最新的Visual Studio 2005安全更新导致C运行时库问题时,热修复客户网站 [英] Does the latest Visual Studio 2005 Security Update cause C runtime library issues when hot fixing customer sites
问题描述
您可能会注意到,visual studio 2005的更新在大多数机器上周自动更新。此更新包括一个新版本的visual c运行时库。因此,在更新后构建的任何二进制文件都需要在客户端系统上安装新的可再发行组件。
请参阅 http://support.microsoft.com/kb/971090/
这里是安装程序新的可再发行版:
这对于向客户分发新的二进制文件是很好的,我将使用安装程序发送新的可再发行文件,它将工作。
<然而,我真的担心我的热修复现有客户网站的能力,如果他们发现一个错误。在这种情况下,通常我只是发送固定的dll或exe。
但是,如果我现在这样做,我必须向这些客户发送新的可再分发的我将在同一个可执行文件中使用两个不同版本的c运行时库。
- 这是一个问题吗?
- 这会导致我的应用程式崩溃吗?
- 如果我在一个dll中分配内存,然后在另一个dll中释放,会发生什么?通常,如果使用相同的发布运行时库,这将工作。我在3年前通过我们的代码清理了这一点,但是我不能确定我已经找到并修复了所有的事情。
- 在不同的dll中的allocate / deallocate仍然是一个问题?
- 我可以通过更改清单来控制依赖于哪个运行时库版本?
任何指针或建议都将不胜感激。
应用程序清单文件/资源中指定的版本号仅指定运行应用程序所需的最低版本。加载器的默认行为是首先检查WINDOWS \WinSxS文件夹中是否存在与在应用程序清单中标识的依赖关系相同的版本或替代版本,并使用该版本,而不管包含依赖关系的私有程序集是否具有已提供该应用程序。 (请参见 http://msdn.microsoft.com/en -us / library / aa375674%28VS.85%29.aspx )。
因此,您的旧二进制文件也将使用最新版本的Microsoft运行时库。尝试在完全修补的机器上运行您的应用程序(在更新您的Visual Studio之前构建)的发行版本,并使用进程资源管理器来查看它加载哪些DLL。唯一的问题是你必须在补丁中包含新的运行时可重新分发文件。
如果你仍然担心,你可以尝试这里描述的方法: http://tedwvc.wordpress。 com / 2009/08/10 / avoid-problems-with-vc2005-sp1-security-update-kb971090 /
As you might be aware an update to visual studio 2005 was auto updated on most machines last week. This update included a new version of the visual c runtime library. As a result any binaries built after the update also require a new redistributable installed on client systems.
See http://support.microsoft.com/kb/971090/
And here is the installer for the new redistributable:
This is fine for distributing new binaries to customers, I will ship the new redistributable with the installer and it will all work.
However I am really worried about my ability to hotfix existing customer sites if they discover a bug. In this case normally I would just send the dll or exe that was fixed.
However if I do this now, I will have to send these customers the new redistributable and now I will be using two different versions of the c runtime library in the same executable.
- Is this a problem?
- Can this cause my application to crash?
- What happens if I allocate memory in one dll then deallocate it in another? Normally this works if the same release runtime library is used. I went through the our code about 3 years ago cleaning this up, but I cannot be sure that I have found and fixed all occurrences.
- Is the allocate/deallocate in different dlls still a problem? Now that in the era of smart pointers etc it is very had to enforce this.
- Can I control what runtime library version I depend on by changing manifests?
Any pointers or advice would be grateful.
Updated: I have just noticed this question http://stackoverflow.com/questions/1238376/vc-kb971090-and-selecting-visual-c-runtime-dll-dependencies This is very similar, but my question is more concerned with using two different version of the runtime in one executable.
The version number specified in the application’s manifest file/resource only specifies the minimum version required to run the application. The default behavior of the loader is to first check the WINDOWS\WinSxS folder for the identical version or a superseding version of a dependency identified in an application manifest, and to use that version regardless of whether or not a private assembly containing the dependency has been provided with the application. (See http://msdn.microsoft.com/en-us/library/aa375674%28VS.85%29.aspx).
So chances are your old binaries will also use the latest version of the Microsoft run time library anyway. Try to run the release build of your application (built before you update your Visual Studio) on a fully patched machine and use process explorer to see which DLLs it loads. The only problem is you will have to include the new run time redistributable file in your patch.
If you are still worried, you can try the method described here: http://tedwvc.wordpress.com/2009/08/10/avoiding-problems-with-vc2005-sp1-security-update-kb971090/
这篇关于最新的Visual Studio 2005安全更新导致C运行时库问题时,热修复客户网站的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
