JehanneOS/newlib
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Cygwin: Fix cygheap corruption caused by cloned atomic buffer

Browse Source 
The fhandler_base_overlapped::copyto clears atomic_write_buf on the
clone, but none of the derived classes were doing this.  This allowed
the destructor to double-free the buffer and corrupt cygheap.
Clear atomic_write_buf in copyto of all derived classes.
This commit is contained in:
David McFarland
2018-10-28 16:22:44 -03:00
committed by Corinna Vinschen
parent 08eab6396f
commit af85fdd73f
2 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
winsup/cygwin/fhandler.h
View File

@@ -1216,6 +1216,7 @@ public:
{
x->pc.free_strings ();
*reinterpret_cast<fhandler_pipe *> (x) = *this;
reinterpret_cast<fhandler_pipe *> (x)->atomic_write_buf = NULL;
x->reset (this);
}
@@ -1256,6 +1257,7 @@ public:
{
x->pc.free_strings ();
*reinterpret_cast<fhandler_fifo *> (x) = *this;
reinterpret_cast<fhandler_fifo *> (x)->atomic_write_buf = NULL;
x->reset (this);
}

3
winsup/cygwin/release/2.11.2
View File

@@ -11,3 +11,6 @@ Bug Fixes
- Return ESPIPE rather than EINVAL from lseek on a fifo.
Addresses: https://cygwin.com/ml/cygwin/2018-10/msg00019.html
- Fix a memory corruption when using pipes or FIFOs
Addresses: https://cygwin.com/ml/cygwin-patches/2018-q4/msg00000.html