You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Not initializing function pointer values with NULL in escapi.cpp function declarations is quite dangerous. All these pointers get random addresses and could point to something completely different. Also even if GetProcAddress does not find a function in the DLL it still is not set to NULL for some C++ compilers (i.e. Embarcadero RAD Studio C++) and so can end up loading a completely different library.
I've seen this myself when we first used ESCAPI 3.0, but then decided to go back to 2.1 because of the DirectShow support. Replacing the 3.0 DLL with 2.1 DLL did not cause any errors and the protection where it checks for function pointers != NULL did nothing and allowed to load the 2.1 DLL into process. Which is scary, cause you don't know what these random pointers can end-up modifying in the running process memory.
Reproduction steps
Add escapi.cpp and escapi.h from 3.0 release into your project.
Compile
Copy escapi.dll version 2.1 to the binary output directory
Expected result
Application should not allow to load the older version of escapi.dll
Actual result
Application loads the older version of escapi.dll even if the Property functions are not found.
The text was updated successfully, but these errors were encountered:
Description
Not initializing function pointer values with
NULLinescapi.cppfunction declarations is quite dangerous. All these pointers get random addresses and could point to something completely different. Also even ifGetProcAddressdoes not find a function in the DLL it still is not set to NULL for some C++ compilers (i.e. Embarcadero RAD Studio C++) and so can end up loading a completely different library.I've seen this myself when we first used ESCAPI 3.0, but then decided to go back to 2.1 because of the DirectShow support. Replacing the 3.0 DLL with 2.1 DLL did not cause any errors and the protection where it checks for
function pointers != NULLdid nothing and allowed to load the 2.1 DLL into process. Which is scary, cause you don't know what these random pointers can end-up modifying in the running process memory.Reproduction steps
escapi.cppandescapi.hfrom 3.0 release into your project.escapi.dllversion 2.1 to the binary output directoryExpected result
Application should not allow to load the older version of
escapi.dllActual result
Application loads the older version of
escapi.dlleven if thePropertyfunctions are not found.The text was updated successfully, but these errors were encountered: