From: Ken Harris <Ken.Harris@mathworks.com>
To: "cygwin@cygwin.com" <cygwin@cygwin.com>
Subject: winsup\cygwin\path.cc issues
Date: Wed, 02 May 2018 13:49:00 -0000 [thread overview]
Message-ID: <DM2PR0501MB135811964785E66F84A717128A800@DM2PR0501MB1358.namprd05.prod.outlook.com> (raw)
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain; charset=UTF-8, Size: 3550 bytes --]
Hi:
While originally investigating a sporadic failure in MSYS2, I believe I found that its origin may actually be within Cygwin.
Given the following command sequence on cygwin64 in a CMD.EXE command prompt (on Windows 10 x64 if it matters).
cd C:\Cygwin64\bin
echo.exe running \âtest\â logging to ../../../my.log
two problems appear:
#1 â line 2802 in https://cygwin.com/git/gitweb.cgi?p=newlib-cygwin.git;a=blob;f=winsup/cygwin/path.cc;h=a132a0a7e0418ba921eefab72fade9930baadff3;hb=HEAD
pointer âpâ will underflow if a backslash is not found in âpathâ.
It may be that it finds an (unrelated) backslash in someone elseâs buffer and fails benignlyâ¦but in MSYS2, Iâve see it bump up against unmapped address space a fail very cryptically (as an access violation early in dcrt0.cc initialization before the signal handler is installed).
#2 â The reason it fails to find its expected backslash appears within path.cc again beginning on line 1381, when a drive-letter is inserted into destination path. Later in normalize_win32_path(), when â../â expressions are applied (i.e. lines 1421 and 1441), these calculations donât take into account the size of the inserted drive letter (plus colon) and results in overwriting the top-most slash with pathname characters â which then exercises issue #1.
If echo doesnât crash, there doesnât appear to be any obvious evidence of this error. In fact, from debugging a recent version of Cygwinâs âecho.exeâ, it looked like the environment block occupying memory at a lower address than âpathâ contained plenty of backslashes to break line 2802âs loop. In MSYS2, it seems occasionally (though not always), memory below âpathâ pointer will _not_ contain a backslash. The result seems to be just C0000005 returned by the echo.exe process.
Iâm not familiar with how to build Cygwin so I havenât verified this with putting an assert in code. I did debug echo.exe with WinDBG and following how the caller of NtCreateFile handles C0000034 return value (which least to the âpâ underflow), watched the disassembly for line 2802:
cygwin1!setpassent+0x22a3:
00000001`800de563 8078ff5c cmp byte ptr [rax-1],5Ch ds:00000006`0000ffee=00
march down lower than the path string:
00000006`0000fff0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ..................
00000006`00010002 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ..................
00000006`00010014 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ..................
00000006`00010026 00 00 13 80 00 00 00 00 00 00 43 3a 43 6d 79 2e 6c 6f ..........C:Cmy.lo
00000006`00010038 67 00 20 46 69 6c 65 73 5c 4d 41 54 4c 41 42 00 52 32 g. Files\MATLAB.R2
00000006`0001004a 30 31 38 62 00 6c 6e 6b 00 00 00 00 00 00 00 00 00 00 018b.lnk..........
00000006`0001005c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ..................
00000006`0001006e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ..................
Hope you find this of use.
Thanks,
-ken
\0ТÒÐÐ¥\a&ö&ÆVÒ\a&W\x06÷'G3¢\x02\x02\x02\x02\x02\x02\x06GG\x03¢òö7wvâæ6öÒ÷\a&ö&ÆV×2æFÖÀФd\x15\x13¢\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x06GG\x03¢òö7wvâæ6öÒöf\x17\x12ðФFö7VÖVçF\x17Föã¢\x02\x02\x02\x02\x02\x02\x02\x02\x06GG\x03¢òö7wvâæ6öÒöFö72æFÖÀÐ¥Vç7V'67&&R\x06æfó¢\x02\x02\x02\x02\x02\x06GG\x03¢òö7wvâæ6öÒöÖÂò7Vç7V'67&&R×6×\x06ÆPÐ Ð
next reply other threads:[~2018-05-02 13:49 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-05-02 13:49 Ken Harris [this message]
2018-05-02 17:15 ` Marco Atzeri
2018-05-04 1:23 Ken Harris
2018-05-30 1:04 ` Corinna Vinschen
2018-05-30 11:56 ` Ken Harris
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=DM2PR0501MB135811964785E66F84A717128A800@DM2PR0501MB1358.namprd05.prod.outlook.com \
--to=ken.harris@mathworks.com \
--cc=cygwin@cygwin.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).