X-Recipient: archive-cygwin AT delorie DOT com DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:mime-version:from:date:message-id:subject:to :content-type; q=dns; s=default; b=yZ1NWMDwLuFYHWMusWOTcI2Rf73+t pFjmiVnabZM8lWXuHikkeoICYKetsFui/bH/Sl6fQn6YXjY/F49cP1umy/Zu5t0N 4NU7HHCBcWLvxwxpt4tyuvDwAGXwKZxXTThV8a7f25wT3BrIC+AM7xIe6V5Or7ZX mxU5fBZOuAKEgc= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:mime-version:from:date:message-id:subject:to :content-type; s=default; bh=p2IZP39XeuoloWJFjIEYmShkZ/c=; b=bO1 EAPjOuDqkpGyTWaq6Tm/1L/YLcXeeFpggWlK7t8NK683E98qwbG2OZQVNDbl2Hou B06IHQbcGko/dtQzzbPFhdEZuxHFwc7Tr6VVTjDbVHyZBE1rAFiB1ejQtCz5/huR Zho+gZraZdcP9NdfYp+bvNdrQ0TDJ8BzP1KY+zuk= Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-1.9 required=5.0 tests=AWL,BAYES_00,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=ham version=3.3.2 spammy=lb, Lb, Erik, erik X-HELO: mail-yw0-f178.google.com X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=cG35c0FsBFc+zXI6PvXfkdE/4J8xM5spUX0yW2Y4dok=; b=RxD1zNH7N1RmG2rTG585/vrsX/xKoJAdENbNWwX26N0/IDWjxNMk87X5qHA8oaelK+ RlNJFV0zOVPPQPuCE1+6s4kuoRP513+7qRMUWXPbd8Yryh7qgxsY6gBm3x5DZGXEB5Sy gtPxXmNyIjl+ikngUMuup2544b99NOv/oenWY/ut+gDOq7lleE0xMBNP1tTXurMdzgFJ 38VbiqLCOTLY3RLyRTHMRP+P2OIGfE77BuDh0yMmjx+o0MKFc8fObRNtYwrvzSUa0Jhq rhyYR7h1x9HzJinEDgyvdypPPai40YMB5k3E2nyq9CU9PBIutpT9Gyz0GcZDhsPieCIG y+4w== X-Gm-Message-State: AODbwcDRY+/ThgLfZOnHleOIqOTkHvdvZ4RpUcogXqROSlSv7/uQJvaX QH6WRze9kyKltGjkIllseQn0h2Hd2maYcw0= X-Received: by 10.129.108.83 with SMTP id h80mr3794165ywc.302.1494408647362; Wed, 10 May 2017 02:30:47 -0700 (PDT) MIME-Version: 1.0 From: Erik Bray Date: Wed, 10 May 2017 11:30:46 +0200 Message-ID: Subject: Bug? wcsxfrm causing memory corruption To: cygwin AT cygwin DOT com Content-Type: multipart/mixed; boundary=001a114dc1fe93c5e5054f282037 X-IsSubscribed: yes --001a114dc1fe93c5e5054f282037 Content-Type: text/plain; charset=UTF-8 Greetings-- In the process of fixing the Python test suite on Cygwin I ran across one test that was consistently causing segfaults later on, not directly local to that test. The test involves wcsxfrm so that's where I focused my attention. The attached test demonstrates the bug. Given an output buffer of N wide characters, wcsxfrm will cause bytes beyond the destination size to be reversed. I believe it might actually be a bug in the underlying LCMapStringW workhorse (this is on Windows 10; have not tested other versions). According to its docs [1], the cchDest argument (size of the destination buffer) is treated as a *byte* count when using LCMAP_SORTKEY. However, for the purposes of applying the LCMAP_BYTEREV transformation it seems to be treating the output size (in bytes) as character count. So in the example I give, where the output sort key is 7 bytes (including the null terminator), it swaps *14* bytes--the bytes