Mail Archives: cygwin/2017/05/10/05:31:19

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2017/05/10/05:31:19

X-Recipient: archive-cygwin AT delorie DOT com

DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:mime-version:from:date:message-id:subject:to

:content-type; q=dns; s=default; b=yZ1NWMDwLuFYHWMusWOTcI2Rf73+t

pFjmiVnabZM8lWXuHikkeoICYKetsFui/bH/Sl6fQn6YXjY/F49cP1umy/Zu5t0N

4NU7HHCBcWLvxwxpt4tyuvDwAGXwKZxXTThV8a7f25wT3BrIC+AM7xIe6V5Or7ZX

mxU5fBZOuAKEgc=

DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:mime-version:from:date:message-id:subject:to

:content-type; s=default; bh=p2IZP39XeuoloWJFjIEYmShkZ/c=; b=bO1

EAPjOuDqkpGyTWaq6Tm/1L/YLcXeeFpggWlK7t8NK683E98qwbG2OZQVNDbl2Hou

B06IHQbcGko/dtQzzbPFhdEZuxHFwc7Tr6VVTjDbVHyZBE1rAFiB1ejQtCz5/huR

Zho+gZraZdcP9NdfYp+bvNdrQ0TDJ8BzP1KY+zuk=

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm

List-Id: <cygwin.cygwin.com>

List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>

List-Archive: <http://sourceware.org/ml/cygwin/>

List-Post: <mailto:cygwin AT cygwin DOT com>

List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>

Sender: cygwin-owner AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

Delivered-To: mailing list cygwin AT cygwin DOT com

Authentication-Results: sourceware.org; auth=none

X-Virus-Found: No

X-Spam-SWARE-Status: No, score=-1.9 required=5.0 tests=AWL,BAYES_00,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=ham version=3.3.2 spammy=lb, Lb, Erik, erik

X-HELO: mail-yw0-f178.google.com

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=cG35c0FsBFc+zXI6PvXfkdE/4J8xM5spUX0yW2Y4dok=; b=RxD1zNH7N1RmG2rTG585/vrsX/xKoJAdENbNWwX26N0/IDWjxNMk87X5qHA8oaelK+ RlNJFV0zOVPPQPuCE1+6s4kuoRP513+7qRMUWXPbd8Yryh7qgxsY6gBm3x5DZGXEB5Sy gtPxXmNyIjl+ikngUMuup2544b99NOv/oenWY/ut+gDOq7lleE0xMBNP1tTXurMdzgFJ 38VbiqLCOTLY3RLyRTHMRP+P2OIGfE77BuDh0yMmjx+o0MKFc8fObRNtYwrvzSUa0Jhq rhyYR7h1x9HzJinEDgyvdypPPai40YMB5k3E2nyq9CU9PBIutpT9Gyz0GcZDhsPieCIG y+4w==

X-Gm-Message-State: AODbwcDRY+/ThgLfZOnHleOIqOTkHvdvZ4RpUcogXqROSlSv7/uQJvaX QH6WRze9kyKltGjkIllseQn0h2Hd2maYcw0=

X-Received: by 10.129.108.83 with SMTP id h80mr3794165ywc.302.1494408647362; Wed, 10 May 2017 02:30:47 -0700 (PDT)

MIME-Version: 1.0

From: Erik Bray <erik DOT m DOT bray AT gmail DOT com>

Date: Wed, 10 May 2017 11:30:46 +0200

Message-ID: <CAOTD34aCROSAQojYvV4rjwiWOfiALFP+P2wODoMV1dcaOhKPFQ@mail.gmail.com>

Subject: Bug? wcsxfrm causing memory corruption

To: cygwin AT cygwin DOT com

X-IsSubscribed: yes

--001a114dc1fe93c5e5054f282037
Content-Type: text/plain; charset=UTF-8

Greetings--

In the process of fixing the Python test suite on Cygwin I ran across
one test that was consistently causing segfaults later on, not
directly local to that test.  The test involves wcsxfrm so that's
where I focused my attention.

The attached test demonstrates the bug.  Given an output buffer of N
wide characters, wcsxfrm will cause bytes beyond the destination size
to be reversed. I believe it might actually be a bug in the underlying
LCMapStringW workhorse (this is on Windows 10; have not tested other
versions).

According to its docs [1], the cchDest argument (size of the
destination buffer) is treated as a *byte* count when using
LCMAP_SORTKEY.  However, for the purposes of applying the
LCMAP_BYTEREV transformation it seems to be treating the output size
(in bytes) as character count.  So in the example I give, where the
output sort key is 7 bytes (including the null terminator), it swaps
*14* bytes--the bytes including the sort key as well as the next 7
adjacent bytes.  This is obviously a problem if the destination buffer
is allocated out of some larger memory pool.

