msxml3: Fix varargs handling in libxml2 error callback implementation
david at l8s.co.uk
Wed Feb 15 16:55:32 CST 2012
On Wed, Feb 15, 2012 at 11:28:37PM +0100, Marcus Meissner wrote:
> On Thu, Feb 16, 2012 at 01:55:44AM +0300, Nikolay Sivov wrote:
> > The problem is that vsnprintf() was called multiple times with same
> > va_list. Ti fix that it was necessary to get rid of some tracing
> > bits like macro-defined callback calls and a single function for all
> > kinds of error types.
> > As far as I understand this problem it leads to a stack corruption
> > when va_list is used multiple time without va_start/va_end around
> > it, so it's critical to fix.
> If I remember correctly, you can even process a va_list only once
> on some platforms.
> If you need to process it multiple times, you need to create a copy
> with va_copy() first.
> Ciao, Marcus
Correct - on architectures that don't pass all arguments on the stack
a va_list is a complex data item that can only be processed once.
The Microsoft ABI for amd64 reserves stack space for the arguments
passed in registers so that the processing of integer/ptr args is easy.
For all Unix OS amd64 passed the first 6 (IIRC) integer/ptr args
in normal registers, and the first few FP args in FP regs (regardless
of the order of the parameters), the va_list data has to remember
which register args have been processed.
This is all somewhat tricky! and makes support for printf's argument
order selection stuff extremely difficult to write!
David Laight: david at l8s.co.uk
More information about the wine-patches