Re: Access violation error

See below...
On Tue, 10 Jul 2007 01:32:09 -0700, karim <karim@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:

Hi Joseph ,
Thanks for your reply. The method E3Des takes "passwordToEncrypt" as input
and run some encryption algorithm and then store the result in encpwd8 and
encpwd16 parameters, during this process version number, which is in "i" gets
modified. thats why i passed i as int *.now i have provided input like

char *passwordToEncrypt = "080000151F6ECF67";
char encpwd8[1024] = "";
char encpwd16[1024] = "";
****
These are actually pretty poor as well; it assumes that the encrypted output will fit into
1024 bytes, but since the characteristics of the subroutine are not known, there is no
reason to assume that this is actually true.
*****
int i = 0605;

here i am getting output in encpwd16 and some garbage value in encpwd8 and
i=389 with a return value of zero(Actually 1= success, differnt 1 = bad)

can you help me on this please........
*****
Without COMPLETE AND ACCURATE documentation of the function, it is impossible to tell what
it wants, what it does, what its parameters should be, or how to interpret its output.
joe
*****

Thanks and Regards,
karimulla.

"Joseph M. Newcomer" wrote:

See below...
On Fri, 6 Jul 2007 05:38:04 -0700, karim <karim@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:

hi David,

"David Wilkinson" wrote:

karim wrote:
Hi All,
i have the following code in my cpp file
**************************************************
int i = 0;

char *passwordToEncrypt = "080000151F6ECF67";
char *encpwd8 = NULL;
char *encpwd16 = NULL;

//if i uncomment below line,then it throwing access violation error during
runtime
//i = 0605;

int l = E3Des(passwordToEncrypt, encpwd8, encpwd16, &i);

****************************************************

the method "E3Des" is defined in a dll and it is linked. so no compilation
errors:-). i have only runtime error.

can anybody help me out.

karimulla:

What is the declaration of E3Des()? Does it modify the first parameter?
see the declaration below
int E3Des(char *Passwd_en_Claro, char *Passwd_Encriptado8, char*
Passwd_Encriptado16, int *version);
****
Of course, this actually says NOTHING about whether or not the first parameter is
modified; far too many programmers are sloppy about the use of the word const in
specifying parameters (generally, these are the same programmers who think 'char *' is
still a data type that should be used for general-purpose programming, as opposed to
LPTSTR or LPCTSTR). So it is entirely possible that a CORRECT declaration might have been

int E3Des(const char * Passwd_en_Claro, char * Passwd_Encriptado8, char *
Passwd_Encriptado16, int * version);

I had hypothesized something about the last argument being a possible buffer count, but a
key here is that we have not yet actually seen a specification of what is going on here,
but my suspiction is that it expects that valid pointers are passed in for the second and
third parameters, which is not happening here. If the version is given as 0, it probably
rejects the operation and returns 0, quite possibly calling ::SetLastError, or
alternatively, returning a negative number, but of course lacking any concept of what this
function is really supposed to do to its arguments or what its return type is makes it
difficult to infer what is going on or suggest alternative approaches.

Why is the version number a pointer? Is it changed on completion of the function? What
is it changed to, and why? I can see that you might have something that takes a (and
shades of retrocomputing) an octal version number 0605 representing version 6.05, and
returns an updated value, such as 0622, meaning the function could support features in the
6.22 release, but why octal? As far as I know, the last byte-oriented machine to use
octal was the PDP-11. (Although the failure to use const and the assumption of 8-bit
characters suggests the coder has not progressed beyond PDP-11 C)

I suspect it is uninitialized pointers caused by someone who doesn't understand the C
language trying to write code, and who is calling a function written by someone who
doesn't understand either C or modern programming practice. In addition to the abuse of
the data type 'char', as if characters are really only 8 bits wide all the time
everywhere, and the likely omission of the 'const' on the first parameter, DO YOU SEE A
BUFFER LENGTH BEING PASSED IN? Of course not! We have here a security function designed
to create security holes! Buffer overrun!

This looks like it was written by someone who learned C programming from the K&R book.
*****
and it doesn't modify the first parameter.
****
So why is the first parameter not declared 'const'???? The function definition is, to put
it mildly, the result of slovenly programming.
****
It would seem that it does. In that case you must pass it a modifiable
character string

char passwordToEncrypt[1024] = "080000151F6ECF67";

(assuming that 1024 is long enough).

Additional point: when you assign a string literal to a char pointer you
should always write

const char *passwordToEncrypt = "080000151F6ECF67";
i don't have any problem with above parameter. i got error when i pass +ve
value to "i" variable.
Then the compiler will stop you from passing it to a function that will
modify the string (i.e. one that takes char* as argument).

--
David Wilkinson
Visual C++ MVP

-karimulla.
Joseph M. Newcomer [MVP]
email: newcomer@xxxxxxxxxxxx
Web: http://www.flounder.com
MVP Tips: http://www.flounder.com/mvp_tips.htm

Joseph M. Newcomer [MVP]
email: newcomer@xxxxxxxxxxxx
Web: http://www.flounder.com
MVP Tips: http://www.flounder.com/mvp_tips.htm
.

Loading