On Fri, 17 Oct 2003 15:07:42 -0700, "Pieter" <ms****@insanegenius.com>
wrote:
I synthetically create an overrun by copying more data than a buffer can
hold:
int buffer[128];
int i = 0;
for (i = 0; i < sizeof(buffer) / sizeof(buffer[0]) + 1; i ++)
{
buffer[i] = i;
}
In debug builds the /RTC option is enabled and catches the overrun.
In release builds the /GS option is enabled, and instead of a security
warning dialog, I get an access violation.
Ultimately I want to use _set_security_handler() to point to my custom
function,
but if I can not get the security dialog to display, I can not test my code.
Any ideas on why the default _security_handler is not called?
Interesting. I pasted your code into a default AppWizard skeleton
program and indeed, in a release build I do not get the security
warning. At first I figured it was because you were just overrunning
the buffer by a single integer, but changing the "+ 1" to a "* 2" made
no difference.
However, changing the type of your array from "int" to "char" made the
security warning dialog appear right away. I am guessing that the
compiler only inserts the buffer overrun check code when it sees
character arrays allocated on the stack.
By the way, I do the same thing here - when the security handler
function is called I set the priority of the current thread to time
critical (in an attempt to prevent other threads from confusing the
situation further), then use the imagehlp.dll functions to write a stack
dump for the current thread to a text file. Then we tell the user to
send the stack dump to us. I wouldn't take much more work to extend
this code so that it is similar to Microsoft's "do you want to send this
information back to Microsoft automatically?" facility.
Jon
