DouglasGodfrey

sprintf_s( ): formatted string has argument values shuffled.

The first argument is always correct but subsequent arguments are shifted to the right by varing ammounts.

The same corruption occurs with _snprintf_s( ).

long int dispparams;

long int excepinfo;

UINT uArgErr;

CString varResult;

char resultString[64] = {0};

char result[64] = {0};

dispparams = *(long int*)pdispparams;

excepinfo = *(long int*)pexcepinfo;

uArgErr = *puArgErr;

varResult = variantToString(pvarResult);

strncpy_s(resultString, sizeof(resultString), varResult.GetString(), sizeof(resultString)-1);

FormatHresult(hr, result, sizeof(result));

sprintf_s(msg, sizeof(msg),

"Invoke( DISPID dispidMember [%08x], REFIID riid [%08x], LCID lcid [%08x], WORD wFlags [%04hx], DISPPARAMS FAR* pdispparams [%08x], VARIANT FAR* pvarResult [%s], EXCEPINFO FAR* pexcepinfo [%08x], UINT FAR* puArgErr [%08x] ) [HRESULT hr %s] - after call \r\n",

dispidMember, riid, lcid, wFlags, dispparams, resultString, excepinfo, uArgErr, result );

OutputDebugString(msg);

Debug Trace Output:

Invoke( DISPID dispidMember [6002002c], REFIID riid [00000000], LCID lcid [00000000], WORD wFlags [0000], DISPPARAMS FAR* pdispparams [00000000], VARIANT FAR* pvarResult [(null)], EXCEPINFO FAR* pexcepinfo [00000001], UINT FAR* puArgErr [01b54650] ) [HRESULT hr (null)] - after call

Actual value

dispidMember: 0x6002002c

riid: {GUID_NULL}

lcid: 0x00000000

wFlags: 0x0001

dispparams: 0x01b54650

varResult: "(null)"

excepinfo: 0x00000000

uArgErr: 0xffffffff

result: "< Success......: Facility[NULL], Code[0X0000] >"

Microsoft Visual Studio 2005
Version 8.0.50727.762 (SP.050727-7600)
Microsoft .NET Framework
Version 2.0.50727

Installed Edition: Professional

Microsoft Visual Basic 2005 77626-009-0000007-41225
Microsoft Visual Basic 2005

Microsoft Visual C++ 2005 77626-009-0000007-41225
Microsoft Visual C++ 2005

Microsoft Visual Web Developer 2005 77626-009-0000007-41225
Microsoft Visual Web Developer 2005

Microsoft Web Application Projects 2005 77626-009-0000007-41225
Microsoft Web Application Projects 2005
Version 8.0.50727.762

Intel(R) Fortran Compiler Integration
Intel(R) Fortran Compiler Integration for Microsoft Visual Studio 2005, Version 9.1.3427.2005, Copyright (C) 2002-2006 Intel Corporation

Microsoft Visual Studio 2005 Professional Edition - ENU Service Pack 1 (KB926601)
This service pack is for Microsoft Visual Studio 2005 Professional Edition - ENU.
If you later install a more recent service pack, this service pack will be uninstalled automatically.
For more information, visit http://support.microsoft.com/kb/926601

OS Name Microsoft Windows XP Professional
Version 5.1.2600 Service Pack 2 Build 2600
OS Manufacturer Microsoft Corporation
System Name GODFREYD1
System Manufacturer IBM
System Model 811335U
System Type X86-based PC
Processor x86 Family 15 Model 4 Stepping 3 GenuineIntel ~3192 Mhz
Processor x86 Family 15 Model 4 Stepping 3 GenuineIntel ~3192 Mhz
BIOS Version/Date IBM 2EKT32AUS, 12/16/2005
SMBIOS Version 2.34
Windows Directory C:\WINDOWS
System Directory C:\WINDOWS\system32
Boot Device \Device\HarddiskVolume1
Locale United States
Hardware Abstraction Layer Version = "5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)"
User Name CORP\godfreyd
Time Zone Eastern Daylight Time
Total Physical Memory 1,024.00 MB
Available Physical Memory 196.83 MB
Total Virtual Memory 2.00 GB
Available Virtual Memory 1.96 GB
Page File Space 2.37 GB
Page File C:\pagefile.sys



Re: Visual C++ General sprintf_s and _snprintf_s: argument list corrupted

Holger Grund

Passing references to the ellipsis engender undefined behavior. In VC++ the va macros are implemented with sizeof. Sizeof on a reference will return the size of the referenced type (16 byte for IID) rather than the size of the reference (4 bytes on x86). If you want the address of the IID you should pass a pointer to it. I.e. &riid.

And yes, a smart compiler would issue a diagnostic in this case.

-hg





Re: Visual C++ General sprintf_s and _snprintf_s: argument list corrupted

ChopperDavo

You don't show how the var msg is declared. That would help.