This definitely has to be a bug, right?  Or at least very poorly
documented on MS's part.  A workaround would either be to not use
LCMAP_BYTEREV and just swap the bytes manually, or in a second call to
LCMapStringW with LCMAP_BYTEREV and the correct character count...

Thanks,
Erik


[1] https://msdn.microsoft.com/en-us/library/windows/desktop/dd318700(v=vs.85).aspx

--001a114dc1fe93c5e5054f282037
Content-Type: text/x-csrc; charset=US-ASCII; name="LCMapStringW.c"
Content-Disposition: attachment; filename="LCMapStringW.c"
Content-Transfer-Encoding: base64
X-Attachment-Id: f_j2is5un80

I2luY2x1ZGUgPHN0ZGxpYi5oPgojaW5jbHVkZSA8c3RkaW8uaD4KI2luY2x1
ZGUgPGxvY2FsZS5oPgojaW5jbHVkZSA8d2NoYXIuaD4KI2luY2x1ZGUgPHN0
cmluZy5oPgojaW5jbHVkZSA8d2luZG93cy5oPgoKI2RlZmluZSBTSVpFIDMy
CgoKdm9pZCBmaWxsX2J5dGVzKHVpbnQ4X3QgKmEsIGludCBuKSB7CiAgICBp
bnQgaWR4OwogICAgZm9yIChpZHg9MDsgaWR4PG47IGlkeCsrKSB7CiAgICAg
ICAgYVtpZHhdID0gaWR4OwogICAgfQp9CgoKdm9pZCBwcmludF9ieXRlcyh1
aW50OF90ICphLCBpbnQgbikgewogICAgaW50IGlkeDsKICAgIGZvciAoaWR4
PTA7IGlkeDxuOyBpZHgrKykgewogICAgICAgIHByaW50ZigiMHglMDJ4ICIs
ICgodWludDhfdCopYSlbaWR4XSk7CiAgICAgICAgaWYgKChpZHggKyAxKSAl
IDggPT0gMCkgcHJpbnRmKCJcbiIpOwogICAgfQp9CgppbnQgbWFpbih2b2lk
KSB7CiAgICB3Y2hhcl90ICphLCAqYjsKICAgIHVpbnQ4X3QgKmFhOwogICAg
c2l6ZV90IHJldDsKICAgIExDSUQgY29sbGF0ZV9sY2lkOwogICAgaW50IGlk
eDsKICAgIGNvbGxhdGVfbGNpZCA9IDEwMzM7CiAgICBiID0gTCJiIjsKICAg
IGEgPSAod2NoYXJfdCopIG1hbGxvYyhTSVpFKTsKICAgIGFhID0gKHVpbnQ4
X3QqKSBhOwoKICAgIHNldGxvY2FsZShMQ19BTEwsICJlbl9VUy5VVEYtOCIp
OwoKICAgIHByaW50ZigidXNpbmcgd2NzeGZybTpcbiIpOwogICAgZmlsbF9i
eXRlcyhhYSwgU0laRSk7CiAgICBwcmludGYoImJlZm9yZTpcbiIpOwogICAg
cHJpbnRfYnl0ZXMoYWEsIFNJWkUpOwogICAgcmV0ID0gd2NzeGZybShhLCBi
LCA0KTsKICAgIHByaW50ZigiYWZ0ZXIgKCVkKTpcbiIsIHJldCk7CiAgICBw
cmludF9ieXRlcyhhYSwgU0laRSk7CgogICAgcHJpbnRmKCJcbnVzaW5nIExD
TWFwU3RyaW5nVyBkaXJlY3RseTpcbiIpOwogICAgZmlsbF9ieXRlcyhhYSwg
U0laRSk7CiAgICBwcmludGYoImJlZm9yZTpcbiIpOwogICAgcHJpbnRfYnl0
ZXMoYWEsIFNJWkUpOwogICAgCiAgICByZXQgPSBMQ01hcFN0cmluZ1coY29s
bGF0ZV9sY2lkLCBMQ01BUF9TT1JUS0VZIHwgTENNQVBfQllURVJFViwgYiwg
LTEsIGEsIDgpOwogICAgcHJpbnRmKCJhZnRlciAoJWQpOlxuIiwgcmV0KTsK
ICAgIHByaW50X2J5dGVzKGFhLCBTSVpFKTsKCiAgICBwcmludGYoIlxud2l0
aG91dCBMQ01BUF9CWVRFUkVWOlxuIik7CiAgICBmaWxsX2J5dGVzKGFhLCBT
SVpFKTsKICAgIHByaW50ZigiYmVmb3JlOlxuIik7CiAgICBwcmludF9ieXRl
cyhhYSwgU0laRSk7CiAgICAKICAgIHJldCA9IExDTWFwU3RyaW5nVyhjb2xs
YXRlX2xjaWQsIExDTUFQX1NPUlRLRVksIGIsIC0xLCBhLCA4KTsKICAgIHBy
aW50ZigiYWZ0ZXIgKCVkKTpcbiIsIHJldCk7CiAgICBwcmludF9ieXRlcyhh
YSwgU0laRSk7CiAgICBmcmVlKGEpOwogICAgCiAgICByZXR1cm4gMDsKfQo=


