#1 Invalid Buffer in DosGetMessage

closed-fixed
nobody
None
5
2005-06-29
2005-06-29
No

I found a bug in the implementation of DosGetMessage.
It seems the call to "catclose" should be made after
the strcpy call that uses "catPtr". Right now, the
catalog is closed before the string copy and that
results in a segmentation violation because the memory
associated with catPtr gets free'd in the close call.
Also, you might consider using "strncpy" rather than
"strcpy" to avoid overwriting the target buffer if the
message is too long.

Discussion

  • David Ashley

    David Ashley - 2005-06-29
    • status: open --> closed
     
  • David Ashley

    David Ashley - 2005-06-29
    • status: closed --> closed-fixed
     
  • David Ashley

    David Ashley - 2005-06-29

    Logged In: YES
    user_id=931756

    Moved the close and string copy such that the copy is
    performed prior to the close.