DMARC-Filter: OpenDMARC Filter v1.4.2 delorie.com 53NB0cFD2134618
Authentication-Results: delorie.com; dmarc=pass (p=none dis=none) header.from=cygwin.com
Authentication-Results: delorie.com; spf=pass smtp.mailfrom=cygwin.com
DKIM-Filter: OpenDKIM Filter v2.11.0 delorie.com 53NB0cFD2134618
Authentication-Results: delorie.com;
	dkim=pass (1024-bit key, unprotected) header.d=cygwin.com header.i=@cygwin.com header.a=rsa-sha256 header.s=default header.b=uy1+jiJN
X-Recipient: archive-cygwin AT delorie DOT com
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 7CC833857348
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com;
	s=default; t=1745406036;
	bh=Zpnfycpb/xQNnROeoBc+NScKx/OTxg7z0o9XQLBqKpk=;
	h=Subject:To:References:Date:In-Reply-To:List-Id:List-Unsubscribe:
	 List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:Cc:
	 From;
	b=uy1+jiJN1NApIgUhyrkUoBfX1zf3IWFNqF1lu3YicxAJ3VeMSz5uPZn1Br0hXtTYe
	 oIVfRMWfdJgcQTLY+1Zf0VPevIOxe//t8DaPch9xL5sNJsL/BGl3FsPNWmuly3q0Iw
	 92i7EA/teVFHsCvHEm7TjUeQ/yFeQvGBQClHjANw=
X-Original-To: cygwin AT cygwin DOT com
Delivered-To: cygwin AT cygwin DOT com
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 8A8B03858D26
ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 8A8B03858D26
ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1745405973; cv=none;
 b=X5WqXPVaLR/CC519Kxz5zhTjOyJ1Iz5vF1cQeAf0wLdXqOeUu01a3tP02ZJXOYH2nQ2G3cBTJpPH2zZdAIb2DJZP/mKdsIoNezCLe/tLdNFretktSWsqysSYuxM6kRxJGoAgPDsG9KdFeEURGFJL8xBYh0I2v5zi8mC6Pa0+6cg=
ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key;
 t=1745405973; c=relaxed/simple;
 bh=Ou1likbUSWYSBaoTz21zoe15Ww/jHAJOSn9cxNH4k3c=;
 h=Subject:To:From:Message-ID:Date:MIME-Version;
 b=CQfLhFI2BV6W0kmRl1fzxFo/eeFQF6ZsVDggiPpDJjBCMROhxv5HKOL56tHSt/MJ4+VUr0vOpfj0yDToOVksBp84KIhs4bGbz9Mw0psUvwt9BdkU0xl7n+eRarUjcZnaqIsn4G8USyKvRvUpzNA1+bi43dnTb/hZA71O0VDoTyI=
ARC-Authentication-Results: i=1; server2.sourceware.org
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 8A8B03858D26
Subject: Re: cygstart: buffer overflow when a URI is passed
 (cygutils-1.4.17-[23])
To: cygwin AT cygwin DOT com
References: <502f1b04-bc0e-4aba-b150-7b9ea3c5ba3b AT gmail DOT com>
 <aa2914e5-9a39-cc64-09b0-4fb4563a8706 AT t-online DOT de>
 <7850c4a6-2683-43f9-9d3b-6f4c164b2cb6 AT maxrnd DOT com>
 <172cbec2-4f19-4bc3-b501-c5ffede1e11a AT maxrnd DOT com>
Message-ID: <cb4802e0-8c74-847d-d48e-2018de870815@t-online.de>
Date: Wed, 23 Apr 2025 12:59:29 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:128.0) Gecko/20100101
 SeaMonkey/2.53.20
MIME-Version: 1.0
In-Reply-To: <172cbec2-4f19-4bc3-b501-c5ffede1e11a@maxrnd.com>
X-TOI-EXPURGATEID: 150726::1745405966-1D7F9A5A-BD9CE5D5/0/0 CLEAN NORMAL
X-TOI-MSGID: 772634fd-aa3b-4b1b-ba4a-27f50edfadda
X-BeenThere: cygwin AT cygwin DOT com
X-Mailman-Version: 2.1.30
Precedence: list
List-Id: General Cygwin discussions and problem reports <cygwin.cygwin.com>
List-Unsubscribe: <https://cygwin.com/mailman/options/cygwin>,
 <mailto:cygwin-request AT cygwin DOT com?subject=unsubscribe>
List-Archive: <https://cygwin.com/pipermail/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-request AT cygwin DOT com?subject=help>
List-Subscribe: <https://cygwin.com/mailman/listinfo/cygwin>,
 <mailto:cygwin-request AT cygwin DOT com?subject=subscribe>
From: Christian Franke via Cygwin <cygwin AT cygwin DOT com>
Reply-To: cygwin AT cygwin DOT com
Cc: Christian Franke <Christian DOT Franke AT t-online DOT de>
Content-Type: text/plain; charset="utf-8"; Format="flowed"
Errors-To: cygwin-bounces~archive-cygwin=delorie DOT com AT cygwin DOT com
Sender: "Cygwin" <cygwin-bounces~archive-cygwin=delorie DOT com AT cygwin DOT com>
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from base64 to 8bit by delorie.com id 53NB0cFD2134618

Mark Geisert via Cygwin wrote:
> Drat, typo alert:
>
>> It looks to me like that 'if' statement should read
>>    if (mbstowcs (*wcs_path, *mbs_path, len) ...
>
>     if (mbstowcs (*wcspath, mbs_path, len) ...
>

Use 'len + 1', otherwise the result would possibly be not null terminated.

POSIX says: "The array shall not be zero-terminated if the value 
returned is /n/.".
Linux mbstowcs(3) says: "... the programmer should make sure dsize is 
greater than or equal to mbstowcs(NULL,src,0)+1."

Example:

#include <stdio.h>
#include <stdlib.h>

int main()
{
   const char src[] = "123";
   wchar_t dst[4] = L"...!";
   size_t len = mbstowcs(NULL, src, 0);
   printf("len=%zu\n", len);
   mbstowcs(dst, src, len);
   printf("len:   '%.4S'\n", dst);
   mbstowcs(dst, src, len+1);
   printf("len+1: '%.4S'\n", dst);
   printf("len+2:\n");
   mbstowcs(dst, src, len+2);
   return 0;
}

Result if compiled with -O -D_FORTIFY_SOURCE:

len=3
len:   '123!'
len+1: '123'
len+2:
*** buffer overflow detected ***: terminated
Aborted

-- 
Regards,
Christian


-- 
Problem reports:      https://cygwin.com/problems.html
FAQ:                  https://cygwin.com/faq/
Documentation:        https://cygwin.com/docs.html
Unsubscribe info:     https://cygwin.com/ml/#unsubscribe-simple