We’ve received a couple of error reports from our customers (and via Windows Error Reporting) where it appears that there is a buffer overflow in the boost::detail::create_once_mutex function. The exception  0xc0000409=STATUS_STACK_BUFFER_OVERRUN appears to be thrown at the __security_check_cookie check in the function epilogue.

 

An example of the error on an XP machine says “Application Error. The exception unknown software exception (0xc0000409) occurred in the application at location 0x004770b3”. The application was compiled with Boost 1.36.

 

I should say that it is very rare, I haven’t been able to reproduce it, and can’t see any problems with the create_once_mutex function myself (apart from the fact that the int_to_string function doesn’t check buffer lengths). It just seems odd that the exception of the address (different builds produce different addresses) always points to the same place.

 

Regards,

Dave.