including the sort key as well as the next 7 adjacent bytes. This is obviously a problem if the destination buffer is allocated out of some larger memory pool. This definitely has to be a bug, right? Or at least very poorly documented on MS's part. A workaround would either be to not use LCMAP_BYTEREV and just swap the bytes manually, or in a second call to LCMapStringW with LCMAP_BYTEREV and the correct character count... Thanks, Erik [1] https://msdn.microsoft.com/en-us/library/windows/desktop/dd318700(v=vs.85).aspx --001a114dc1fe93c5e5054f282037 Content-Type: text/x-csrc; charset=US-ASCII; name="LCMapStringW.c" Content-Disposition: attachment; filename="LCMapStringW.c" Content-Transfer-Encoding: base64 X-Attachment-Id: f_j2is5un80 I2luY2x1ZGUgPHN0ZGxpYi5oPgojaW5jbHVkZSA8c3RkaW8uaD4KI2luY2x1 ZGUgPGxvY2FsZS5oPgojaW5jbHVkZSA8d2NoYXIuaD4KI2luY2x1ZGUgPHN0 cmluZy5oPgojaW5jbHVkZSA8d2luZG93cy5oPgoKI2RlZmluZSBTSVpFIDMy CgoKdm9pZCBmaWxsX2J5dGVzKHVpbnQ4X3QgKmEsIGludCBuKSB7CiAgICBp bnQgaWR4OwogICAgZm9yIChpZHg9MDsgaWR4PG47IGlkeCsrKSB7CiAgICAg ICAgYVtpZHhdID0gaWR4OwogICAgfQp9CgoKdm9pZCBwcmludF9ieXRlcyh1 aW50OF90ICphLCBpbnQgbikgewogICAgaW50IGlkeDsKICAgIGZvciAoaWR4 PTA7IGlkeDxuOyBpZHgrKykgewogICAgICAgIHByaW50ZigiMHglMDJ4ICIs ICgodWludDhfdCopYSlbaWR4XSk7CiAgICAgICAgaWYgKChpZHggKyAxKSAl IDggPT0gMCkgcHJpbnRmKCJcbiIpOwogICAgfQp9CgppbnQgbWFpbih2b2lk KSB7CiAgICB3Y2hhcl90ICphLCAqYjsKICAgIHVpbnQ4X3QgKmFhOwogICAg c2l6ZV90IHJldDsKICAgIExDSUQgY29sbGF0ZV9sY2lkOwogICAgaW50IGlk eDsKICAgIGNvbGxhdGVfbGNpZCA9IDEwMzM7CiAgICBiID0gTCJiIjsKICAg IGEgPSAod2NoYXJfdCopIG1hbGxvYyhTSVpFKTsKICAgIGFhID0gKHVpbnQ4 X3QqKSBhOwoKICAgIHNldGxvY2FsZShMQ19BTEwsICJlbl9VUy5VVEYtOCIp OwoKICAgIHByaW50ZigidXNpbmcgd2NzeGZybTpcbiIpOwogICAgZmlsbF9i eXRlcyhhYSwgU0laRSk7CiAgICBwcmludGYoImJlZm9yZTpcbiIpOwogICAg cHJpbnRfYnl0ZXMoYWEsIFNJWkUpOwogICAgcmV0ID0gd2NzeGZybShhLCBi LCA0KTsKICAgIHByaW50ZigiYWZ0ZXIgKCVkKTpcbiIsIHJldCk7CiAgICBw cmludF9ieXRlcyhhYSwgU0laRSk7CgogICAgcHJpbnRmKCJcbnVzaW5nIExD TWFwU3RyaW5nVyBkaXJlY3RseTpcbiIpOwogICAgZmlsbF9ieXRlcyhhYSwg U0laRSk7CiAgICBwcmludGYoImJlZm9yZTpcbiIpOwogICAgcHJpbnRfYnl0 ZXMoYWEsIFNJWkUpOwogICAgCiAgICByZXQgPSBMQ01hcFN0cmluZ1coY29s bGF0ZV9sY2lkLCBMQ01BUF9TT1JUS0VZIHwgTENNQVBfQllURVJFViwgYiwg LTEsIGEsIDgpOwogICAgcHJpbnRmKCJhZnRlciAoJWQpOlxuIiwgcmV0KTsK ICAgIHByaW50X2J5dGVzKGFhLCBTSVpFKTsKCiAgICBwcmludGYoIlxud2l0 aG91dCBMQ01BUF9CWVRFUkVWOlxuIik7CiAgICBmaWxsX2J5dGVzKGFhLCBT SVpFKTsKICAgIHByaW50ZigiYmVmb3JlOlxuIik7CiAgICBwcmludF9ieXRl cyhhYSwgU0laRSk7CiAgICAKICAgIHJldCA9IExDTWFwU3RyaW5nVyhjb2xs YXRlX2xjaWQsIExDTUFQX1NPUlRLRVksIGIsIC0xLCBhLCA4KTsKICAgIHBy aW50ZigiYWZ0ZXIgKCVkKTpcbiIsIHJldCk7CiAgICBwcmludF9ieXRlcyhh YSwgU0laRSk7CiAgICBmcmVlKGEpOwogICAgCiAgICByZXR1cm4gMDsKfQo= --001a114dc1fe93c5e5054f282037 Content-Type: text/plain; charset=us-ascii -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple --001a114dc1fe93c5e5054f282037--