On Mon, 28 Apr 2025, Jeremy Drake via Cygwin wrote:
> I was just describing cygwin_conv_path on a rust issue
> (https://github.com/rust-lang/backtrace-rs/pull/704). I was saying that
> the pointer `to` is not accessed when `size` is 0, but it turns out on
> circa line 4022 in path.cc
>
> to = (void *) wcpcpy ((wchar_t *) to, ro_u_globalroot.Buffer);
>
> This is before `size` is checked and lsiz returned if it was zero, or
> ENOSPC set if size is too small, circa line 4060. This seems like a bug
> to me.
Yep, test case
#include <stdio.h>
#include <sys/cygwin.h>
int main(void)
{
wchar_t *buf = cygwin_create_path (CCP_POSIX_TO_WIN_W, "/dev/sda");
if (!buf)
{
perror ("cygwin_create_path");
return 1;
}
printf("%ls\n", buf);
return 0;
}
cygwin_create_path: Bad address
--
Problem reports: https://cygwin.com/problems.html
FAQ: https://cygwin.com/faq/
Documentation: https://cygwin.com/docs.html
Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
