views:

29

answers:

1

We have a C# application, calling a simple C++ wrapper class, that then calls an existing C++ DLL. The C++ code is all VC++ 6.0.

We are getting inconsistent behaviour, but the crash, when it happens, always happens within the C++ wrapper DLL, and always in the same spot (have confirmed using painful logging statements). It never happens on any environment except on Windows 2008, so we suspect some bad-but-not-fatal memory trashing is going on that somehow Windows 2008 is being more mindful of.

Here's the relevant code, if anyone has any ideas on why this might be crashing it would be much appreciated. We've been tearing our hair out for a few days and project timelines are slipping all for the want of being able to return a simple string back to C#...

I've been told we've tried setting the VARIANT vresult using VariantInit, and clearing it when we are done with VariantClear, but that didn't help.

// JobMgrDll.cpp : Defines the entry point for the DLL application.
//

#include "stdafx.h"
#include "JobMgrDll.h"
#include "jobmgr.h"

CString gcontext;
CString guser;
CString ghost;
CString glog;
JOBMGRDLL_API int nJobMgrDll=0;

extern "C" JOBMGRDLL_API  char*  perform_billcalc(char* cmd, char* context, char* user,char* host,BSTR* log,int* loglen)
{
 char* result = new char[1000];
 memset(result,0,999);
 result[999] = '\0';
 bstr_t bt_command = cmd;

 UUID uuid = __uuidof(BRLib::Rules);
 VARIANT vresult;
 char *p_rv;
 gcontext = context;
 guser = user;
 ghost = host;
 write_log("execute_job");
 p_rv = execute_job(uuid, "none", bt_command, &vresult);
 write_log("DONE execute_job");
 CString message;

 write_log ("Intializing bstr_t with variant");  // WE ALWAYS GET HERE
 bstr_t res(vresult); 

 //message.Format("%s result = %s",p_rv,res);
 //write_log(message);
 write_log("copying Result");  // WE DON'T ALWAYS GET HERE, BUT SOMETIMES WE DO
 strcpy(result,(char*)res);
 write_log(CString(result));

 *loglen = glog.GetLength();
 *log = glog.AllocSysString();

 return result;
}

Again, any ideas much, much appreciated.

+1  A: 

The opportunities for heap and stack corruption abound. Not initializing the variant is suicidal. Copying a C string into a local char[] without checking the length is hoping to always be lucky. The real damage could be done anywhere, execute_job() or something that ran half an hour ago.

Consider a tool to catch mistakes like these, something like Coverity.

Hans Passant