| delorie.com/archives/browse.cgi | search |
| DMARC-Filter: | OpenDMARC Filter v1.4.2 delorie.com 53NB0cFD2134618 |
| Authentication-Results: | delorie.com; dmarc=pass (p=none dis=none) header.from=cygwin.com |
| Authentication-Results: | delorie.com; spf=pass smtp.mailfrom=cygwin.com |
| DKIM-Filter: | OpenDKIM Filter v2.11.0 delorie.com 53NB0cFD2134618 |
| Authentication-Results: | delorie.com; |
| dkim=pass (1024-bit key, unprotected) header.d=cygwin.com header.i=@cygwin.com header.a=rsa-sha256 header.s=default header.b=uy1+jiJN | |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| DKIM-Filter: | OpenDKIM Filter v2.11.0 sourceware.org 7CC833857348 |
| DKIM-Signature: | v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com; |
| s=default; t=1745406036; | |
| bh=Zpnfycpb/xQNnROeoBc+NScKx/OTxg7z0o9XQLBqKpk=; | |
| h=Subject:To:References:Date:In-Reply-To:List-Id:List-Unsubscribe: | |
| List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:Cc: | |
| From; | |
| b=uy1+jiJN1NApIgUhyrkUoBfX1zf3IWFNqF1lu3YicxAJ3VeMSz5uPZn1Br0hXtTYe | |
| oIVfRMWfdJgcQTLY+1Zf0VPevIOxe//t8DaPch9xL5sNJsL/BGl3FsPNWmuly3q0Iw | |
| 92i7EA/teVFHsCvHEm7TjUeQ/yFeQvGBQClHjANw= | |
| X-Original-To: | cygwin AT cygwin DOT com |
| Delivered-To: | cygwin AT cygwin DOT com |
| DMARC-Filter: | OpenDMARC Filter v1.4.2 sourceware.org 8A8B03858D26 |
| ARC-Filter: | OpenARC Filter v1.0.0 sourceware.org 8A8B03858D26 |
| ARC-Seal: | i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1745405973; cv=none; |
| b=X5WqXPVaLR/CC519Kxz5zhTjOyJ1Iz5vF1cQeAf0wLdXqOeUu01a3tP02ZJXOYH2nQ2G3cBTJpPH2zZdAIb2DJZP/mKdsIoNezCLe/tLdNFretktSWsqysSYuxM6kRxJGoAgPDsG9KdFeEURGFJL8xBYh0I2v5zi8mC6Pa0+6cg= | |
| ARC-Message-Signature: | i=1; a=rsa-sha256; d=sourceware.org; s=key; |
| t=1745405973; c=relaxed/simple; | |
| bh=Ou1likbUSWYSBaoTz21zoe15Ww/jHAJOSn9cxNH4k3c=; | |
| h=Subject:To:From:Message-ID:Date:MIME-Version; | |
| b=CQfLhFI2BV6W0kmRl1fzxFo/eeFQF6ZsVDggiPpDJjBCMROhxv5HKOL56tHSt/MJ4+VUr0vOpfj0yDToOVksBp84KIhs4bGbz9Mw0psUvwt9BdkU0xl7n+eRarUjcZnaqIsn4G8USyKvRvUpzNA1+bi43dnTb/hZA71O0VDoTyI= | |
| ARC-Authentication-Results: | i=1; server2.sourceware.org |
| DKIM-Filter: | OpenDKIM Filter v2.11.0 sourceware.org 8A8B03858D26 |
| Subject: | Re: cygstart: buffer overflow when a URI is passed |
| (cygutils-1.4.17-[23]) | |
| To: | cygwin AT cygwin DOT com |
| References: | <502f1b04-bc0e-4aba-b150-7b9ea3c5ba3b AT gmail DOT com> |
| <aa2914e5-9a39-cc64-09b0-4fb4563a8706 AT t-online DOT de> | |
| <7850c4a6-2683-43f9-9d3b-6f4c164b2cb6 AT maxrnd DOT com> | |
| <172cbec2-4f19-4bc3-b501-c5ffede1e11a AT maxrnd DOT com> | |
| Message-ID: | <cb4802e0-8c74-847d-d48e-2018de870815@t-online.de> |
| Date: | Wed, 23 Apr 2025 12:59:29 +0200 |
| User-Agent: | Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:128.0) Gecko/20100101 |
| SeaMonkey/2.53.20 | |
| MIME-Version: | 1.0 |
| In-Reply-To: | <172cbec2-4f19-4bc3-b501-c5ffede1e11a@maxrnd.com> |
| X-TOI-EXPURGATEID: | 150726::1745405966-1D7F9A5A-BD9CE5D5/0/0 CLEAN NORMAL |
| X-TOI-MSGID: | 772634fd-aa3b-4b1b-ba4a-27f50edfadda |
| X-BeenThere: | cygwin AT cygwin DOT com |
| X-Mailman-Version: | 2.1.30 |
| List-Id: | General Cygwin discussions and problem reports <cygwin.cygwin.com> |
| List-Unsubscribe: | <https://cygwin.com/mailman/options/cygwin>, |
| <mailto:cygwin-request AT cygwin DOT com?subject=unsubscribe> | |
| List-Archive: | <https://cygwin.com/pipermail/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-request AT cygwin DOT com?subject=help> |
| List-Subscribe: | <https://cygwin.com/mailman/listinfo/cygwin>, |
| <mailto:cygwin-request AT cygwin DOT com?subject=subscribe> | |
| From: | Christian Franke via Cygwin <cygwin AT cygwin DOT com> |
| Reply-To: | cygwin AT cygwin DOT com |
| Cc: | Christian Franke <Christian DOT Franke AT t-online DOT de> |
| Errors-To: | cygwin-bounces~archive-cygwin=delorie DOT com AT cygwin DOT com |
| Sender: | "Cygwin" <cygwin-bounces~archive-cygwin=delorie DOT com AT cygwin DOT com> |
| X-MIME-Autoconverted: | from base64 to 8bit by delorie.com id 53NB0cFD2134618 |
Mark Geisert via Cygwin wrote:
> Drat, typo alert:
>
>> It looks to me like that 'if' statement should read
>> Â Â if (mbstowcs (*wcs_path, *mbs_path, len) ...
>
> Â Â Â if (mbstowcs (*wcspath, mbs_path, len) ...
>
Use 'len + 1', otherwise the result would possibly be not null terminated.
POSIX says: "The array shall not be zero-terminated if the value
returned is /n/.".
Linux mbstowcs(3) says: "... the programmer should make sure dsize is
greater than or equal to mbstowcs(NULL,src,0)+1."
Example:
#include <stdio.h>
#include <stdlib.h>
int main()
{
 const char src[] = "123";
 wchar_t dst[4] = L"...!";
 size_t len = mbstowcs(NULL, src, 0);
 printf("len=%zu\n", len);
 mbstowcs(dst, src, len);
 printf("len:  '%.4S'\n", dst);
 mbstowcs(dst, src, len+1);
 printf("len+1: '%.4S'\n", dst);
 printf("len+2:\n");
 mbstowcs(dst, src, len+2);
 return 0;
}
Result if compiled with -O -D_FORTIFY_SOURCE:
len=3
len:Â Â '123!'
len+1: '123'
len+2:
*** buffer overflow detected ***: terminated
Aborted
--
Regards,
Christian
--
Problem reports: https://cygwin.com/problems.html
FAQ: https://cygwin.com/faq/
Documentation: https://cygwin.com/docs.html
Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |