Mail Archives: cygwin/2025/04/23/01:13:43

Mark Geisert via Cygwin <cygwin AT cygwin DOT com> · Tue, 22 Apr 2025 22:13:17 -0700

Hi Christian,

On 4/12/2025 9:37 AM, Christian Franke via Cygwin wrote:
> ggl329 via Cygwin wrote:
>> Hi all,
>>
>> I've encountered a possible bug in cygstart.
>> It seems to abort when a URI is passed to it.
>>
>>
>> $ cygcheck -dc | grep cygutils
>> cygutils                                1.4.17-3
>> $ cygstart https://www.google.com
>> *** buffer overflow detected ***: terminated
>> Aborted
> 
> Possibly no regression but longstanding bug which is now detected thanks 
> to gcc12's __builtin_dynamic_object_size() feature and -D_FORTIFY_SOURCE=3:
> 
> cygstart.c:
> 
> cygstart_mbs_to_wcs (const char *mbs_path, wchar_t **wcs_path)
> {
>    ...
>    *wcs_path = (wchar_t *) malloc ((len + 1) * sizeof (wchar_t));
>    ...
>    // *** buffer overflow detected *** because the length parameter
>    // should specify the number of characters instead of bytes:
>    if (mbstowcs (*wcs_path, mbs_path, (len + 1) * sizeof (wchar_t)) ...
>    ...
> }

It looks to me like that 'if' statement should read
   if (mbstowcs (*wcs_path, *mbs_path, len) ...
because 'len' determined near the top should be the number of characters 
involved, without a trailing NUL.  Then existing code fills in the NUL 
at character index 'len' in the buffer.  IOW the converted chars occupy 
character indexes 0 thru len-1.

If you concur I can update cygutils with this fix shortly.
Thanks & Regards,

..mark

-- 
Problem reports:      https://cygwin.com/problems.html
FAQ:                  https://cygwin.com/faq/
Documentation:        https://cygwin.com/docs.html
Unsubscribe info:     https://cygwin.com/ml/#unsubscribe-simple

DMARC-Filter:	OpenDMARC Filter v1.4.2 delorie.com 53N5Dhgr1980277
Authentication-Results:	delorie.com; dmarc=pass (p=none dis=none) header.from=cygwin.com
Authentication-Results:	delorie.com; spf=pass smtp.mailfrom=cygwin.com
DKIM-Filter:	OpenDKIM Filter v2.11.0 delorie.com 53N5Dhgr1980277
Authentication-Results:	delorie.com;
	dkim=pass (1024-bit key, unprotected) header.d=cygwin.com header.i=@cygwin.com header.a=rsa-sha256 header.s=default header.b=F47+6Pir
X-Recipient:	archive-cygwin AT delorie DOT com
DKIM-Filter:	OpenDKIM Filter v2.11.0 sourceware.org BC9B13857B94
DKIM-Signature:	v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com;
	s=default; t=1745385222;
	bh=A5EK3SJML3uQDoryY5kBgQ7yjhCO+BSuPwPiv7oGE4Y=;
	h=Date:Subject:To:References:In-Reply-To:List-Id:List-Unsubscribe:
	List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:
	From;
	b=F47+6Pirn/kAgmR2H9+qYsU7o2PFkJKF2xGi1Yh5jvw9oUxjMCLieUPlKT8xPa2M6
	Vuq9W4caSaxsMOGmGKC6VhH1E5RoItKV8B4rfGuON3y0A8TQbb2WykS2gsfB39HGaL
	2O6prvfUk1ouD686EidUIBVNgZ7576bdMVxkD+aQ=
X-Original-To:	cygwin AT cygwin DOT com
Delivered-To:	cygwin AT cygwin DOT com
DMARC-Filter:	OpenDMARC Filter v1.4.2 sourceware.org 2F1313858D38
ARC-Filter:	OpenARC Filter v1.0.0 sourceware.org 2F1313858D38
ARC-Seal:	i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1745385198; cv=none;
	b=UvF4A0WQDcPvk3mTGLYqrGBF5JWdJlmaZhJLL3pLd0aBJExI7zVcmXFEoEScRZlY3jj+VAEa/sXxqwhPVu1bIDotTuNawK/P4IEg4QMv1sS0h91PeV5KGXxlVN+AmgmdAQKDEKLKtm3QSOrckjgipuCjvBer9JWBgFhl07/fiPs=
ARC-Message-Signature:	i=1; a=rsa-sha256; d=sourceware.org; s=key;
	t=1745385198; c=relaxed/simple;
	bh=GZdQZxsHRY1Byub29GVIM1YYlax4iU8WMyOE6G7igV4=;
	h=Message-ID:Date:MIME-Version:Subject:To:From;
	b=StYWPLiYh8LExdm8Til4WGVziG5cbl1/jj5b+O0PgcoPTqvGlHdh1w67cLN9H97Y0hf8869qotKh7QHSfP/9ANPkYZ70whC2xQd2ag7ZDRalco41rOImBS9AGv+eRv4vVZ01BnI9yYhTZQvkixJ9tShl5roa9Klmu9kmoKK6bKY=
ARC-Authentication-Results:	i=1; server2.sourceware.org
DKIM-Filter:	OpenDKIM Filter v2.11.0 sourceware.org 2F1313858D38
Message-ID:	<7850c4a6-2683-43f9-9d3b-6f4c164b2cb6@maxrnd.com>
Date:	Tue, 22 Apr 2025 22:13:17 -0700
MIME-Version:	1.0
User-Agent:	Mozilla Thunderbird
Subject:	Re: cygstart: buffer overflow when a URI is passed
	(cygutils-1.4.17-[23])
To:	cygwin AT cygwin DOT com
References:	<502f1b04-bc0e-4aba-b150-7b9ea3c5ba3b AT gmail DOT com>
	<aa2914e5-9a39-cc64-09b0-4fb4563a8706 AT t-online DOT de>
In-Reply-To:	<aa2914e5-9a39-cc64-09b0-4fb4563a8706@t-online.de>
X-BeenThere:	cygwin AT cygwin DOT com
X-Mailman-Version:	2.1.30
List-Id:	General Cygwin discussions and problem reports <cygwin.cygwin.com>
List-Unsubscribe:	<https://cygwin.com/mailman/options/cygwin>,
	<mailto:cygwin-request AT cygwin DOT com?subject=unsubscribe>
List-Archive:	<https://cygwin.com/pipermail/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-request AT cygwin DOT com?subject=help>
List-Subscribe:	<https://cygwin.com/mailman/listinfo/cygwin>,
	<mailto:cygwin-request AT cygwin DOT com?subject=subscribe>
From:	Mark Geisert via Cygwin <cygwin AT cygwin DOT com>
Reply-To:	Mark Geisert <mark AT maxrnd DOT com>
Errors-To:	cygwin-bounces~archive-cygwin=delorie DOT com AT cygwin DOT com
Sender:	"Cygwin" <cygwin-bounces~archive-cygwin=delorie DOT com AT cygwin DOT com>
X-MIME-Autoconverted:	from base64 to 8bit by delorie.com id 53N5Dhgr1980277

webmaster	delorie software privacy
Copyright � 2019 by DJ Delorie	Updated Jul 2019