* cygtls.h (TP_NUM_C_BUFS): Raise to 50 to allow SYMLOOP_MAX recursions

path_conv <-> normalize_posix_path, plus a bit of buffer.
	(TP_NUM_W_BUFS): Ditto.
	(class san): Change type of _c_cnt and _w_cnt to unsigned.
	* path.cc (normalize_posix_path): Guard recursion into path_conv
	against tmp_pathbuf overflow.  Generate normalized path in call to
	path_conv.  If the path is valid, replace dst with the normalized_path
	from path_conv call.  Add comment to explain why we're doing this.
	* tls_pbuf.cc (tls_pathbuf::destroy): Only free buffers until the
	first buffer pointer is NULL.
	(tmp_pathbuf::c_get): Simplify error message.
	(tmp_pathbuf::w_get): Ditto.
	* tls_pbuf.h (class tmp_pathbuf): Change type of c_buf_old and w_buf_old
	to unsigned.
	(tmp_pathbuf::check_usage): New inline method to check if we have
	enough tmp_pathbuf buffers left to call a function using tmp_pathbuf
	buffers.
	* tlsoffsets.h: Regenerate.
	* tlsoffsets64.h: Regenerate.
This commit is contained in:
Corinna Vinschen
2014-04-18 14:29:49 +00:00
parent d98d7f3973
commit 7ae3e6b3d4
8 changed files with 282 additions and 233 deletions

View File

@@ -1,6 +1,6 @@
/* tls_pbuf.cc
Copyright 2008, 2010 Red Hat, Inc.
Copyright 2008, 2010, 2014 Red Hat, Inc.
This software is a copyrighted work licensed under the terms of the
Cygwin license. Please consult the file "CYGWIN_LICENSE" for
@@ -16,12 +16,10 @@ details. */
void
tls_pathbuf::destroy ()
{
for (int i = 0; i < TP_NUM_C_BUFS; ++i)
if (c_buf[i])
free (c_buf[i]);
for (int i = 0; i < TP_NUM_W_BUFS; ++i)
if (w_buf[i])
free (w_buf[i]);
for (unsigned i = 0; i < TP_NUM_C_BUFS && c_buf[i]; ++i)
free (c_buf[i]);
for (unsigned i = 0; i < TP_NUM_W_BUFS && w_buf[i]; ++i)
free (w_buf[i]);
}
tmp_pathbuf::tmp_pathbuf ()
@@ -39,7 +37,7 @@ char *
tmp_pathbuf::c_get ()
{
if (tls_pbuf.c_cnt >= TP_NUM_C_BUFS)
api_fatal ("Internal error: TP_NUM_C_BUFS too small: %u > %u", tls_pbuf.c_cnt, TP_NUM_C_BUFS);
api_fatal ("Internal error: TP_NUM_C_BUFS too small: %u", TP_NUM_C_BUFS);
if (!tls_pbuf.c_buf[tls_pbuf.c_cnt]
&& !(tls_pbuf.c_buf[tls_pbuf.c_cnt] = (char *) malloc (NT_MAX_PATH)))
api_fatal ("Internal error: Out of memory for new path buf.");
@@ -50,7 +48,7 @@ PWCHAR
tmp_pathbuf::w_get ()
{
if (tls_pbuf.w_cnt >= TP_NUM_W_BUFS)
api_fatal ("Internal error: TP_NUM_W_BUFS too small %d >= %d.", tls_pbuf.w_cnt, TP_NUM_W_BUFS);
api_fatal ("Internal error: TP_NUM_W_BUFS too small: %u.", TP_NUM_W_BUFS);
if (!tls_pbuf.w_buf[tls_pbuf.w_cnt]
&& !(tls_pbuf.w_buf[tls_pbuf.w_cnt]
= (PWCHAR) malloc (NT_MAX_PATH * sizeof (WCHAR))))