DMARC-Filter: OpenDMARC Filter v1.4.2 delorie.com 53O6gKw22618270 Authentication-Results: delorie.com; dmarc=pass (p=none dis=none) header.from=cygwin.com Authentication-Results: delorie.com; spf=pass smtp.mailfrom=cygwin.com DKIM-Filter: OpenDKIM Filter v2.11.0 delorie.com 53O6gKw22618270 Authentication-Results: delorie.com; dkim=pass (1024-bit key, unprotected) header.d=cygwin.com header.i=@cygwin.com header.a=rsa-sha256 header.s=default header.b=FvUFcaNU X-Recipient: archive-cygwin AT delorie DOT com DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org A42F4385780C DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com; s=default; t=1745476938; bh=WFulHfdZYXGwd6cCsBAHVxjuAdlT4AZw7edlpBL8TdI=; h=Date:Subject:To:References:In-Reply-To:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To: From; b=FvUFcaNUH08xnoDEJ+B8EvzMlZyIiMmz75M+SkURjgcCwNnfvaxzgwGZxZgmeVFXB YccfW3IuhMA+cCnMHzedGmz+A9Kv0UTCELADvAYUGIO11OrM4PKBicu4fH74GpaApQ FShWEEKj1fhQerqiEsROO4PkGzmMj7sLI1YS3cLw= X-Original-To: cygwin AT cygwin DOT com Delivered-To: cygwin AT cygwin DOT com DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 77B6A3858D26 ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 77B6A3858D26 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1745476912; cv=none; b=b+8XO0dO99CrDNESvd475wfsfhSYTxxLv0BemZbqvFKnD90mylNGd7kfis0IxEi5HXDbBZPELy9nHQnskNa8+a8Y4m1ku52SfJYc5TzM+0DawdRNB0Ay6Ill7Eo5C/gS1ijK4RoyIjkeqQ7f95h4DxGwLjljGzhU3td8pes/YWY= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1745476912; c=relaxed/simple; bh=HocvfHQNWFxShhu3qNv0Oe0ImXJDCz4NoV+9K6aoVxQ=; h=Message-ID:Date:MIME-Version:Subject:To:From; b=XOflZYxTV7JZ3JplE8bCBlAqXykoJMZh7weNmLMKX7VOysmhKW5BdB0GMDzD7NCPjXsycHZPDn6VyIGZvt8Q1fvOmhge8Xm7eVqO7AOWdi8/L6ULZ0nHoNX13nYnzfh8xpnmgMM2CAf2MbKh+rEkeSW7vMpP9oKbhPJdZMtCioY= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 77B6A3858D26 Message-ID: <1ec4a4d8-69eb-4b6f-8216-d9248b338815@maxrnd.com> Date: Wed, 23 Apr 2025 23:41:57 -0700 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: cygstart: buffer overflow when a URI is passed (cygutils-1.4.17-[23]) To: cygwin AT cygwin DOT com References: <502f1b04-bc0e-4aba-b150-7b9ea3c5ba3b AT gmail DOT com> <7850c4a6-2683-43f9-9d3b-6f4c164b2cb6 AT maxrnd DOT com> <172cbec2-4f19-4bc3-b501-c5ffede1e11a AT maxrnd DOT com> Content-Language: en-US In-Reply-To: X-BeenThere: cygwin AT cygwin DOT com X-Mailman-Version: 2.1.30 Precedence: list List-Id: General Cygwin discussions and problem reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Mark Geisert via Cygwin Reply-To: Mark Geisert Content-Type: text/plain; charset="utf-8"; Format="flowed" Errors-To: cygwin-bounces~archive-cygwin=delorie DOT com AT cygwin DOT com Sender: "Cygwin" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from base64 to 8bit by delorie.com id 53O6gKw22618270 On 4/23/2025 3:59 AM, Christian Franke via Cygwin wrote: > Mark Geisert via Cygwin wrote: >> Drat, typo alert: >> >>> It looks to me like that 'if' statement should read >>> if (mbstowcs (*wcs_path, *mbs_path, len) ... >> >> if (mbstowcs (*wcspath, mbs_path, len) ... >> > > Use 'len + 1', otherwise the result would possibly be not null terminated. > > POSIX says: "The array shall not be zero-terminated if the value > returned is /n/.". > Linux mbstowcs(3) says: "... the programmer should make sure dsize is > greater than or equal to mbstowcs(NULL,src,0)+1." > > Example: [...] Thank you for the demonstration code. I was actually asking about something more subtle in the cygstart code but muffed that with typos; you've answered that question as well :). A new version 1.4.17-4 of the cygutils packages with a corrected 'cygstart' is now making its way to the mirrors. Thanks all, ..mark -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation: https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple