[C] fix for ffap crash on Windows (was: [Bug: 21.5-b27] [CRASH] (file-name-directory "1:"))

Wed Nov 1 15:28:30 EST 2006

COMMIT
Adrian Aichner <adrian at xemacs.org> writes:

> Apparently, wcslen naively dereferences its const wchar_t *ws argument
> without checking for a null pointer:
>
> wcslen(const unsigned short * 0x00000000) line 39 + 5 bytes
> XEMACS! 01206394()
>
> I've traced this down to src/intl-win32.c whose functions have blind
> faith in pointers they are being passed.
>
> sysdep.c also contains versions of various wchar functions without
> proper argument checking.
>
> Still investigating ...
>

Thanks for looking into this too, Steve!

The actual crash is caused by 

Ibyte *
mswindows_getdcwd (int drivelet)

not considering a possible NULL return value of:

    cwdext = _getdcwd (drivelet, NULL, 0);

I have put in NULL pointer tests in related areas and changed
DEFUN ("file-name-directory", Ffile_name_directory, 1, 1, 0, /*
to return nil in case
mswindows_getdcwd
returns a NULL working directory.

This now includes
illegal
non-existing
or unavailable
drives.

I'll also post a build report with one check-temacs-only regression,
which I don't think is related to this change.

Greetings!

Adrian

xemacs-21.5-clean ChangeLog patch:
Diff command:   cvs -q diff -U 0
Files affected: src/ChangeLog

Index: src/ChangeLog
===================================================================
RCS file: /pack/xemacscvs/XEmacs/xemacs/src/ChangeLog,v
retrieving revision 1.1003
diff -u -U0 -r1.1003 ChangeLog

--- src/ChangeLog	30 Oct 2006 11:36:59 -0000	1.1003
+++ src/ChangeLog	1 Nov 2006 20:22:53 -0000
@@ -0,0 +1,14 @@
+2006-11-01  Adrian Aichner  <adrian at xemacs.org>
+
+	* sysdep.c (wcslen): Check for NULL pointer.
+	* sysdep.c (strlwr): Ditto.
+	* nt.c (mswindows_getdcwd): Ditto (actual cause of reported
+	crash).
+	* intl-win32.c (wcscmp): Ditto.
+	* intl-win32.c (wcslen): Ditto.
+	* intl-win32.c (wcsncpy): Ditto.
+	* intl-win32.c (wcscpy): Ditto.
+	* intl-win32.c (wcsdup): Ditto.
+	* fileio.c (Ffile_name_directory): Return Qnil when
+	mswindows_getdcwd returns NULL working directory.
+
@@ -42831 +42845 @@
-1998-03-09  Martin Buchholz  <Martin Buchholz <martin at xemacs.org>>
+1998-03-09  Martin Buchholz <martin at xemacs.org>
@@ -42998 +43012 @@
-1998-03-02  Martin Buchholz  <Martin Buchholz <martin at xemacs.org>>
+1998-03-02  Martin Buchholz <martin at xemacs.org>
@@ -45523 +45537 @@
-1997-11-05  Martin Buchholz  <Martin Buchholz <martin at xemacs.org>>
+1997-11-05  Martin Buchholz <martin at xemacs.org>

xemacs-21.5-clean source patch:
Diff command:   cvs -f -z3 -q diff -u -w -N
Files affected: src/fileio.c
===================================================================
RCS src/intl-win32.c
===================================================================
RCS src/nt.c
===================================================================
RCS src/sysdep.c
===================================================================
RCS

