axis-c-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "hyeyoung yooon (JIRA)" <j...@apache.org>
Subject [jira] Issue Comment Edited: (AXIS2C-724) potential access violation in dir_windows.c
Date Mon, 07 Jan 2008 12:47:34 GMT

    [ https://issues.apache.org/jira/browse/AXIS2C-724?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12556547#action_12556547
] 

seera edited comment on AXIS2C-724 at 1/7/08 4:47 AM:
---------------------------------------------------------------

I'm agree with Atsushi.

There's something wrong in scandir().
Actually, My program didn't work properly using this function.

Did you find the solution about that?

I found the solution.

vector[nfiles++] = (struct dirent *) memcpy(newdp, dp, dsize);
==>     vector[nfiles++] = (struct dirent *) memcpy(newdp, dp, sizeof(struct dirent));

That will be ok.

      was (Author: seera):
    I'm agree with Atsushi.

There's something wrong in scandir().
Actually, My program didn't work properly using this function.

Did you find the solution about that?
  
> potential access violation in dir_windows.c
> -------------------------------------------
>
>                 Key: AXIS2C-724
>                 URL: https://issues.apache.org/jira/browse/AXIS2C-724
>             Project: Axis2-C
>          Issue Type: Bug
>          Components: platforms/windows
>    Affects Versions: 1.1.0
>         Environment: OS:WindowsXP
>            Reporter: Atsushi Monna
>
> I think scandir() has a potential access violation in dir_windows.c.
> The following is an extraction of scandir().
> int AXIS2_CALL scandir(const char *_dirname, 
> 	struct dirent **__namelist[], 
> 	int(*selector)(const struct dirent *entry), 
> 	int(*compare)(const struct dirent **__d1, const struct dirent **__d2))
> {
>     DIR            *dirp = NULL;
>     struct dirent  **vector = NULL;
>     struct dirent  *dp = NULL;
>     int            vector_size = 0;
>     int            nfiles = 0;
>     if (!(dirp = opendir(_dirname)))
>     {
>         return -1;
>     }
>     while ((dp = readdir(dirp)))
>     {
>         dsize = (int)sizeof(struct dirent) + (int)((strlen(dp->d_name) + 1) * sizeof(char));
>         newdp = (struct dirent *) malloc(dsize);
>         if (newdp == NULL)
>         {
>             while (nfiles-- > 0)
>             {
>                 free(vector[nfiles]);
>             }
>             free(vector);
>             return -1;
>         }
>         vector[nfiles++] = (struct dirent *) memcpy(newdp, dp, dsize);
>     }
> Using memcpy() like this.
>   vector[nfiles++] = (struct dirent *) memcpy(newdp, dp, dsize);
> The "dsize" defined like this.
>   dsize = (int)sizeof(struct dirent) + (int)((strlen(dp->d_name) + 1) * sizeof(char));
> The "dp"(copy src) has only size of "struct dirent". Less size than "dsize".
> When access over "dp", it has potential access violation.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: axis-c-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-c-dev-help@ws.apache.org


Mime
View raw message