| Re: [AD] 4.2.1 showstopper bug in pack_fopen_chunk() |
[ Thread Index |
Date Index
| More lists.liballeg.org/allegro-developers Archives
]
- To: Coordination of admins/developers of the game programming library Allegro <alleg-developers@xxxxxxxxxx>
- Subject: Re: [AD] 4.2.1 showstopper bug in pack_fopen_chunk()
- From: Evert Glebbeek <eglebbk@xxxxxxxxxx>
- Date: Sun, 03 Sep 2006 22:41:13 +0200
> > there is an overflow. According to the docs for GetTempPath() at
> >
>
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/fileio/fs/gettemppath.asp
> > , the size returned by the function does not take the terminating NULL
> > into account. This means that at the next call to realloc(), the
> string
> > is one byte short, and on the next call to GetTempPath(), it somehow
> > ends up without a terminating \0 character.
>
> Changing the test to (size >= new_size) should be enough, right?
Should be, as far as I can see.
> > Also, I notice that _AL_FREE() is used to free the
> > string generated by the following line (2007)
> >
> > tmpnam_string = tmpnam(NULL);
> >
> > However, according to
> >
>
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/vccore98/HTML/_crt__tempnam.2c_._wtempnam.2c_.tmpnam.2c_._wtmpnam.asp
> >
> > tmpnam() returns a pointer to an internal buffer, rather than an
> > allocated string, so it does not need to be freed.
>
> Thanks. This might be the bug you're looking for. Can you just delete
> that line and check again?
I think Andrei said he'd be away for a while; cansomeone else check this?
> It's not a bug since Windows allows both / and \ as path separators.
I agree, but it does look damn ugly! ;)
Evert