

In order to fix the issue, we must first reproduce the issue in our labs. In order to efficiently investigate and reproduce this issue, we are requesting additional information outlined below.

Could you please give us a demo project so that we can conduct further research?

Please submit this information to us within 3 business days. We look forward to hearing from you with this information.

Microsoft Visual Studio Connect Support Team
Posted by Microsoft on 8/30/2012 at 6:51 AM
Thank you for your feedback, we are currently reviewing the issue you have submitted. If this issue is urgent, please contact support directly(http://support.microsoft.com)
Sign in to post a workaround.
Posted by SanderValcke on 7/10/2013 at 2:50 AM
See this blog post for a workaround:

http://mariusbancila.ro/blog/2013/03/06/second-cdatabase-bug-in-mfc-in-visual-studio-2012/
File Name Submitted By Submitted On File Size  
db3.zip 8/31/2012 6 KB