Archive for the ‘Development’ Category
Posted by jpluimers on 2014/08/19
Since this did not make it to DelphiFeeds yet: I’ve seen the function PaletteFromDIBColorTable in Graphics.pas go back as far at least until Delphi 2006, and references on the web as far back as Delphi 4.
So: this bug is old, but as it is a security one, make sure you patch soon.
For Delphi XE6, download 29913 BMP Buffer Overflow hotfix – Delphi, C++Builder, RAD Studio XE6.
For older Delphi versions, read this piece that was adapted from the EDN article Delphi and C++ Builder VCL Library Buffer Overflow:
For users of prior versions of Delphi and C++Builder: these steps should be followed to modify the VCL source code and add it to your application.
For each application:
- Add the modified Edit Vcl.Graphics.pas or Graphics.pas or Borland.Vcl.Graphics.pas to your project
- For C++Builder: Under Project | Options | Packages | Runtime Packages, set “Link with runtime packages” to false
- Rebuild your application
Once for the native VCL and .NET VCL:
- Note: Variable names and scoping might be slightly different depending on your product version.
- Edit Vcl.Graphics.pas or Graphics.pas or Borland.Vcl.Graphics.pas
- Locate the function PaletteFromDIBColorTable.
- Add the following code just before the line assigning a value to Pal.palNumEntries when the DIBHandle = 0
if ColorCount > 256 then
InvalidGraphic{$IFNDEF CLR}@{$ENDIF}SInvalidBitmap;;
–jeroen
via Delphi and C++ Builder VCL Library Buffer Overflow.
Posted in Delphi, Delphi 2005, Delphi 2006, Delphi 2007, Delphi 2009, Delphi 2010, Delphi 4, Delphi 5, Delphi 6, Delphi 7, Delphi 8, Delphi x64, Delphi XE, Delphi XE2, Delphi XE3, Delphi XE4, Delphi XE5, Delphi XE6, Development, Software Development | Tagged: Buffer Overflow, Delphi, Delphi versions, vcl | 5 Comments »
Posted by jpluimers on 2014/08/19
I mentioned Delphi managed types is in Delphi “Variant Records”, a few notes indicating they are special.
Managed by the RTL, you can use them to your advantage when you have record types that – when on the stack – are only partially initialized by the RTL: only the managed types are initialized.
Given there is still no support to support “Initialize” and “Finalize” operators (vote for it on [WayBack] QualityCentral) the best you can do was mentioned by LU RD (an alias a very smart Swedish guy Leif Unéus):
Add a dummy string member into your record. Since a string is a managed type it will be initialized to an empty string when the record comes in scope.
So when calling your Clear method, test if the dummy string is empty first. Set the string to a value when appropriate to the use logic to mark the record as initialized.
It reminded me of a managed types idea that former Delphi compiler engineer Barry Kelly once posed to me when I was struggling with the initialization state of nullable records: I wanted the default to be NULL, so I added an extra field managed field “IsInitialized” and the “IsNull” property would negate that field.
Use the Delphi compiler to your advantage (:
–jeroen
via: delphi – Guarantee initialisation of stack record – Stack Overflow.
Posted in Delphi, Delphi XE2, Delphi XE3, Delphi XE4, Development, QC, Software Development | Leave a Comment »
Posted by jpluimers on 2014/08/15
Designer’s guide to DPI.
On retina, Hi-DPI, Android, iOS, scaling, DP, SP, etc.
–jeroen
Posted in Android, Development, iOS Development, Mobile Development, Software Development, User Experience (ux), Windows Phone Development | Leave a Comment »
Posted by jpluimers on 2014/08/14
Posted in .NET, .NET 4.5, C#, C# 4.0, C# 5.0, C# 6 (Roslyn), Cloud Development, Development, Software Development, Visual Studio 2013, Visual Studio 2014, Visual Studio and tools, Windows Azure | Leave a Comment »
Posted by jpluimers on 2014/08/14
A while ago, Tim mentioned that [WayBack] Michael Kaplan’s blog “Sorting it All Out” on MSDN was gone.
