cURL
Haxx ad
libcurl
Mailing Lists

curl's project page on SourceForge.net

Sponsors:
Haxx

cURL > Mailing List > Monthly Index > Single Mail

curl-tracker mailing list Archives

[ curl-Bugs-1595348 ] Stack overwrite under 64-bit Windows

From: SourceForge.net <noreply_at_sourceforge.net>
Date: Sun, 12 Nov 2006 17:33:23 -0800

Bugs item #1595348, was opened at 2006-11-12 17:33
Message generated for change (Tracker Item Submitted) made by Item Submitter
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100976&aid=1595348&group_id=976

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: libcurl
Group: None
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: Nobody/Anonymous (nobody)
Assigned to: Daniel Stenberg (bagder)
Summary: Stack overwrite under 64-bit Windows

Initial Comment:
PROBLEM

If compiled for Windows x64 (and possibly other 64-bit
platforms), the function Curl_httpchunk_read() in
http_chunks.c causes a stack overwrite in its caller.

This applies to libcurl 7.16.0 (and probably earlier
versions).

CAUSE

This is caused by this line: http_chunks.c(111):

  size_t *wrote = (size_t *)wrotep;

The wrotep argument is of type (ssize_t *). This cast
tacitly assumes that sizeof(size_t) == sizeof(ssize_t).

In config-win32.h 'ssize_t' defaults to 'int'. This
works on 32-bit Windows platforms, but on 64-bit
platforms 'size_t' is widened to 64 bits (unsigned
__int64) and writing through *wrote writes 64 bits,
whereas wrotep only addresses 32 bits (namely, the
'int' that 'ssize_t' defaults to). In other words,
sizeof(size_t) > sizeof(ssize_t) in that case.

RESOLUTION

In config_win32.h, change the lines:

/* Define to 'int' if ssize_t is not an available
'typedefed' type */
#if (defined(__WATCOMC__) && (__WATCOMC__ >= 1240)) ||
defined(__POCC__)
#else
#define ssize_t int
#endif

...to:

/* Define to 'long' or '__int64' if ssize_t is not an
available 'typedefed' type */
#if (defined(__WATCOMC__) && (__WATCOMC__ >= 1240)) ||
defined(__POCC__)
#elif defined(_WIN64)
#define ssize_t __int64
#else
#define ssize_t long
#endif

Best wishes,
Ron <support_at_tarma.com>

----------------------------------------------------------------------

You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100976&aid=1595348&group_id=976
Received on 2006-11-13

These mail archives are generated by hypermail.

donate! Page updated November 12, 2010.
web site info

File upload with ASP.NET