Mail Archives: cygwin/2002/07/03/18:48:50
Thanks Pavel, nice catch.
I've applied this to HEAD and 2002-07. This evening I'll get 2002-06 done
and release a new setup.exe
Rob
----- Original Message -----
From: "Pavel Tsekov" <ptsekov AT gmx DOT net>
To: <cygwin AT cygwin DOT com>
Sent: Thursday, July 04, 2002 5:33 AM
Subject: [PATCH] Re: Setup.exe 2.249.2.4 crashing under Windows NT 4.0 SP6
> Hello, there! :)
>
> Friday, June 28, 2002, 7:26:59 PM, Jim wrote:
>
> JG> I've been running Cygwin for some time now. Today I went to upgrade my
> JG> various packages and found that a new version (2.249.2.4) of setup.exe
> JG> was available. It starts normally, but when I try to make a selection
> JG> from "Install from Internet", "Download from Internet", and "Install
> JG> from Local Directory", I get an error dialog:
>
> JG> The instruction at "0x78001d22" referenced memory at "0x00000000".
> JG> The memory could not be "read".
>
> JG> followed by the usual "OK to terminate, Cancel to debug" choices.
>
> JG> The dialog pops up as soon as I try to change which radio button is
> JG> selected, or if I leave the default choice and hit "Next>".
>
> I've asked the user to send me his msvcrt.dll and found that the exception
> occures in strcpy (). The only suspicious code which is executed when
> the user changes the selections is the constructor of the packagedb
> class. The only place where strcpy() is called (indirectly) not safe,
> in the constructor is the following snippet:
>
> int parseable;
> src[0] = 0;
> srcsz = 0;
> sscanf (line, "%s %s %d %s %d", pkgname, inst, &instsz, src,
> &srcsz);
> fileparse f;
> parseable = parse_filename (inst, f);
>
> parse_filename () calls strcpy () like this:
>
> parse_filename (String const &in_fn, fileparse & f)
> {
> char *p, *ver;
> char fn[in_fn.size() + 1];
> strcpy (fn, in_fn.cstr_oneuse());
>
> Consider that for some reason the sscanf call doesn't succeed (empty
> line in installed.db). In this case pkg name would contain garbage
> data. Now if the first char of the garbage data happens to be a null
> character, the code will crash in parse_filename.
>
> I know that the possibility this to happen is very low, but it seems
> that for the original poster the crash was happening every time. A
> requirement for this bug to show up is that installed.db file should be
> corrupted in some way. I requested the file, but I was sent the file
> which resulted after a succesfull installation (performed by a patched
> setup.exe).
>
> I suggest the attached patch to guard against such problems. Btw as I
> mentiond above I've sent a patched setup.exe to the user and he
> confirmed that it fixed the problem. The attached patch is different
> from the one I originally applied, but it just addresses the problem
> in a better way.
>
> 2002-07-03 Pavel Tsekov <ptsekov AT gmx DOT net>
>
> * filemanip.cc (parse_filename): Do not try to parse empty
> strings (filenames).
> * package_db.cc (packagedb::packagedb): For each line check if
sscanf()
> extracted good package name and filename.
>
> This patch is against 2.249.2.4. It should apply to the HEAD too.
----------------------------------------------------------------------------
----
> --
> Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
> Bug reporting: http://cygwin.com/bugs.html
> Documentation: http://cygwin.com/docs.html
> FAQ: http://cygwin.com/faq/
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
- Raw text -