none
ListView crashes the CLR? RRS feed

  • Question

  • Setting a ListView to virtual mode and then populating Text or SubItems() with strings longer than 260 characters _and_ two quotes crashes my application the hard way - the EXE just shuts down. I suspect some problem in the unmanaged part of the .NET framework, but can't really tell. I reported this bug(?) three days ago already in this forum, but my post vanished for whatever reason.

    Can anybody reproduce this problem? Or know a workaround/fix? Below is my sample code, you can also download the VB.NET project here:
     
    http://www.hotpixel.net/tmp/ListViewBomb.zip

    I'm running VS2005, WinXP Home, 1GB RAM. This problem is really annoying. Anything helps, thanks!

    Public Class Form1

    Private Sub ListView1_KeyPress(ByVal sender As System.Object, ByVal e As System.Windows.Forms.KeyPressEventArgs) Handles ListView1.KeyPress

       ListView1.VirtualListSize = ListView1.VirtualListSize + 1

    End Sub

    Private Sub ListView1_RetrieveVirtualItem(ByVal sender As System.Object, ByVal e As System.Windows.Forms.RetrieveVirtualItemEventArgs) Handles ListView1.RetrieveVirtualItem

    Dim item As ListViewItem
       item = New ListViewItem()

       ' the original crash string
       'item.Text = " xxxxxx ""xxxxxxxxxxxxxxxxxx"" xxxxxxxxxxxxx\nxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx ""xxxxxxxxxxxxxxxxxx"" xxxxxxxxxxxxxxxxxxxxxxxxxxxxx\nxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxx\nxxxxxxxxxxxxxxxxxxxxxx xxxxxxxx xxxxxx ""xxxxxxxxxxxxxxxxxx"" xxxxxxxxxxxxx"

       ' that one works also
       item.Text = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx""xxxxxxxxxxxxxx""xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"

       e.Item = item

    End Sub

    End Class

    Monday, November 21, 2005 11:15 PM

Answers

  • I downloaded your application and could reproduce the problem.

    Post a bug report on the Microsoft Product Feedback Center and upload the same example project.
    Tuesday, November 22, 2005 10:49 AM
    Moderator
  • As described in above posts, this is a known bug that we are planning on addressing at the next available release/service pack. It occurs only when the exact length is 260. In the mean time, I'd suggest truncating all item text to 259.

    -mark
    Program Manager
    Microsoft
    This post is provided "as-is"

    Wednesday, November 30, 2005 7:01 PM

All replies

  • I downloaded your application and could reproduce the problem.

    Post a bug report on the Microsoft Product Feedback Center and upload the same example project.
    Tuesday, November 22, 2005 10:49 AM
    Moderator
  • Big Smile....and I thought I was the only one with this problem!

    Some other things I noticed is it really has nothing to do with the quotes...

    Like you stated this crashes:

    ' that one works also
       item.Text =
    "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx""xxxxxxxxxxxxxx""xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"

    but if you remove one "x" from the end everything is fine:

       item.Text = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx""xxxxxxxxxxxxxx""xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"

    also if you add one "x" to the end everything is fine:

       item.Text = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx""xxxxxxxxxxxxxx""xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"

    it seems like some type of random hard crash to me???
    Monday, November 28, 2005 6:51 PM
  • It seems to have to do with going over a certain size. If I remove the quotes and replace them with 'x' there's no crash. Either way, it's an annoying bug - let's hope it will get fixed soon - and that it's not exploitable via shell code. For now I just cut off my strings after 250 chars. Ugly, but stable.

    Tuesday, November 29, 2005 2:31 AM
  • Have you reported the bug on the Microsoft Product Feedback Center?
    Tuesday, November 29, 2005 2:49 AM
    Moderator
  • No point reporting this to MSDN feedback centre. I've already done that, and they deleted my bug report (without telling me), because it represents a security risk. So they know about it. Hopefully they're working on a fix, and not just trying to hide the problem.

    BTW The issue is with the length of the string - the crash happens when the string is exactly 260 chars - no more, no less. You must also be using virtual mode, and details view I believe.
    Wednesday, November 30, 2005 8:30 AM
  • I wonder if they are going to do something about it. 
    Wednesday, November 30, 2005 1:28 PM
  • As described in above posts, this is a known bug that we are planning on addressing at the next available release/service pack. It occurs only when the exact length is 260. In the mean time, I'd suggest truncating all item text to 259.

    -mark
    Program Manager
    Microsoft
    This post is provided "as-is"

    Wednesday, November 30, 2005 7:01 PM