Menu

#608 Infinite recursion in LoadBitmap and related functions

8
pending
Vidar Hasfjord
Resource (5) Crash (79) Internal (140)
1
2025-05-06
2025-05-06
Vidar Hasfjord
No

The issue arises due to insufficient error checking and improper handling of the fallback resource lookup:

  1. When a resource fails to load, it is assumed that the resource is missing.
  2. The function then attempts to find the resource in the module list.
  3. If a module containing the resource is found, the call is delegated to the found module.

In step 1 the actual error might not be that the resource is missing. The error could be e.g. handle or memory exhaustion. Hence, step 2 might find the same module. Step 3 does not test this case, thereby possibly delegating to itself.

See current implementation of TModule::LoadBitmap and related functions.

This issue was discovered using the new handle exhaustion test in the Classes example.

Related

Discussion: Should TModule::LoadString assert like the others?

Discussion

  • Vidar Hasfjord

    Vidar Hasfjord - 2025-05-06
    • status: open --> pending
     

  • Vidar Hasfjord

    Vidar Hasfjord - 2025-05-06

    This bug was fixed in [r7817], and [r7819] makes the fix more robust.

    Note that LoadString now calls ::LoadString, rather than FindResourceEx. A warning is generated if there is a language mismatch between the thread locale and TApplication::LangId. Previously the function passed the latter to FindResourceEx to explicitly select the language to look for.

    I think this simplification makes sense, by just wrapping the underlying Windows API function as expected, but please review and test, and let me know if there is an issue.

     

    Related

    Commit: [r7817]
    Commit: [r7819]


    Last edit: Vidar Hasfjord 2025-05-07

Log in to post a comment.

MongoDB Logo MongoDB