Posted by jpluimers on 2014/08/19
Since this did not make it to DelphiFeeds yet: I’ve seen the function PaletteFromDIBColorTable in Graphics.pas go back as far at least until Delphi 2006, and references on the web as far back as Delphi 4.
So: this bug is old, but as it is a security one, make sure you patch soon.
For Delphi XE6, download 29913 BMP Buffer Overflow hotfix – Delphi, C++Builder, RAD Studio XE6.
For older Delphi versions, read this piece that was adapted from the EDN article Delphi and C++ Builder VCL Library Buffer Overflow:
For users of prior versions of Delphi and C++Builder: these steps should be followed to modify the VCL source code and add it to your application.
For each application:
- Add the modified Edit Vcl.Graphics.pas or Graphics.pas or Borland.Vcl.Graphics.pas to your project
- For C++Builder: Under Project | Options | Packages | Runtime Packages, set “Link with runtime packages” to false
- Rebuild your application
Once for the native VCL and .NET VCL:
- Note: Variable names and scoping might be slightly different depending on your product version.
- Edit Vcl.Graphics.pas or Graphics.pas or Borland.Vcl.Graphics.pas
- Locate the function PaletteFromDIBColorTable.
- Add the following code just before the line assigning a value to Pal.palNumEntries when the DIBHandle = 0
if ColorCount > 256 then
InvalidGraphic{$IFNDEF CLR}@{$ENDIF}SInvalidBitmap;;
–jeroen
via Delphi and C++ Builder VCL Library Buffer Overflow.
Posted in Delphi, Delphi 2005, Delphi 2006, Delphi 2007, Delphi 2009, Delphi 2010, Delphi 4, Delphi 5, Delphi 6, Delphi 7, Delphi 8, Delphi x64, Delphi XE, Delphi XE2, Delphi XE3, Delphi XE4, Delphi XE5, Delphi XE6, Development, Software Development | Tagged: Buffer Overflow, Delphi, Delphi versions, vcl | 5 Comments »
Posted by jpluimers on 2014/08/19
I mentioned Delphi managed types is in Delphi “Variant Records”, a few notes indicating they are special.
Managed by the RTL, you can use them to your advantage when you have record types that – when on the stack – are only partially initialized by the RTL: only the managed types are initialized.
Given there is still no support to support “Initialize” and “Finalize” operators (vote for it on [WayBack] QualityCentral) the best you can do was mentioned by LU RD (an alias a very smart Swedish guy Leif Unéus):
Add a dummy string member into your record. Since a string is a managed type it will be initialized to an empty string when the record comes in scope.
So when calling your Clear method, test if the dummy string is empty first. Set the string to a value when appropriate to the use logic to mark the record as initialized.
It reminded me of a managed types idea that former Delphi compiler engineer Barry Kelly once posed to me when I was struggling with the initialization state of nullable records: I wanted the default to be NULL, so I added an extra field managed field “IsInitialized” and the “IsNull” property would negate that field.
Use the Delphi compiler to your advantage (:
–jeroen
via: delphi – Guarantee initialisation of stack record – Stack Overflow.
Posted in Delphi, Delphi XE2, Delphi XE3, Delphi XE4, Development, QC, Software Development | Leave a Comment »
Posted by jpluimers on 2014/08/18
Running DropBox on a roaming profile is a pain, especially when DropBox auto-starts.
Limitation: you can now use it on only 1 PC in the roaming profile domain at a time (I’ve not yet tried Open Source Software and Windows 32-bit: Multiple Dropbox (Do It Yourself).)
The reason is that depending on the logoff/logon order of machines, DropBox will overwrite parts of its configuration, and then think it needs to start with a fresh configuration.
Solution: Read the rest of this entry »
Posted in Power User, Windows, Windows 7, Windows 8, Windows Vista, Windows XP | Leave a Comment »
Posted by jpluimers on 2014/08/17
The FTP download is much much slower than the http one:
4.2 MB/s – 73.4 MB of 73.4 MB: http://ardownload.adobe.com/pub/adobe/reader/win/11.x/11.0.08/en_US/AdbeRdr11008_en_US.exe
119 KB/s – 24.6 MB of 73.4 MB: ftp://ftp.adobe.com/pub/adobe/reader/win/11.x/11.0.08/en_US/AdbeRdr11008_en_US.exe
This over the same 50 megabit fiber connection.
