COMMIT
Adrian Aichner <adrian(a)xemacs.org> writes:
Apparently, wcslen naively dereferences its const wchar_t *ws
argument
without checking for a null pointer:
wcslen(const unsigned short * 0x00000000) line 39 + 5 bytes
XEMACS! 01206394()
I've traced this down to src/intl-win32.c whose functions have blind
faith in pointers they are being passed.
sysdep.c also contains versions of various wchar functions without
proper argument checking.
Still investigating ...
Thanks for looking into this too, Steve!
The actual crash is caused by
Ibyte *
mswindows_getdcwd (int drivelet)
not considering a possible NULL return value of:
cwdext = _getdcwd (drivelet, NULL, 0);
I have put in NULL pointer tests in related areas and changed
DEFUN ("file-name-directory", Ffile_name_directory, 1, 1, 0, /*
to return nil in case
mswindows_getdcwd
returns a NULL working directory.
This now includes
illegal
non-existing
or unavailable
drives.
I'll also post a build report with one check-temacs-only regression,
which I don't think is related to this change.
Greetings!
Adrian
xemacs-21.5-clean ChangeLog patch:
Diff command: cvs -q diff -U 0
Files affected: src/ChangeLog
Index: src/ChangeLog
===================================================================
RCS file: /pack/xemacscvs/XEmacs/xemacs/src/ChangeLog,v
retrieving revision 1.1003
diff -u -U0 -r1.1003 ChangeLog
--- src/ChangeLog 30 Oct 2006 11:36:59 -0000 1.1003
+++ src/ChangeLog 1 Nov 2006 20:22:53 -0000
@@ -0,0 +1,14 @@
+2006-11-01 Adrian Aichner <adrian(a)xemacs.org>
+
+ * sysdep.c (wcslen): Check for NULL pointer.
+ * sysdep.c (strlwr): Ditto.
+ * nt.c (mswindows_getdcwd): Ditto (actual cause of reported
+ crash).
+ * intl-win32.c (wcscmp): Ditto.
+ * intl-win32.c (wcslen): Ditto.
+ * intl-win32.c (wcsncpy): Ditto.
+ * intl-win32.c (wcscpy): Ditto.
+ * intl-win32.c (wcsdup): Ditto.
+ * fileio.c (Ffile_name_directory): Return Qnil when
+ mswindows_getdcwd returns NULL working directory.
+
@@ -42831 +42845 @@
-1998-03-09 Martin Buchholz <Martin Buchholz <martin(a)xemacs.org>>
+1998-03-09 Martin Buchholz <martin(a)xemacs.org>
@@ -42998 +43012 @@
-1998-03-02 Martin Buchholz <Martin Buchholz <martin(a)xemacs.org>>
+1998-03-02 Martin Buchholz <martin(a)xemacs.org>
@@ -45523 +45537 @@
-1997-11-05 Martin Buchholz <Martin Buchholz <martin(a)xemacs.org>>
+1997-11-05 Martin Buchholz <martin(a)xemacs.org>
xemacs-21.5-clean source patch:
Diff command: cvs -f -z3 -q diff -u -w -N
Files affected: src/fileio.c
===================================================================
RCS src/intl-win32.c
===================================================================
RCS src/nt.c
===================================================================
RCS src/sysdep.c
===================================================================
RCS
Index: src/sysdep.c
===================================================================
RCS file: /pack/xemacscvs/XEmacs/xemacs/src/sysdep.c,v
retrieving revision 1.83
diff -u -w -r1.83 sysdep.c
--- src/sysdep.c 27 Sep 2005 05:32:21 -0000 1.83
+++ src/sysdep.c 1 Nov 2006 20:09:48 -0000
@@ -3491,6 +3491,7 @@
size_t
wcslen (const wchar_t *s)
{
+ if (s == NULL) return NULL;
const wchar_t *p = s;
while (*p++)
@@ -3508,6 +3509,7 @@
char *
strlwr (char *s)
{
+ if (s == NULL) return NULL;
REGISTER char *c;
for (c = s; *c; c++)
Index: src/nt.c
===================================================================
RCS file: /pack/xemacscvs/XEmacs/xemacs/src/nt.c,v
retrieving revision 1.48
diff -u -w -r1.48 nt.c
--- src/nt.c 27 Dec 2005 18:51:30 -0000 1.48
+++ src/nt.c 1 Nov 2006 20:09:48 -0000
@@ -1819,6 +1819,7 @@
cwdext = (Extbyte *) _wgetdcwd (drivelet, NULL, 0);
else
cwdext = _getdcwd (drivelet, NULL, 0);
+ if (cwdext == NULL) return NULL;
TSTR_TO_C_STRING_MALLOC (cwdext, cwd);
xfree (cwdext, Extbyte *);
return cwd;
Index: src/intl-win32.c
===================================================================
RCS file: /pack/xemacscvs/XEmacs/xemacs/src/intl-win32.c,v
retrieving revision 1.16
diff -u -w -r1.16 intl-win32.c
--- src/intl-win32.c 16 Sep 2005 08:51:26 -0000 1.16
+++ src/intl-win32.c 1 Nov 2006 20:09:48 -0000
@@ -1569,6 +1569,7 @@
int
wcscmp (const wchar_t *s1, const wchar_t *s2)
{
+ if (s1 == NULL || s2 == NULL) return NULL;
while (*s1 != '\0' && *s1 == *s2)
{
s1++;
@@ -1585,6 +1586,7 @@
size_t
wcslen (const wchar_t *str)
{
+ if (str == NULL) return NULL;
const wchar_t *start = str;
while (*str)
@@ -1598,6 +1600,7 @@
wchar_t *
wcsncpy (wchar_t *dst0, const wchar_t *src0, size_t count)
{
+ if (dst0 == NULL || src0 == NULL) return NULL;
wchar_t *dscan;
const wchar_t *sscan;
@@ -1618,6 +1621,7 @@
wchar_t *
wcscpy (wchar_t *dst0, const wchar_t *src0)
{
+ if (dst0 == NULL || src0 == NULL) return NULL;
wchar_t *s = dst0;
while ((*dst0++ = *src0++))
@@ -1629,6 +1633,7 @@
wchar_t *
wcsdup (const wchar_t *str)
{
+ if (str == NULL) return NULL;
int len = wcslen (str) + 1;
wchar_t *val = xnew_array (wchar_t, len);
Index: src/fileio.c
===================================================================
RCS file: /pack/xemacscvs/XEmacs/xemacs/src/fileio.c,v
retrieving revision 1.106
diff -u -w -r1.106 fileio.c
--- src/fileio.c 27 Oct 2006 19:07:47 -0000 1.106
+++ src/fileio.c 1 Nov 2006 20:09:49 -0000
@@ -397,11 +397,20 @@
if (wd)
{
+ int size;
qxestrcat (res, wd);
- if (!IS_DIRECTORY_SEP (res[qxestrlen (res) - 1]))
- qxestrcat (res, (Ibyte *) "/");
+ size = qxestrlen (res);
+ if (!IS_DIRECTORY_SEP (res[size - 1]))
+ {
+ res[size] = DIRECTORY_SEP;
+ res[size + 1] = '\0';
+ }
beg = res;
p = beg + qxestrlen (beg);
+ }
+ else
+ {
+ return Qnil;
}
if (wd)
xfree (wd, Ibyte *);
--
Adrian Aichner
mailto:adrian@xemacs.org
http://www.xemacs.org/
_______________________________________________
XEmacs-Beta mailing list
XEmacs-Beta(a)xemacs.org
http://calypso.tux.org/cgi-bin/mailman/listinfo/xemacs-beta