Index: src/sysdep.c
===================================================================
RCS file: /pack/xemacscvs/XEmacs/xemacs/src/sysdep.c,v
retrieving revision 1.83
diff -u -w -r1.83 sysdep.c
--- src/sysdep.c	27 Sep 2005 05:32:21 -0000	1.83
+++ src/sysdep.c	1 Nov 2006 20:09:48 -0000
@@ -3491,6 +3491,7 @@
 size_t
 wcslen (const wchar_t *s)
 {
+  if (s == NULL) return NULL;
   const wchar_t *p = s;
 
   while (*p++)
@@ -3508,6 +3509,7 @@
 char *
 strlwr (char *s)
 {
+  if (s == NULL) return NULL;
   REGISTER char *c;
 
   for (c = s; *c; c++)
Index: src/nt.c
===================================================================
RCS file: /pack/xemacscvs/XEmacs/xemacs/src/nt.c,v
retrieving revision 1.48
diff -u -w -r1.48 nt.c
--- src/nt.c	27 Dec 2005 18:51:30 -0000	1.48
+++ src/nt.c	1 Nov 2006 20:09:48 -0000
@@ -1819,6 +1819,7 @@
     cwdext = (Extbyte *) _wgetdcwd (drivelet, NULL, 0);
   else
     cwdext = _getdcwd (drivelet, NULL, 0);
+  if (cwdext == NULL) return NULL;
   TSTR_TO_C_STRING_MALLOC (cwdext, cwd);
   xfree (cwdext, Extbyte *);
   return cwd;
Index: src/intl-win32.c
===================================================================
RCS file: /pack/xemacscvs/XEmacs/xemacs/src/intl-win32.c,v
retrieving revision 1.16
diff -u -w -r1.16 intl-win32.c
--- src/intl-win32.c	16 Sep 2005 08:51:26 -0000	1.16
+++ src/intl-win32.c	1 Nov 2006 20:09:48 -0000
@@ -1569,6 +1569,7 @@
 int
 wcscmp (const wchar_t *s1, const wchar_t *s2)
 {
+  if (s1 == NULL || s2 == NULL) return NULL;
   while (*s1 != '\0' && *s1 == *s2)
     {
       s1++;
@@ -1585,6 +1586,7 @@
 size_t
 wcslen (const wchar_t *str)
 {
+  if (str == NULL) return NULL;
   const wchar_t *start = str;
 
   while (*str)
@@ -1598,6 +1600,7 @@
 wchar_t *
 wcsncpy (wchar_t *dst0, const wchar_t *src0, size_t count)
 {
+  if (dst0 == NULL || src0 == NULL) return NULL;
   wchar_t *dscan;
   const wchar_t *sscan;
 
@@ -1618,6 +1621,7 @@
 wchar_t *
 wcscpy (wchar_t *dst0, const wchar_t *src0)
 {
+  if (dst0 == NULL || src0 == NULL) return NULL;
   wchar_t *s = dst0;
 
   while ((*dst0++ = *src0++))
@@ -1629,6 +1633,7 @@
 wchar_t *
 wcsdup (const wchar_t *str)
 {
+  if (str == NULL) return NULL;
   int len = wcslen (str) + 1;
   wchar_t *val = xnew_array (wchar_t, len);
 
Index: src/fileio.c
===================================================================
RCS file: /pack/xemacscvs/XEmacs/xemacs/src/fileio.c,v
retrieving revision 1.106
diff -u -w -r1.106 fileio.c
--- src/fileio.c	27 Oct 2006 19:07:47 -0000	1.106
+++ src/fileio.c	1 Nov 2006 20:09:49 -0000
@@ -397,11 +397,20 @@
 
       if (wd)
 	{
+	  int size;
 	  qxestrcat (res, wd);
-	  if (!IS_DIRECTORY_SEP (res[qxestrlen (res) - 1]))
-	    qxestrcat (res, (Ibyte *) "/");
+	  size = qxestrlen (res);
+	  if (!IS_DIRECTORY_SEP (res[size - 1]))
+	    {
+	      res[size] = DIRECTORY_SEP;
+	      res[size + 1] = '\0';
+	    }
 	  beg = res;
 	  p = beg + qxestrlen (beg);
+	}
+      else
+	{
+	  return Qnil;
 	}
       if (wd)
 	xfree (wd, Ibyte *);
-- 
Adrian Aichner
 mailto:adrian at xemacs.org
 http://www.xemacs.org/

