Issue #11515 has been updated by Christian Hltje.


Nobuyoshi Nakada wrote:
> `CreateChild` is never called with a constant `cmd`, as it is build at the runtime.

Am I reading the code wrong then?  The function declaration says `cmd` is a`const WCHAR *`.

~~~
CreateChild(const WCHAR *cmd, ...)
~~~

As I said, I'm no expert at this.  I googled a bunch and I found the MSDN page mentioned above.  The *only* place it mentions memory access errors is if you pass `cmd` as a "constant string".  I'm unsure if they mean the *pointer* to the string or, the memory the pointer points at, or both.

My patch assumes "both" and makes a copy.

> How can you reproduce it?

Well, that's tricky since the OS decides whether or not to move things around.  So there is no way to guarantee reproducing the error.

----------------------------------------
Bug #11515: CreateProcessW() can cause "Invalid access to memory location"
https://bugs.ruby-lang.org/issues/11515#change-54366

* Author: Christian Hltje
* Status: Feedback
* Priority: Normal
* Assignee: 
* ruby -v: 
* Backport: 2.0.0: UNKNOWN, 2.1: UNKNOWN, 2.2: UNKNOWN
----------------------------------------
The second argument for `CreateProcessW()` needs to *not* be a constant because it may be modified:

From https://msdn.microsoft.com/en-us/library/windows/desktop/ms682425(v=vs.85).aspx :

> The Unicode version of this function, CreateProcessW, can modify the contents of this string. Therefore, this parameter cannot be a pointer to read-only memory (such as a const variable or a literal string). If this parameter is a constant string, the function may cause an access violation.

This would explain sporadic "Invalid access to memory location" errors people see on Windows.

To resolve ths, `cmd` should be copied into a temporary variable before CreateProcessW() is called.

I've attached a patch that might work, but I'm not an expert C/Windows programmer.

---Files--------------------------------
ruby-CreateProcessW-memory-error.diff (919 Bytes)


-- 
https://bugs.ruby-lang.org/