Let me say first: I am not asking if this is fixed. Actually, my team strongly desires to use max, so I’m fixing it up. The initial thing is to stabalize it so it stops crashing.
I attached OllyDbg to 3DS, and waited for it to crash. Some things of note: First, it doesn’t crash reliably every time. Even if I do identical things every time. Further sometimes I can’t seem to force it to crash…
Second: this is the call trace at the time of the crash:
MSVCP80.?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEX_NI@Z
MSVCP80.??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
maxegg10.ProgramBase::Option::~Option
? maxegg10.std::_Tree<std::_Tmap_traits<std::basic_string<char,std::char_traits<char>,std::allocator<char> >,ProgramBase::Option
? maxegg10.std::_Tree<std::_Tmap_traits<std::basic_string<char,std::char_traits<char>,std::allocator<char> >,ProgramBase::Option
? maxegg10.std::_Tree<std::_Tmap_traits<std::basic_string<char,std::char_traits<char>,std::allocator<char> >,ProgramBase::Option
? maxegg10.std::_Tree<std::_Tmap_traits<std::basic_string<char,std::char_traits<char>,std::allocator<char> >,ProgramBase::Option
? maxegg10.std::_Tree<std::_Tmap_traits<std::basic_string<char,std::char_traits<char>,std::allocator<char> >,ProgramBase::Option
maxegg10.ProgramBase::~ProgramBase
maxegg10.EggBase::~EggBase
maxegg10.EggSingleBase::~EggSingleBase
Includes maxegg10.0E9E8523
maxegg10.MaxEggExpOptions::DoExport
The Lowest Level call there is ProgramBase::Option::~Option. This function isn’t explictly defined, take a look at the declaration:
class Option {
public:
string _option;
string _parm_name;
int _index_group;
int _sequence;
string _description;
OptionDispatchFunction _option_function;
OptionDispatchMethod _option_method;
bool *_bool_var;
void *_option_data;
};
Since its not explicitly defined, all it can be doing is deconstructing stack members. So we’re looking at _option, _param_name, _description, etc. The problem is that these are stable in all other cases, so I’m guessing that what we’re seeing is a buffer overflow. Anyone have any suggestions as to where to look?
I’m going to throw a memory profiler at it. Set up some fencing, and hope to see results… If anyone has suggestions, or feature requests, let me know.