Curious Response.Write behavior with GUIDs as strings

[Dave Anderson]

Consider the following:

var GUID = Server.CreateObject("Scriptlet.TypeLib").GUID

Let's assume GUID is {9A46FCC9-A7A1-4C96-9394-B1A966CEC081}.

I happened to notice that if I concatenate this with any other string value,
Response.Write aborts after the 38th character of the GUID (the closing
brace):

Response.Write("xxx" + GUID + "yyy")
--> xxx{9A46FCC9-A7A1-4C96-9094-B1A966CEC081}



But the string *contains* those values:

Response.Write(("xxx" + GUID + "yyy").substring(43))
--> yyy



I first thing that caught my eye was the string length -- two characters
longer than I expected. This helped explain things:

Response.Write(escape("xxx" + GUID + "yyy"))
--> xxx%7B9A46FCC9-A7A1-4C96-9094-B1A966CEC081%7D%00%25yyy
^^^^^^



So my mystery characters are %00%25, right? Wrong. The %00 seems static, but
the next character appears to be random. Reloading a few times revealed no
real pattern (the GUID obviously changes, so this example is a
generalization):

--> xxx%7B9A46FCC9-A7A1-4C96-9094-B1A966CEC081%7D%00%25yyy
--> xxx%7B9A46FCC9-A7A1-4C96-9094-B1A966CEC081%7D%004yyy
--> xxx%7B9A46FCC9-A7A1-4C96-9094-B1A966CEC081%7D%006yyy
--> xxx%7B9A46FCC9-A7A1-4C96-9094-B1A966CEC081%7D%00Cyyy
--> xxx%7B9A46FCC9-A7A1-4C96-9094-B1A966CEC081%7D%00%20yyy
--> xxx%7B9A46FCC9-A7A1-4C96-9094-B1A966CEC081%7D%00Dyyy



OK, so the string contains %00 and a garbage character. But what IS that
character? According to http://www.asciitable.com/, it is suppose to be a
(null) character. I can seemingly verify that this is not just a mapping
from a larger character set, since I get a non-zero
indexOf(String.fromCharCode(0)); more importantly, VBScript's Asc, AscB and
AscW functions all return 0.



It appears, then, that the problem is twofold. First of all, this assertion
is incorrect:
====================================================
guid = server.CreateObject("scriptlet.typelib").guid
Can be replaced with this:
guid = System.Guid.NewGuid.ToString()
====================================================
http://msdn.microsoft.com/asp.net/using/migrating/aspmig/aspmigasst/usingasst.aspx

Secondly, this behavior of Response.Write seems unindicated:
http://msdn.microsoft.com/library/en-us/iissdk/iis/ref_vbom_resomwrite.asp




--
Dave Anderson

Unsolicited commercial email will be read at a cost of $500 per message. Use
of this email address implies consent to these terms. Please do not contact
me directly or ask me to contact you directly for assistance. If your
question is worth asking, it's worth posting.

 

[Aaron [SQL Server MVP]]

http://www.aspfaq.com/2358

 

[Dave Anderson]

http://www.aspfaq.com/2358

[sigh] I should have looked there.

BTW - do you have any idea why the last character is garbage?




--
Dave Anderson

Unsolicited commercial email will be read at a cost of $500 per message. Use
of this email address implies consent to these terms. Please do not contact
me directly or ask me to contact you directly for assistance. If your
question is worth asking, it's worth posting.

 

[Aaron [SQL Server MVP]]

No, that was one of those "we'll get back to you on that" things that I
reported around the time ASP.Net came into being. I've long since abandoned
any hope that ASP bugs will get any attention. Maybe I should raise the
issue about .Net though, because I have also seen it there...

--
http://www.aspfaq.com/
(Reverse address to reply.)

http://www.aspfaq.com/2358

[sigh] I should have looked there.

BTW - do you have any idea why the last character is garbage?




--
Dave Anderson

Unsolicited commercial email will be read at a cost of $500 per message. Use
of this email address implies consent to these terms. Please do not contact
me directly or ask me to contact you directly for assistance. If your
question is worth asking, it's worth posting.