So basically you have to:
- Browse the ftp://ftp.adobe.com/pub/adobe/reader/win/11.x for a version in your language (en-US for intance has the youngest full install at ftp://ftp.adobe.com/pub/adobe/reader/win/11.x/11.0.10/en_US/ as younger versions only contain update MSP files, for instance in ftp://ftp.adobe.com/pub/adobe/reader/win/11.x/11.0.16/misc/)
- Copy the download URL
- Replace the ftp://ftp.adobe.com/pub/adobe/reader/win with http://ardownload.adobe.com/pub/adobe/reader/win (you cannot browse the latter as it genrates “Not Found; The requested URL /pub/adobe/reader/win/ was not found on this server.”)
- Download the URL that you just assembled
–jeroen
Posted in Adobe, Adobe Reader, Power User | 2 Comments »
Posted by jpluimers on 2014/08/14
A while ago, Tim mentioned that [WayBack] Michael Kaplan’s blog “Sorting it All Out” on MSDN was gone.
I amended my original post because of it (see below), and I’m really happy that Tim kept track of his comment, and just posted a new comment:
Michael Kaplan’s Sorting it All Out blog is back! [WayBack]
Back to the original edit I made as the new blog doesn’t (yet?) has all the content of the old blog:
Edit: Michael’s MSDN blog is officially dead, but there are the nice web archive and web cache virtues:
Michael also appeared on this 30 minute podcast episode: [WayBack] Hanselminutes Technology Podcast – Fresh Air and Fresh Perspectives for Developers – Sorting out Internationalization with Michael Kaplan
Michael Kaplan is a Developer in the Windows International group and the author of the popular ‘Sorting It Out’ blog that is dedicated it all things ‘-ization.’ That means Globalization, Internationalization, and Localization. This show is is brought to you by the CYRILLIC CAPITAL LETTER A.
Some key points:
- Use these languages for UI testing
- English as it is common and slightly wordy
- German because it is
- more wordy (30-50% more than English) to test for clipping text, and used enough to warrant the energy
- Turkish because of the Turkish i
- Arabic (is right-to-left, cursive and has ligatures) or Hebrew (which is just right-to-left and cursive)
- Thai because it has plenty of word-breaking issues and tests Uniscribe well
- Push UTF-8 all the way through your system and back and avoid question marks and other
After that: time to catch up on Michael’s new blog (:
–jeroen
via: Delphi: a few short notes on LoadString and loading shell resource strings for specific LCIDs
Posted in Development, internatiolanization (i18n) and localization (l10), Software Development, User Experience (ux) | Leave a Comment »
Posted by jpluimers on 2014/08/14
The point made by Simson Garfield below reminds me I haven’t been at IKEA for a long long while (:
Verdana was everywhere, and now it was in one more place. It was becoming a non-font that we don’t even register. Which is precisely why it was so effective, and exactly why it was chosen.
--jeroen
via: Why IKEA’s font switch from Futura to Verdana mattered | National Post.
PS: for people that also missed it and want to see the differences:
Read the rest of this entry »
Posted in About, Font, IKEA hacks, LifeHacker, Personal, Power User, Typography | Leave a Comment »
Posted by jpluimers on 2014/08/14
Today yet another post in the series of BitSavers and History articles.
I already wrote a bit on the Z80 processor in XOR swap/exchange: nowadays an almost extinct means to exchange two distinct variables of the same size.
Popular Z80 powered computers were Amstrad CPC, MSX, Exidy Sorcerer, TRS-80, P2000, Sinclair ZX80, ZX81 and ZX Spectrum, Kaypro, Osborne 1 and the Z-80 SoftCard for Apple II.
The Z80 was widely popular in the 1980s as it could do more than the MOS 6502 of that time:
Still the XOR swap algorithm was used a lot back then because of register pressure in the Z80.
Compared to current processors you’d think the Z80 was so small that a few pages of documentation would suffice.
Not so: back then they had a truckload of documentation and it would all be on paper (PDF ame in 1993 and it took quite a while to become popular).
Some of the Z80 documentation has found its way to BitSavers.org:
–jeroen
Posted in Assembly Language, BitSavers.org, Development, History, Software Development | Leave a Comment »
The Wiert Corner - irregular stream of stuff 