Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Date: Wed, 22 May 2002 16:32:13 +0200
From: Pavel Tsekov <ptsekov AT syntrex DOT com>
Reply-To: Pavel Tsekov <cygwin AT cygwin DOT com>
Organization: Syntrex, Inc.
X-Priority: 3 (Normal)
Message-ID: <2525705071.20020522163213@syntrex.com>
To: Pavel Tsekov <cygwin AT cygwin DOT com>
CC: "Robert Collins" <robert DOT collins AT itdomain DOT com DOT au>,
   Pavel Tsekov <cygwin AT cygwin DOT com>, "Max Bowsher" <maxb AT ukf DOT net>
Subject: Re[3]: setup-2.243 Crash / Install from Local Directory / WinXP
In-Reply-To: <14818658940.20020522143447@syntrex.com>
References: 
 <FC169E059D1A0442A04C40F86D9BA7600C613A AT itdomain003 DOT itdomain DOT net DOT au>
 <14818658940 DOT 20020522143447 AT syntrex DOT com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Wednesday, May 22, 2002, 2:34:47 PM, you wrote:

PT> I can confirm this - here is the output shown from Dr. Mingw JIT:

I'm not sure this is the same crash but the crash I'm reporting is
easy reproducable and I think it is not the expected behaviour :)
Here is more info on it..

The crash is caused by this code from IniParseFindVisitor.cc, line 62:

  /* Copy leading part of path to temporary buffer and unescape it */

  String prefix (&basePath.cstr_oneuse()[baseLength + 1]);
  String mirror = rfc1738_unescape_part (prefix.substr(0,prefix.size() - 1));

  baseLenght - the length of the fullpath to the local package dir
  basePath - the full path of a directory we are currently scanning
             with FindFirstFile and friends.

When scannin the local package directory itself prefix would be with
zero length. Now prefix.size() will result in 0 thus this call
prefix.substr(0,prefix.size() - 1) will look like this
prefix.substr(0, -1) i.e. give me the whole string. Ok fine...
Now take a look at String::substr:

String
String::substr(size_t start, size_t len) const
{
  // Adapt the C++ string class
  return string(cstr_oneuse()).substr(start, len);
}

Ok cstr_oneuse() would return 0. This is where the crash happens
because the string class does strlen() when this constructor is used
i.e. const char *. I suggest to change this to:

string tmpStr;
tmpStr.assign (cstr_oneuse(), theData->length); // this construct is safe
return tmpStr.substr (start, len);

You can also check theData->length and return empty string :)

Here is a backtrace from the crash:

#0  0x0043a1a5 in String::substr (this=0x152fa94, start=0, len=4294967295)
    at /usr/include/g++-3/std/straits.h:125
125         { return strlen (s); }
(gdb) bt
#0  0x0043a1a5 in String::substr (this=0x152fa94, start=0, len=4294967295)
    at /usr/include/g++-3/std/straits.h:125
#1  0x0041897c in IniParseFindVisitor::visitFile (this=0x152fe14,
    basePath=@0x152fc14, theFile=0x152fc44) at IniParseFindVisitor.cc:65
#2  0x0040e89f in Find::accept (this=0x152fe34, aVisitor=@0x152fe14)
    at find.cc:71
#3  0x00410f03 in do_local_ini (owner=0x1f0272) at ini.cc:76
#4  0x00411a3b in do_ini_thread (h=0x400000, owner=0x1f0272) at ini.cc:155
#5  0x00411f58 in do_ini_thread_reflector (p=0x4723a8) at ini.cc:222
#6  0x77e602ed in _libwsock32_a_iname ()
(gdb)


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/