potential access violation in dir_windows.c
-------------------------------------------
Key: AXIS2C-724
URL: https://issues.apache.org/jira/browse/AXIS2C-724
Project: Axis2-C
Issue Type: Bug
Components: platforms/windows
Affects Versions: 1.1.0
Environment: OS:WindowsXP
Reporter: Atsushi Monna
I think scandir() has a potential access violation in dir_windows.c.
The following is an extraction of scandir().
int AXIS2_CALL scandir(const char *_dirname,
struct dirent **__namelist[],
int(*selector)(const struct dirent *entry),
int(*compare)(const struct dirent **__d1, const struct dirent **__d2))
{
DIR *dirp = NULL;
struct dirent **vector = NULL;
struct dirent *dp = NULL;
int vector_size = 0;
int nfiles = 0;
if (!(dirp = opendir(_dirname)))
{
return -1;
}
while ((dp = readdir(dirp)))
{
dsize = (int)sizeof(struct dirent) + (int)((strlen(dp->d_name) + 1) *
sizeof(char));
newdp = (struct dirent *) malloc(dsize);
if (newdp == NULL)
{
while (nfiles-- > 0)
{
free(vector[nfiles]);
}
free(vector);
return -1;
}
vector[nfiles++] = (struct dirent *) memcpy(newdp, dp, dsize);
}
Using memcpy() like this.
vector[nfiles++] = (struct dirent *) memcpy(newdp, dp, dsize);
The "dsize" defined like this.
dsize = (int)sizeof(struct dirent) + (int)((strlen(dp->d_name) + 1) *
sizeof(char));
The "dp"(copy src) has only size of "struct dirent". Less size than "dsize".
When access over "dp", it has potential access violation.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
