* fhandler_process.cc (get_mem_values): Rearrange code slightly to

avoid resource leakage (CID 59973). (format_process_stat): Drop temporary variable wcmd and avoid string copy without length check (CID 60050). (format_process_status): Ditto (CID 60051).
2014-05-20 11:20:02 +00:00 · 2014-05-20 11:20:02 +00:00 · 9c9f0ee802
parent 3ccae7b681
commit 9c9f0ee802
2 changed files with 17 additions and 11 deletions
--- a/winsup/cygwin/ChangeLog
+++ b/winsup/cygwin/ChangeLog
@ -1,3 +1,11 @@
+2014-05-20  Corinna Vinschen  <corinna@vinschen.de>
+
+	* fhandler_process.cc (get_mem_values): Rearrange code slightly to
+	avoid resource leakage (CID 59973).
+	(format_process_stat): Drop temporary variable wcmd and avoid
+	string copy without length check (CID 60050).
+	(format_process_status): Ditto (CID 60051).
+
 2014-05-20  Corinna Vinschen  <corinna@vinschen.de>

 	* fhandler_proc.cc (format_proc_swaps): Use tmp_pathbuf for filename,
--- a/winsup/cygwin/fhandler_process.cc
+++ b/winsup/cygwin/fhandler_process.cc
@ -946,7 +946,6 @@ format_process_stat (void *data, char *&destbuf)
 {
  _pinfo *p = (_pinfo *) data;
  char cmd[NAME_MAX + 1];
-  WCHAR wcmd[NAME_MAX + 1];
  int state = 'R';
  unsigned long fault_count = 0UL,
 		utime = 0UL, stime = 0UL,
@ -958,8 +957,8 @@ format_process_stat (void *data, char *&destbuf)
  else
    {
      PWCHAR last_slash = wcsrchr (p->progname, L'\\');
-      wcscpy (wcmd, last_slash ? last_slash + 1 : p->progname);
-      sys_wcstombs (cmd, NAME_MAX + 1, wcmd);
+      sys_wcstombs (cmd, NAME_MAX + 1,
+		    last_slash ? last_slash + 1 : p->progname);
      int len = strlen (cmd);
      if (len > 4)
 	{
@ -1070,14 +1069,13 @@ format_process_status (void *data, char *&destbuf)
 {
  _pinfo *p = (_pinfo *) data;
  char cmd[NAME_MAX + 1];
-  WCHAR wcmd[NAME_MAX + 1];
  int state = 'R';
  const char *state_str = "unknown";
-  unsigned long vmsize = 0UL, vmrss = 0UL, vmdata = 0UL, vmlib = 0UL, vmtext = 0UL,
-		vmshare = 0UL;
+  unsigned long vmsize = 0UL, vmrss = 0UL, vmdata = 0UL, vmlib = 0UL,
+		vmtext = 0UL, vmshare = 0UL;
+
  PWCHAR last_slash = wcsrchr (p->progname, L'\\');
-  wcscpy (wcmd, last_slash ? last_slash + 1 : p->progname);
-  sys_wcstombs (cmd, NAME_MAX + 1, wcmd);
+  sys_wcstombs (cmd, NAME_MAX + 1, last_slash ? last_slash + 1 : p->progname);
  int len = strlen (cmd);
  if (len > 4)
    {
@ -1345,9 +1343,6 @@ get_mem_values (DWORD dwProcessId, unsigned long *vmsize, unsigned long *vmrss,
  PMEMORY_WORKING_SET_LIST p;
  SIZE_T n = 0x4000, length;

-  p = (PMEMORY_WORKING_SET_LIST) malloc (n);
-  if (!p)
-    return false;
  hProcess = OpenProcess (PROCESS_QUERY_INFORMATION, FALSE, dwProcessId);
  if (hProcess == NULL)
    {
@ -1355,6 +1350,9 @@ get_mem_values (DWORD dwProcessId, unsigned long *vmsize, unsigned long *vmrss,
      debug_printf ("OpenProcess, %E");
      return false;
    }
+  p = (PMEMORY_WORKING_SET_LIST) malloc (n);
+  if (!p)
+    goto out;
  while (true)
    {
      status = NtQueryVirtualMemory (hProcess, 0, MemoryWorkingSetList,