|
|
|
[
Permlink
| « Hide
]
Maxfox Rau added a comment - 11/Mar/08 06:14 AM
It doesn't crash because there is no stack curruption in that case.. the stack is always long word aligned, so the 'bool' datatype is 4 bytes long on the stack, the same as a BOOL.
The 2 bool members of "LLMIMEWidgetSet" are both only 1 byte in size and they are both allocated on byte boundaries (not on integer boundaries). This is even the expected behavior of VC++ and it is documented as well.
In fact, a write access to the 1st bool member ("mAllowResize") will also overwrite the 2nd bool member ("mAllowLooping") and it will also overwrite 2 bytes on the stack which are following the "LLMIMEWidgetSet" structure. Whether this leads to a noticeable stack corruption with data loss, malfunction or a crash depends on several other things, but it is nevertheless a stack corruption - not to mention the wrong r/w access to the bool members which will give 'random' results due to accessing 3 uninitialized bytes while there should be accessed only 1. However, just check the address of the 1st and the 2nd bool member of "LLMIMEWidgetSet" carefully and you will see what I mean. Regards Thanks for noticing - this was fixed internally a few days ago.
Good catch. Yes, this is real stack corruption. I believe it is fixed in 1.19.1 RC1.
|
|||||||||||||||||||||||||||||||||||||||||||||