Re: [AD] 4.2.1 showstopper bug in pack_fopen

Re: [AD] 4.2.1 showstopper bug in pack_fopen_chunk()

[ Thread Index | Date Index | More lists.liballeg.org/allegro-developers Archives ]

To: Coordination of admins/developers of the game programming library Allegro <alleg-developers@xxxxxxxxxx>
Subject: Re: [AD] 4.2.1 showstopper bug in pack_fopen_chunk()
From: Andrei Ellman <ae-a-alleg@xxxxxxxxxx>
Date: Tue, 19 Sep 2006 02:42:39 +0200
Organization: Wacko Software

OK, I've returned from my holiday, and have come up with a patch thatfixes both the GetTempPath() string-size bug (Windows) and thefree()'ing tmpnam_string bug (all platforms).

The fix for the GetTempPath() bug actually involved changing the '>' toa '<'. I had originally assumed that the code was trying to save memoryby pruning the excess length from the string-buffer (which I assumedwhen I single-stepped the code in the debugger), but then realised thatit was supposed to grow the buffer if it was too small (which it failedto do, but because the default length was sufficiently large, this didnot show up). While GetTempPath() does not add the terminating \0 to thesize it returns if the buffer was sufficiently large, it does include itwhen the buffer is too small. Also, GetTempPath()'s nBufferLengthparamater and return value are actually lengths in TCHARs, so I alsomodified the realloc() call to realloc(tmp_dir, size * sizeof(TCHAR)).

As for the free()'ing tmpnam_string bug, as well as looking it up on themicrosoft site as I did in my last post, I also looked it up in the libcreference at DJ Delorie's site, and came to the conclusion that thereturn value of tmpnam(NULL) always points to an internal buffer. Thismeant all I had to do was get rid of the line that free()'d tmpnam_string.

While this fixes the bugs, there are still some style-related issues inpack_fopen_chunk() that I have not fixed. There apperas to be someinconsistencies in the usage of _AL_MALLOC/_AL_FREE etc. and malloc/free. For example, the lines

         _AL_FREE(tmp_dir);
         _AL_FREE(tmp_name);
appear, and a few lines later,
      free(tmp_dir);
      free(tmp_name);
appear.

At the moment, _AL_MALLOC/_AL_FREE are the same as their libcequivalents in the 4.2 branch, but if this were to change, things couldstart to go wrong.

Also, I've not fixed the issue of the temporary filename under Windowscontaining a '\/\' sequence it it's path, although W2K manages to copewith it and treat it like a regular '\'.

Anyway, I've tried this fix out with the code that caused the originalproblem to show up, and the resulting patch has eliminated the problem.Note that the patch is against the version of 4.2.1 that Evert postedsome 3 weeks ago (this might be RC2). At the moment, I've only tested iton W2K, MSVC6, Debug-DLL and Debug-Staticlink builds.

AE.

*** file.c.old	Sun Jul 16 22:16:48 2006
--- file.c	Tue Sep 19 00:45:43 2006
*************** PACKFILE *pack_fopen_chunk(PACKFILE *f, 
*** 1960,1968 ****
           /* Get the path of the temporary directory */
           do {
              size = new_size;
!             tmp_dir = realloc(tmp_dir, size);
              new_size = GetTempPath(size, tmp_dir);
!          } while ( (size > new_size) && (new_size > 0) );
           
           /* Check if we retrieved the path OK */
           if (new_size == 0)
--- 1960,1968 ----
           /* Get the path of the temporary directory */
           do {
              size = new_size;
!             tmp_dir = realloc(tmp_dir, size * sizeof(TCHAR));
              new_size = GetTempPath(size, tmp_dir);
!          } while ( (size < new_size) && (new_size > 0) );
           
           /* Check if we retrieved the path OK */
           if (new_size == 0)
*************** PACKFILE *pack_fopen_chunk(PACKFILE *f, 
*** 2004,2013 ****
           /* note: since the filename creation and the opening are not
            * an atomic operation, this is not secure
            */
!          tmpnam_string = tmpnam(NULL);
           tmp_name = _AL_MALLOC_ATOMIC(strlen(tmp_dir) + strlen(tmpnam_string) + 2);
           sprintf(tmp_name, "%s/%s", tmp_dir, tmpnam_string);
-          _AL_FREE(tmpnam_string);
  
           if (tmp_name) {
  #ifndef ALLEGRO_MPW
--- 2004,2012 ----
           /* note: since the filename creation and the opening are not
            * an atomic operation, this is not secure
            */
!          tmpnam_string = tmpnam(NULL); /* Note: tmpnam_string now points to an internal buffer which does not need to be free()'d */
           tmp_name = _AL_MALLOC_ATOMIC(strlen(tmp_dir) + strlen(tmpnam_string) + 2);
           sprintf(tmp_name, "%s/%s", tmp_dir, tmpnam_string);
  
           if (tmp_name) {
  #ifndef ALLEGRO_MPW

References:
- [AD] 4.2.1 showstopper bug in pack_fopen_chunk()
  - From: Andrei Ellman

Messages sorted by: [ date | thread ]
Prev by Date: Re: [AD] allegro-4.2.0 compilation error with gcc-4.1.2
Next by Date: Re: [AD] Unix/Linux debug library so's
Previous by thread: Re: [AD] 4.2.1 showstopper bug in pack_fopen_chunk()
Next by thread: [AD] Bug with transparent ellipses

Mail converted by MHonArc 2.6.19+

http://listengine.tuxfamily.org/