--001a114dc1fe93c5e5054f282037
Content-Type: text/plain; charset=us-ascii


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
--001a114dc1fe93c5e5054f282037--

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

X-Recipient:	archive-cygwin AT delorie DOT com
DomainKey-Signature:	a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:mime-version:from:date:message-id:subject:to
	:content-type; q=dns; s=default; b=yZ1NWMDwLuFYHWMusWOTcI2Rf73+t
	pFjmiVnabZM8lWXuHikkeoICYKetsFui/bH/Sl6fQn6YXjY/F49cP1umy/Zu5t0N
	4NU7HHCBcWLvxwxpt4tyuvDwAGXwKZxXTThV8a7f25wT3BrIC+AM7xIe6V5Or7ZX
	mxU5fBZOuAKEgc=
DKIM-Signature:	v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:mime-version:from:date:message-id:subject:to
	:content-type; s=default; bh=p2IZP39XeuoloWJFjIEYmShkZ/c=; b=bO1
	EAPjOuDqkpGyTWaq6Tm/1L/YLcXeeFpggWlK7t8NK683E98qwbG2OZQVNDbl2Hou
	B06IHQbcGko/dtQzzbPFhdEZuxHFwc7Tr6VVTjDbVHyZBE1rAFiB1ejQtCz5/huR
	Zho+gZraZdcP9NdfYp+bvNdrQ0TDJ8BzP1KY+zuk=
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Authentication-Results:	sourceware.org; auth=none
X-Virus-Found:	No
X-Spam-SWARE-Status:	No, score=-1.9 required=5.0 tests=AWL,BAYES_00,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=ham version=3.3.2 spammy=lb, Lb, Erik, erik
X-HELO:	mail-yw0-f178.google.com
X-Google-DKIM-Signature:	v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=cG35c0FsBFc+zXI6PvXfkdE/4J8xM5spUX0yW2Y4dok=; b=RxD1zNH7N1RmG2rTG585/vrsX/xKoJAdENbNWwX26N0/IDWjxNMk87X5qHA8oaelK+ RlNJFV0zOVPPQPuCE1+6s4kuoRP513+7qRMUWXPbd8Yryh7qgxsY6gBm3x5DZGXEB5Sy gtPxXmNyIjl+ikngUMuup2544b99NOv/oenWY/ut+gDOq7lleE0xMBNP1tTXurMdzgFJ 38VbiqLCOTLY3RLyRTHMRP+P2OIGfE77BuDh0yMmjx+o0MKFc8fObRNtYwrvzSUa0Jhq rhyYR7h1x9HzJinEDgyvdypPPai40YMB5k3E2nyq9CU9PBIutpT9Gyz0GcZDhsPieCIG y+4w==
X-Gm-Message-State:	AODbwcDRY+/ThgLfZOnHleOIqOTkHvdvZ4RpUcogXqROSlSv7/uQJvaX QH6WRze9kyKltGjkIllseQn0h2Hd2maYcw0=
X-Received:	by 10.129.108.83 with SMTP id h80mr3794165ywc.302.1494408647362; Wed, 10 May 2017 02:30:47 -0700 (PDT)
MIME-Version:	1.0
From:	Erik Bray <erik DOT m DOT bray AT gmail DOT com>
Date:	Wed, 10 May 2017 11:30:46 +0200
Message-ID:	<CAOTD34aCROSAQojYvV4rjwiWOfiALFP+P2wODoMV1dcaOhKPFQ@mail.gmail.com>
Subject:	Bug? wcsxfrm causing memory corruption
To:	cygwin AT cygwin DOT com
X-IsSubscribed:	yes