This is the mail archive of the cygwin@sources.redhat.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]

mingw > 20001111: fstat bug: buffer overflow?


In mingw versions later than 20001111, i.e. 20001225 and 20010130, fstat
seems to overrun the stat buffer passed to it. This is illustrated by the
following program, in which if a simple struct stat is passed to test, foo
crashes when it tries to return (presumably the return address is
overwritten). If a struct bar (with extra padding before and after the
struct stat) is used instead, there is no error.

>From looking at /usr/include/mingw/stat.h, it seems that there are at least
two different versions of struct stat in play, potentially with different
types, but I don't claim to understand what's going on.

#include <stddef.h>
#include <stdio.h>
#include <sys/stat.h>

struct bar {
  double a;
  struct stat sb;
  double b;
};

int test(void) {
/* either */
  struct bar s;
  printf("%d\n", fstat(1, &(s.sb)));
/* or
  struct stat sb;
  printf("%d\n", fstat(1, &sb));
*/
  return 0;
}

int foo(void) {
  fprintf(stderr, "%d\n", test());
  fflush(stderr);
  return 1;
}

int main(void) {
  printf("%d\n", foo());
  return 0;
}



--
Want to unsubscribe from this list?
Check out: http://cygwin.com/ml/#unsubscribe-simple


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]