luo980/libuv
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

win: fix off-by-1 buffer overrun in uv_exepath() (#3695)

Browse Source 
uv_exepath() wrote the nul byte *after* the end of the buffer. It's not
necessary to write said nul byte in the first place because that was a
workaround for a bug in the Windows XP version of GetModuleFileName().

Fix uv_cwd() in the same fashion, it doesn't need the nul byte either.

Fixes: https://github.com/libuv/libuv/issues/3691
This commit is contained in:
Ben Noordhuis 2022-07-27 21:11:41 +02:00 committed by GitHub
parent 6c692ad1cb
commit df0ac426f3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 0 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/win/util.c
View File

@ -121,9 +121,6 @@ int uv_exepath(char* buffer, size_t* size_ptr) {
goto error;
}
/* utf16_len contains the length, *not* including the terminating null. */
utf16_buffer[utf16_len] = L'\0';
/* Convert to UTF-8 */
utf8_len = WideCharToMultiByte(CP_UTF8,
0,
@ -175,9 +172,6 @@ int uv_cwd(char* buffer, size_t* size) {
return uv_translate_sys_error(GetLastError());
}
/* utf16_len contains the length, *not* including the terminating null. */
utf16_buffer[utf16_len] = L'\0';
/* The returned directory should not have a trailing slash, unless it points
* at a drive root, like c:\. Remove it if needed. */
if (utf16_buffer[utf16_len - 1] == L'\\' &&