From 9c9f0ee802b1132cebd12679cb9398ae9d96dcc3 Mon Sep 17 00:00:00 2001
From: Corinna Vinschen <corinna@vinschen.de>
Date: Tue, 20 May 2014 11:20:02 +0000
Subject: [PATCH] 	* fhandler_process.cc (get_mem_values): Rearrange code
 slightly to 	avoid resource leakage (CID 59973). 	(format_process_stat):
 Drop temporary variable wcmd and avoid 	string copy without length
 check (CID 60050). 	(format_process_status): Ditto (CID 60051).

---
 winsup/cygwin/ChangeLog           |  8 ++++++++
 winsup/cygwin/fhandler_process.cc | 20 +++++++++-----------
 2 files changed, 17 insertions(+), 11 deletions(-)

diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog
index b128aabfb..202a6cfb0 100644
--- a/winsup/cygwin/ChangeLog
+++ b/winsup/cygwin/ChangeLog
@@ -1,3 +1,11 @@
+2014-05-20  Corinna Vinschen  <corinna@vinschen.de>
+
+	* fhandler_process.cc (get_mem_values): Rearrange code slightly to
+	avoid resource leakage (CID 59973).
+	(format_process_stat): Drop temporary variable wcmd and avoid
+	string copy without length check (CID 60050).
+	(format_process_status): Ditto (CID 60051).
+
 2014-05-20  Corinna Vinschen  <corinna@vinschen.de>
 
 	* fhandler_proc.cc (format_proc_swaps): Use tmp_pathbuf for filename,
diff --git a/winsup/cygwin/fhandler_process.cc b/winsup/cygwin/fhandler_process.cc
index fa628a65e..a6e326cd3 100644
--- a/winsup/cygwin/fhandler_process.cc
+++ b/winsup/cygwin/fhandler_process.cc
@@ -946,7 +946,6 @@ format_process_stat (void *data, char *&destbuf)
 {
   _pinfo *p = (_pinfo *) data;
   char cmd[NAME_MAX + 1];
-  WCHAR wcmd[NAME_MAX + 1];
   int state = 'R';
   unsigned long fault_count = 0UL,
 		utime = 0UL, stime = 0UL,
@@ -958,8 +957,8 @@ format_process_stat (void *data, char *&destbuf)
   else
     {
       PWCHAR last_slash = wcsrchr (p->progname, L'\\');
-      wcscpy (wcmd, last_slash ? last_slash + 1 : p->progname);
-      sys_wcstombs (cmd, NAME_MAX + 1, wcmd);
+      sys_wcstombs (cmd, NAME_MAX + 1,
+		    last_slash ? last_slash + 1 : p->progname);
       int len = strlen (cmd);
       if (len > 4)
 	{
@@ -1070,14 +1069,13 @@ format_process_status (void *data, char *&destbuf)
 {
   _pinfo *p = (_pinfo *) data;
   char cmd[NAME_MAX + 1];
-  WCHAR wcmd[NAME_MAX + 1];
   int state = 'R';
   const char *state_str = "unknown";
-  unsigned long vmsize = 0UL, vmrss = 0UL, vmdata = 0UL, vmlib = 0UL, vmtext = 0UL,
-		vmshare = 0UL;
+  unsigned long vmsize = 0UL, vmrss = 0UL, vmdata = 0UL, vmlib = 0UL,
+		vmtext = 0UL, vmshare = 0UL;
+
   PWCHAR last_slash = wcsrchr (p->progname, L'\\');
-  wcscpy (wcmd, last_slash ? last_slash + 1 : p->progname);
-  sys_wcstombs (cmd, NAME_MAX + 1, wcmd);
+  sys_wcstombs (cmd, NAME_MAX + 1, last_slash ? last_slash + 1 : p->progname);
   int len = strlen (cmd);
   if (len > 4)
     {
@@ -1345,9 +1343,6 @@ get_mem_values (DWORD dwProcessId, unsigned long *vmsize, unsigned long *vmrss,
   PMEMORY_WORKING_SET_LIST p;
   SIZE_T n = 0x4000, length;
 
-  p = (PMEMORY_WORKING_SET_LIST) malloc (n);
-  if (!p)
-    return false;
   hProcess = OpenProcess (PROCESS_QUERY_INFORMATION, FALSE, dwProcessId);
   if (hProcess == NULL)
     {
@@ -1355,6 +1350,9 @@ get_mem_values (DWORD dwProcessId, unsigned long *vmsize, unsigned long *vmrss,
       debug_printf ("OpenProcess, %E");
       return false;
     }
+  p = (PMEMORY_WORKING_SET_LIST) malloc (n);
+  if (!p)
+    goto out;
   while (true)
     {
       status = NtQueryVirtualMemory (hProcess, 0, MemoryWorkingSetList,