 

[Mark Schupp]

It looks like the GUID property is returning a null-terminated string in a
40 character buffer. I have to conclude that this is a bug in a conversion
routine somewhere.

--
Mark Schupp
Head of Development
Integrity eLearning
www.ielearning.com

http://www.aspfaq.com/2358

[sigh] I should have looked there.

BTW - do you have any idea why the last character is garbage?




--
Dave Anderson

Unsolicited commercial email will be read at a cost of $500 per message. Use
of this email address implies consent to these terms. Please do not contact
me directly or ask me to contact you directly for assistance. If your
question is worth asking, it's worth posting.

 

[Dave Anderson]

It looks like the GUID property is returning a null-terminated string
in a 40 character buffer. I have to conclude that this is a bug in a
conversion routine somewhere.

I asked Eric Lippert, and he confirmed this. He also claimed responsibility:

...I was supposed to allocate 38 characters for the guid. For
some stupid reason I allocated 40 characters. A BSTR is
automatically terminated with a zero, so there's no need to
worry about it.

That is, the layout of the BSTR was supposed to be length = 38,
"{xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}" zero but turned out to
be length = 40, "{xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx}" zero
one-garbage-character zero

The garbage character is whatever happened to be on the heap
when the allocator fetched it...




--
Dave Anderson

Unsolicited commercial email will be read at a cost of $500 per message. Use
of this email address implies consent to these terms. Please do not contact
me directly or ask me to contact you directly for assistance. If your
question is worth asking, it's worth posting.

 

[Aaron [SQL Server MVP]]

So, Dave, do you have an enemy in Houston? A scorned lover, perhaps? ;-)

I forwarded several of the offensive messages, with headers, to google abuse
and his/her ISP. Hopefully someone smacks him/her upside the head for being
a childish pissant.

 

[Dave Anderson]

So, Dave, do you have an enemy in Houston?

I may. I lived in Texas for 15 years, and I am, in fact, a Texas Aggie.
Years ago, I was an austin.general regular, and that group had plenty of
Houston contributors.

A scorned lover, perhaps?
;-)

If so, it was a one-way relationship, of which I was not made aware. I
suppose it could pre-date my current relationship, but that one dates to
1984 (and we've been married since 1985), so it would have to be one
extremely persistent grudge.

I forwarded several of the offensive messages, with headers, to
google abuse and his/her ISP. Hopefully someone smacks him/her
upside the head for being a childish pissant.

Thank you, though I'm not convinced it was directed at me. I have never
posted to any of the other groups listed, and I don't exactly have an
unusual name.



--
Dave Anderson

Unsolicited commercial email will be read at a cost of $500 per message. Use
of this email address implies consent to these terms. Please do not contact
me directly or ask me to contact you directly for assistance. If your
question is worth asking, it's worth posting.

 

[Aaron [SQL Server MVP]]

Thank you, though I'm not convinced it was directed at me. I have never

posted to any of the other groups listed, and I don't exactly have an
unusual name.

The other groups seem to have been picked at random. In any case, that kind
of grade-school nonsense has no place here, no matter who it was directed
at. I would have complained even if it were against Zane or CC. ;-)

 

[Aaron [SQL Server MVP]]

The other groups seem to have been picked at random.

Scratch that. I thought I saw different Newsgroups: lists, but looking
back, I was mistaken.

 

[Dave Anderson]

Scratch that. I thought I saw different Newsgroups: lists, but
looking back, I was mistaken.

I did a search on groups.google.com for "Bay Area Dave", and found that
someone named Bruce Carpenter has had a beef with such an individual for at
least 8 months. Odd that he should bring it here.



--
Dave Anderson

Unsolicited commercial email will be read at a cost of $500 per message. Use
of this email address implies consent to these terms. Please do not contact
me directly or ask me to contact you directly for assistance. If your
question is worth asking, it's worth posting.

 

[Aaron [SQL Server MVP]]

Maybe he saw a similar enough Dave and assumed you were the same person.

Anyway, hopefully he has violated his T.O.S. and is now scrambling to find
another provider...