You are viewing a plain text version of this content. The canonical link for it is here.
Posted to c-dev@axis.apache.org by "Senaka Fernando (JIRA)" <ji...@apache.org> on 2008/02/09 22:11:08 UTC
[jira] Updated: (AXIS2C-724) potential access violation in
dir_windows.c
[ https://issues.apache.org/jira/browse/AXIS2C-724?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Senaka Fernando updated AXIS2C-724:
-----------------------------------
Fix Version/s: 1.3.0
> potential access violation in dir_windows.c
> -------------------------------------------
>
> Key: AXIS2C-724
> URL: https://issues.apache.org/jira/browse/AXIS2C-724
> Project: Axis2-C
> Issue Type: Bug
> Components: platforms/windows
> Affects Versions: 1.1.0
> Environment: OS:WindowsXP
> Reporter: Atsushi Monna
> Assignee: Senaka Fernando
> Fix For: 1.3.0
>
>
> I think scandir() has a potential access violation in dir_windows.c.
> The following is an extraction of scandir().
> int AXIS2_CALL scandir(const char *_dirname,
> struct dirent **__namelist[],
> int(*selector)(const struct dirent *entry),
> int(*compare)(const struct dirent **__d1, const struct dirent **__d2))
> {
> DIR *dirp = NULL;
> struct dirent **vector = NULL;
> struct dirent *dp = NULL;
> int vector_size = 0;
> int nfiles = 0;
> if (!(dirp = opendir(_dirname)))
> {
> return -1;
> }
> while ((dp = readdir(dirp)))
> {
> dsize = (int)sizeof(struct dirent) + (int)((strlen(dp->d_name) + 1) * sizeof(char));
> newdp = (struct dirent *) malloc(dsize);
> if (newdp == NULL)
> {
> while (nfiles-- > 0)
> {
> free(vector[nfiles]);
> }
> free(vector);
> return -1;
> }
> vector[nfiles++] = (struct dirent *) memcpy(newdp, dp, dsize);
> }
> Using memcpy() like this.
> vector[nfiles++] = (struct dirent *) memcpy(newdp, dp, dsize);
> The "dsize" defined like this.
> dsize = (int)sizeof(struct dirent) + (int)((strlen(dp->d_name) + 1) * sizeof(char));
> The "dp"(copy src) has only size of "struct dirent". Less size than "dsize".
> When access over "dp", it has potential access violation.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-c-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-c-dev-help@ws.apache.org