#435 mingw runtime: _wopendir() has malloc error causing crash

Known_bugs
closed-fixed
Earnie Boyd
2003-09-22
2003-09-22
Roland Schwingel
No

Hi...

It appears to be that _topendir() in mingwex/dirent.c
has a bug in allocating sufficent memory for holding
enough space to contain a unicode string. This will
lead to crash in further use.

dirent.c currently:
nd = (_TDIR *) malloc (sizeof (_TDIR) + _tcslen
(szFullPath) + _tcslen (SLASH) + _tcslen (SUFFIX));

If using _wopendir() _tcslen() is set to wcslen() which
returns the number of characters in the string not the
number of bytes needed to hold the characters.

When replacing it with this code:
nd = (_TDIR *) malloc (sizeof (_TDIR) + (_tcslen
(szFullPath) + _tcslen (SLASH) + _tcslen
(SUFFIX)+1)*sizeof(_TCHAR));

everything runs fine.

Accomplished as attachment you find my patch together
with a changelog entry.

Hope you can apply my patches.

Roland

Discussion

  • patch for mingwex/dirent.c

     
    Attachments
  • ChangeLog entry

     
    Attachments
  • Danny Smith
    Danny Smith
    2003-09-22

    Logged In: YES
    user_id=11494

    Thanks
    Committed to CVS
    Danny

     
  • Danny Smith
    Danny Smith
    2003-09-22

    • status: open --> closed-fixed