bb96bd03b0
sys_mbstowcs is called with the destination buffer length set to MaximumLength from the receiving UNICODE_STRING buffer. This is twice as much as the actual size of the buffer in wchar_t units, which is the unit expected by sys_mbstowcs. sys_mbstowcs always attaches a NUL, within the destination buffersize given. But if the string is exactly one wchar_t less than the actual buffer, and the buffersize is given too large, sys_mbstowcs writes a NUL one wchar_t beyond the buffer. This has only been exposed with Cygwin 3.1.5 because alloca on newer gcc 9 apparently allocates more tightly. The alloca buffer here is requested with 16 bytes, which is exactly the number of bytes required for the string L"cmd.exe". Older gcc apparently allocated a few more bytes on the stack, while gcc 9 allocates in 16 byte granularity... Fix this by giving the correct destination buffer size to sys_mbstowcs. Fixes: https://cygwin.com/pipermail/cygwin/2020-June/245226.html Signed-off-by: Corinna Vinschen <corinna@vinschen.de> |
||
|---|---|---|
| .. | ||
| CVSChangeLogs.old | ||
| cygserver | ||
| cygwin | ||
| doc | ||
| lsaauth | ||
| testsuite | ||
| utils | ||
| CONTRIBUTORS | ||
| COPYING | ||
| COPYING.LIB | ||
| CYGWIN_LICENSE | ||
| Makefile.common | ||
| Makefile.in | ||
| README | ||
| acinclude.m4 | ||
| aclocal.m4 | ||
| autogen.sh | ||
| c++wrap | ||
| ccwrap | ||
| config.guess | ||
| config.sub | ||
| configure | ||
| configure.ac | ||
| configure.cygwin | ||
| install-sh | ||
README
THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. Cygwin documentation is available on the net at https://cygwin.com You might especially be interested in https://cygwin.com/faq/faq.html#faq.programming.building-cygwin