This is the mail archive of the
cygwin@sources.redhat.com
mailing list for the Cygwin project.
mingw > 20001111: fstat bug: buffer overflow?
- To: <cygwin at cygwin dot com>
- Subject: mingw > 20001111: fstat bug: buffer overflow?
- From: Reuben Thomas <rrt1001 at cam dot ac dot uk>
- Date: Tue, 20 Feb 2001 15:12:05 +0000 (GMT)
In mingw versions later than 20001111, i.e. 20001225 and 20010130, fstat
seems to overrun the stat buffer passed to it. This is illustrated by the
following program, in which if a simple struct stat is passed to test, foo
crashes when it tries to return (presumably the return address is
overwritten). If a struct bar (with extra padding before and after the
struct stat) is used instead, there is no error.
>From looking at /usr/include/mingw/stat.h, it seems that there are at least
two different versions of struct stat in play, potentially with different
types, but I don't claim to understand what's going on.
#include <stddef.h>
#include <stdio.h>
#include <sys/stat.h>
struct bar {
double a;
struct stat sb;
double b;
};
int test(void) {
/* either */
struct bar s;
printf("%d\n", fstat(1, &(s.sb)));
/* or
struct stat sb;
printf("%d\n", fstat(1, &sb));
*/
return 0;
}
int foo(void) {
fprintf(stderr, "%d\n", test());
fflush(stderr);
return 1;
}
int main(void) {
printf("%d\n", foo());
return 0;
}
--
Want to unsubscribe from this list?
Check out: http://cygwin.com/ml/#unsubscribe-simple