FIX: CComEnumImpl<>::Skip() Doesn't Handle Overflow Correctly (218829)
The information in this article applies to:
- The Microsoft Active Template Library (ATL) 3.0, when used with:
- Microsoft Visual C++, 32-bit Enterprise Edition 6.0
- Microsoft Visual C++, 32-bit Professional Edition 6.0
- Microsoft Visual C++, 32-bit Learning Edition 6.0
This article was previously published under Q218829 SYMPTOMS
If an argument passed into CComEnumImpl<>::Skip() is a negative number, then the pointer to the current enumeration may not be set correctly.
CAUSE
Following is the implementation of CComEnumImpl<>::Skip():
template <class Base, const IID* piid, class T, class Copy>
STDMETHODIMP CComEnumImpl<Base, piid, T, Copy>::Skip(ULONG celt)
{
m_iter += celt;
if (m_iter <= m_end)
return S_OK;
m_iter = m_end;
return S_FALSE;
}
M_iter points to the current enumeration. If celt is a negative number, Skip() is supposed to set m_iter back "celt" items. If "m_iter + celt" results in a value that is less than m_begin, then this case is not handled and m_iter is set to an invalid pointer.
RESOLUTION
This bug has been fixed in Visual Studio 6.0 Service Pack 3.
STATUSMicrosoft has confirmed that this is a bug in the Microsoft products that are listed at the beginning of this article. This bug was corrected in Visual Studio 6.0 Service Pack 3.
For more information about Visual Studio service packs, please see the following articles in the Microsoft Knowledge Base:
194022 INFO: Visual Studio 6.0 Service Packs, What, Where, Why
194295 HOWTO: Tell That Visual Studio 6.0 Service Packs Are Installed
| Modification Type: | Major | Last Reviewed: | 2/24/2004 |
|---|
| Keywords: | kbBug kbCollectionClass kbfix kbVS600sp3fix KB218829 |
|---|
|