You are viewing a plain text version of this content. The canonical link for it is here.
Posted to c-dev@axis.apache.org by "hyeyoung yooon (JIRA)" <ji...@apache.org> on 2008/01/07 12:38:34 UTC
[jira] Commented: (AXIS2C-724) potential access violation in
dir_windows.c
[ https://issues.apache.org/jira/browse/AXIS2C-724?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12556547#action_12556547 ]
hyeyoung yooon commented on AXIS2C-724:
---------------------------------------
I'm agree with Atsushi.
There's something wrong in scandir().
Actually, My program didn't work properly using this function.
Did you find the solution about that?
> potential access violation in dir_windows.c
> -------------------------------------------
>
> Key: AXIS2C-724
> URL: https://issues.apache.org/jira/browse/AXIS2C-724
> Project: Axis2-C
> Issue Type: Bug
> Components: platforms/windows
> Affects Versions: 1.1.0
> Environment: OS:WindowsXP
> Reporter: Atsushi Monna
>
> I think scandir() has a potential access violation in dir_windows.c.
> The following is an extraction of scandir().
> int AXIS2_CALL scandir(const char *_dirname,
> struct dirent **__namelist[],
> int(*selector)(const struct dirent *entry),
> int(*compare)(const struct dirent **__d1, const struct dirent **__d2))
> {
> DIR *dirp = NULL;
> struct dirent **vector = NULL;
> struct dirent *dp = NULL;
> int vector_size = 0;
> int nfiles = 0;
> if (!(dirp = opendir(_dirname)))
> {
> return -1;
> }
> while ((dp = readdir(dirp)))
> {
> dsize = (int)sizeof(struct dirent) + (int)((strlen(dp->d_name) + 1) * sizeof(char));
> newdp = (struct dirent *) malloc(dsize);
> if (newdp == NULL)
> {
> while (nfiles-- > 0)
> {
> free(vector[nfiles]);
> }
> free(vector);
> return -1;
> }
> vector[nfiles++] = (struct dirent *) memcpy(newdp, dp, dsize);
> }
> Using memcpy() like this.
> vector[nfiles++] = (struct dirent *) memcpy(newdp, dp, dsize);
> The "dsize" defined like this.
> dsize = (int)sizeof(struct dirent) + (int)((strlen(dp->d_name) + 1) * sizeof(char));
> The "dp"(copy src) has only size of "struct dirent". Less size than "dsize".
> When access over "dp", it has potential access violation.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-c-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-c-dev-help@ws.apache.org