msxml3: Fix varargs handling in libxml2 error callback implementation
David Laight
david at l8s.co.uk
Wed Feb 15 16:55:32 CST 2012
On Wed, Feb 15, 2012 at 11:28:37PM +0100, Marcus Meissner wrote:
> On Thu, Feb 16, 2012 at 01:55:44AM +0300, Nikolay Sivov wrote:
> > The problem is that vsnprintf() was called multiple times with same
> > va_list. Ti fix that it was necessary to get rid of some tracing
> > bits like macro-defined callback calls and a single function for all
> > kinds of error types.
> >
> > As far as I understand this problem it leads to a stack corruption
> > when va_list is used multiple time without va_start/va_end around
> > it, so it's critical to fix.
>
> If I remember correctly, you can even process a va_list only once
> on some platforms.
>
> If you need to process it multiple times, you need to create a copy
> with va_copy() first.
>
> Ciao, Marcus
Correct - on architectures that don't pass all arguments on the stack
a va_list is a complex data item that can only be processed once.
The Microsoft ABI for amd64 reserves stack space for the arguments
passed in registers so that the processing of integer/ptr args is easy.
For all Unix OS amd64 passed the first 6 (IIRC) integer/ptr args
in normal registers, and the first few FP args in FP regs (regardless
of the order of the parameters), the va_list data has to remember
which register args have been processed.
This is all somewhat tricky! and makes support for printf's argument
order selection stuff extremely difficult to write!
David
--
David Laight: david at l8s.co.uk
More information about the wine-patches
mailing list