I amended my original post because of it (see below), and I’m really happy that Tim kept track of his comment, and just posted a new comment:
Michael Kaplan’s Sorting it All Out blog is back! [WayBack]
Back to the original edit I made as the new blog doesn’t (yet?) has all the content of the old blog:
Edit: Michael’s MSDN blog is officially dead, but there are the nice web archive and web cache virtues:
Michael also appeared on this 30 minute podcast episode: [WayBack] Hanselminutes Technology Podcast – Fresh Air and Fresh Perspectives for Developers – Sorting out Internationalization with Michael Kaplan
Michael Kaplan is a Developer in the Windows International group and the author of the popular ‘Sorting It Out’ blog that is dedicated it all things ‘-ization.’ That means Globalization, Internationalization, and Localization. This show is is brought to you by the CYRILLIC CAPITAL LETTER A.
Some key points:
- Use these languages for UI testing
- English as it is common and slightly wordy
- German because it is
- more wordy (30-50% more than English) to test for clipping text, and used enough to warrant the energy
- Turkish because of the Turkish i
- Arabic (is right-to-left, cursive and has ligatures) or Hebrew (which is just right-to-left and cursive)
- Thai because it has plenty of word-breaking issues and tests Uniscribe well
- Push UTF-8 all the way through your system and back and avoid question marks and other
After that: time to catch up on Michael’s new blog (:
–jeroen
via: Delphi: a few short notes on LoadString and loading shell resource strings for specific LCIDs
Posted in Development, internatiolanization (i18n) and localization (l10), Software Development, User Experience (ux) | Leave a Comment »
Posted by jpluimers on 2014/08/14
Today yet another post in the series of BitSavers and History articles.
I already wrote a bit on the Z80 processor in XOR swap/exchange: nowadays an almost extinct means to exchange two distinct variables of the same size.
Popular Z80 powered computers were Amstrad CPC, MSX, Exidy Sorcerer, TRS-80, P2000, Sinclair ZX80, ZX81 and ZX Spectrum, Kaypro, Osborne 1 and the Z-80 SoftCard for Apple II.
The Z80 was widely popular in the 1980s as it could do more than the MOS 6502 of that time:
Still the XOR swap algorithm was used a lot back then because of register pressure in the Z80.
Compared to current processors you’d think the Z80 was so small that a few pages of documentation would suffice.
Not so: back then they had a truckload of documentation and it would all be on paper (PDF ame in 1993 and it took quite a while to become popular).
Some of the Z80 documentation has found its way to BitSavers.org:
–jeroen
Posted in Assembly Language, BitSavers.org, Development, History, Software Development | Leave a Comment »
Posted by jpluimers on 2014/08/12
In the With Statement series:
Lars Fosdal – Code Rants
The dreaded with…
Debugging today, I found another gotcha.
In this case, both Self and DisconnectedClient has a property named ClientIdentifier.
Note the difference for the mouse-over and the evaluation.
–jeroen
Read the rest of this entry »
Posted in Appmethod, Borland Pascal, Delphi, Delphi 1, Delphi 2, Delphi 2005, Delphi 2006, Delphi 2007, Delphi 2009, Delphi 2010, Delphi 3, Delphi 4, Delphi 5, Delphi 6, Delphi 7, Delphi 8, Delphi x64, Delphi XE, Delphi XE2, Delphi XE3, Delphi XE4, Delphi XE5, Delphi XE6, Delphi XE7, Development, Pascal, Software Development, Turbo Pascal, With statement | Leave a Comment »
Posted by jpluimers on 2014/08/12
A long while ago, DelphiBasics.info (they are hosted on Google Sites) posted a very interesting via: uExecFromMem unit. It was only a code snippet, not much usage info.
One of the things you can do with this unit, is load the memory image of an executable from a database BLOB, then execute that.
bummi showed this as an uExecFromMemory example on StackOverflow including a small memory leak fix.
It opens way for some interesting deployment scenarios. Not for the everyday ones, but for the occassional situation where a regular deployment is impractical.
–jeroen
via: uExecFromMem by steve10120 – fixed for Win7x64 by testest – DelphiBasics.
Comment by Craig Peterson at G+: https://plus.google.com/109418621512564781181/posts/WZSa6Nt44rK
It’s a handy looking unit, but has a licensing bomb in it: The PerformBaseRelocation routine is lifted directly from BTMemoryModule.pas, which is only licensed LGPL without the binary linking exception. That means providing your DCUs so anyone can relink your app. It’s also a bit less maintainable than BTMemoryModule, since they replaced a bunch of declared constants with magic numbers.
Posted in Delphi, Delphi 2007, Delphi 2009, Delphi 2010, Delphi XE, Delphi XE2, Delphi XE3, Delphi XE4, Development, Software Development | 4 Comments »
The Wiert Corner - irregular stream of stuff 