X-Spam-Check-By: sourceware.org
To: cygwin AT cygwin DOT com
From: mwoehlke <mwoehlke AT tibco DOT com>
Subject:  dereferenced NULL in setup-2.529 (possible patch)
Date:  Mon, 22 May 2006 19:00:42 -0500
Lines: 52
Message-ID: <e4tjba$d7d$1@sea.gmane.org>
Mime-Version:  1.0
Content-Type:  text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding:  7bit
User-Agent: Thunderbird 1.5.0.2 (X11/20060420)
X-IsSubscribed: yes
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

mwoehlke wrote:
 > Also, I'd test on my XP system but it is consistently dereferencing a
 > NULL :-(. (On W2k3 R2 it did that *once* and has since run just fine.)

I built setup (from the 2.529 tarball) and ran it in gdb, and got this 
stack trace:

#0  0x77c470d0 in msvcrt!memcpy () from 
/cygdrive/c/WINDOWS/system32/msvcrt.dll
#1  0x004566ca in new_cstr_char_array (s=@0x174fb7c) at String++.cc:294
#2  0x004527cc in do_download_site_info_thread (p=0x4dbd40) at site.cc:330
#3  0x7c80b50b in KERNEL32!GetModuleFileNameA () from 
/cygdrive/c/WINDOWS/system32/kernel32.dll
#4  0x004dbd40 in std::__ioinit ()
#5  0x00000401 in ?? ()
#6  0x00000002 in ?? ()
#7  0x004dbd40 in std::__ioinit ()
#8  0x7ffde000 in ?? ()
#9  0x823c2600 in ?? ()
#10 0x0174ffc0 in ?? ()
#11 0x82026bf0 in ?? ()
#12 0xffffffff in ?? ()
#13 0x7c8399f3 in KERNEL32!FindAtomW () from 
/cygdrive/c/WINDOWS/system32/kernel32.dll
#14 0x7c80b518 in KERNEL32!GetModuleFileNameA () from 
/cygdrive/c/WINDOWS/system32/kernel32.dll
#15 0x00000000 in ?? () from

...it looks like new_cstr_char_array pukes if the 's' is empty (i.e. 
s.theData == NULL). This is an easy (almost trivial) fix, but I'm not 
sure that the fact that 's' is empty is not a bigger problem.

Anyway, if it's OK for 's' to be empty, here's a patch (this *seems* to 
work, i.e. no crash and I didn't notice anything else blatantly "funky"):

=== String++.cc : 289
   char *
   new_cstr_char_array (const String &s)
   {
     size_t len = s.size() + 1;
     char *buf = new char[len];
-  memcpy (buf, s.c_str (), len);
+  if (len > 1)
+    memcpy (buf, s.c_str (), len);
+  else
+    buf[0] = 0;
     return buf;
   }

-- 
Matthew
All of my signatures are 100% original. Including this one.


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/