[flac-dev] Patch to add Unicode filename support for win32 flac

JonY 10walls at gmail.com
Tue Mar 19 15:33:35 PDT 2013 

On 3/20/2013 00:35, Janne Hyvärinen wrote:
>>
>> As for calling __wgetmainargs, I have some concerns about the security
>> implications:
>> LoadLibrary("msvcrt.dll") <- Which msvcrt? Theoretical security exploit.
> 
> There is msvcrt.dll in the System32 dir in all supported Windows 
> systems. That is what the function targets, but of course LoadLibrary 
> searches from exe's dir first. I think security exploit concerns are 
> warrantless, if you can place malicious replacement c-runtime dll in the 
> exe's path you have already won.
> 

Yeah, which is why I said it was theoretical.

I've seen code that use __ImageBase to over the import tables to find
out which MSVCR* DLL is used and use GetModuleHandleA to avoid LoadLibrary.

>>
>> I think it is best to link it directly, please use the following
>> prototype and call it directly:
>>
>> =============================================
>> #ifdef _DLL
>> #define CALL_DLLIMPORT __declspec(dllimport)
>> #else
>> #define CALL_DLLIMPORT
>> #endif
>> int __cdecl CALL_DLLIMPORT __wgetmainargs(int*, wchar_t***, wchar_t***,
>> int, int*);
>> =============================================
>>
>> This should simplify the error handling logic and help against
>> LoadLibrary handle leaks, though the leak should not be an issue in
>> practice since it is only called once. The symbol should also be present
>> in MSVCR* DLLs.
> 
> This alone does nothing. It requires linking with an object file that 
> then deals with the function. If we link against msvcrt.lib the flac.exe 
> binary will no longer be static and it won't work without external 
> runtimes (which would also be loaded from the exe's dir if they exist 
> there). Linking with msvcmrt.lib won't find the function and unicode 
> version msvcurt.lib causes this error:
> Error    1    error LNK2005: ___iob_func already defined in 
> msvcurt.lib(MSVCR110.dll)    G:\test\LIBCMT.lib(_file.obj)    test
> Error    2    error LNK1169: one or more multiply defined symbols 
> found    G:\test\Release\test.exe    test
> 

There is no __wgetmainargs in the static libcmt? Interesting.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 834 bytes
Desc: OpenPGP digital signature
Url : http://lists.xiph.org/pipermail/flac-dev/attachments/20130320/a54e6be6/attachment.pgp

More information about the flac-dev mailing list