mirror of
git://sourceware.org/git/newlib-cygwin.git
synced 2025-02-03 04:50:23 +08:00
5216ec9458
sys_mbstowcs is called with the destination buffer length set to MaximumLength from the receiving UNICODE_STRING buffer. This is twice as much as the actual size of the buffer in wchar_t units, which is the unit expected by sys_mbstowcs. sys_mbstowcs always attaches a NUL, within the destination buffersize given. But if the string is exactly one wchar_t less than the actual buffer, and the buffersize is given too large, sys_mbstowcs writes a NUL one wchar_t beyond the buffer. This has only been exposed with Cygwin 3.1.5 because alloca on newer gcc 9 apparently allocates more tightly. The alloca buffer here is requested with 16 bytes, which is exactly the number of bytes required for the string L"cmd.exe". Older gcc apparently allocated a few more bytes on the stack, while gcc 9 allocates in 16 byte granularity... Fix this by giving the correct destination buffer size to sys_mbstowcs. Fixes: https://cygwin.com/pipermail/cygwin/2020-June/245226.html Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
15 lines
386 B
Groff
15 lines
386 B
Groff
What changed:
|
|
-------------
|
|
|
|
- Support more IPPROTO_TCP socket options: TCP_FASTOPEN, TCP_KEEPIDLE,
|
|
TCP_KEEPCNT, TCP_KEEPINTVL, TCP_QUICKACK, TCP_USER_TIMEOUT.
|
|
|
|
|
|
Bug Fixes:
|
|
----------
|
|
|
|
- Fix IPPROTO_TCP option handling, especially in terms of TCP_MAXSEG.
|
|
|
|
- Fix a buffer overrun in Cygwin-internal string comparison.
|
|
Fixes: https://cygwin.com/pipermail/cygwin/2020-June/245226.html
|