[erlang-patches] Win64 memory corruption fix

Jani Hakala jani.j.hakala@REDACTED
Wed Feb 13 22:13:20 CET 2013


Blaine Whittle <BWhittle@REDACTED> writes:

> Code wise, I looked at all uses of the type long regardless of the
> code section.  I agree that the majority of the patch is just
> formatting code with bad casts which should only result in incorrect
> memory reads and not writes (however I believe the issue could result
> in erl_misc_utils.c a write)
>
I looked at the patch and these original lines looked the most
suspicious to me: 

in erts/lib_src/common/erl_printf_format.c

825:     unsigned long eterm;
836:     eterm = va_arg(ap, unsigned long);
840:	 res = (*erts_printf_eterm_func)(noop_fn, NULL, eterm, prec, eterm_base);

erts_printf_eterm_func is assigned as erts_printf_term, which calls
print_term. print_term probably uses eterm as a pointer at some point
which causes invalid memory access with top-down memory allocation.

Jani Hakala




More information about the erlang-patches mailing list