cURL cURL > Mailing List > Monthly Index > Single Mail

curl-tracker Archives

[curl:bugs] #612 Stack overwrite under 64-bit Windows

From: Tigzy <tigzy44_at_users.sf.net>
Date: Wed, 15 Apr 2015 15:20:09 +0000

Hello

2. it occurs using cmake, last lines here:
https://github.com/bagder/curl/blob/master/lib/curl_config.h.cmake

3. latest.

---
** [bugs:#612] Stack overwrite under 64-bit Windows**
**Status:** closed-accepted
**Labels:** libcurl 
**Created:** Mon Nov 13, 2006 01:33 AM UTC by Anonymous
**Last Updated:** Tue Apr 14, 2015 08:33 AM UTC
**Owner:** Daniel Stenberg
PROBLEM
If compiled for Windows x64 \(and possibly other 64-bit
platforms\), the function Curl\_httpchunk\_read\(\) in
http\_chunks.c causes a stack overwrite in its caller.
This applies to libcurl 7.16.0 \(and probably earlier
versions\).
CAUSE
This is caused by this line: http\_chunks.c\(111\):
size\_t \*wrote = \(size\_t \*\)wrotep;
The wrotep argument is of type \(ssize\_t \*\). This cast
tacitly assumes that sizeof\(size\_t\) == sizeof\(ssize\_t\).
In config-win32.h 'ssize\_t' defaults to 'int'. This
works on 32-bit Windows platforms, but on 64-bit
platforms 'size\_t' is widened to 64 bits \(unsigned
\_\_int64\) and writing through \*wrote writes 64 bits,
whereas wrotep only addresses 32 bits \(namely, the
'int' that 'ssize\_t' defaults to\). In other words,
sizeof\(size\_t\) > sizeof\(ssize\_t\) in that case.
RESOLUTION
In config\_win32.h, change the lines:
/\* Define to 'int' if ssize\_t is not an available
'typedefed' type \*/
\#if \(defined\(\_\_WATCOMC\_\_\) && \(\_\_WATCOMC\_\_ >= 1240\)\) ||
defined\(\_\_POCC\_\_\)
\#else
\#define ssize\_t int
\#endif
...to:
/\* Define to 'long' or '\_\_int64' if ssize\_t is not an
available 'typedefed' type \*/
\#if \(defined\(\_\_WATCOMC\_\_\) && \(\_\_WATCOMC\_\_ >= 1240\)\) ||
defined\(\_\_POCC\_\_\)
\#elif defined\(\_WIN64\)
\#define ssize\_t \_\_int64
\#else
\#define ssize\_t long
\#endif
Best wishes,
Ron <support_at_tarma.com>
---
Sent from sourceforge.net because curl-tracker@cool.haxx.se is subscribed to https://sourceforge.net/p/curl/bugs/
To unsubscribe from further messages, a project admin can change settings at https://sourceforge.net/p/curl/admin/bugs/options.  Or, if this is a mailing list, you can unsubscribe from the mailing list.
Received on 2015-04-15

These mail archives are generated by hypermail.