https://sourceware.org/git/gitweb.cgi?p=newlib-cygwin.git;h=51d38004b2f51ac659f7ccc663c222f5ffe24b80
commit 51d38004b2f51ac659f7ccc663c222f5ffe24b80
Author: Corinna Vinschen <cori...@vinschen.de>
Date: Tue Sep 8 10:57:54 2015 +0200
flock.cc: Fix stack allocation from callee used in caller
* flock.cc (lockf_t::create_lock_obj_attr): Add buffer parameter.
Call _everyone_sd with buffer argument from caller rather than
everyone_sd with locally allocated stack buffer.
(lockf_t::create_lock_obj): Call create_lock_obj_attr only once
outside the loop and with additional buffer argument.
(lockf_t::open_lock_obj): Call create_lock_obj_attr with additional
buffer argument.
Diff:
---
winsup/cygwin/flock.cc | 14 ++++++++------
1 file changed, 8 insertions(+), 6 deletions(-)
diff --git a/winsup/cygwin/flock.cc b/winsup/cygwin/flock.cc
index 2332f54..f26a76a 100644
--- a/winsup/cygwin/flock.cc
+++ b/winsup/cygwin/flock.cc
@@ -290,7 +290,7 @@ class lockf_t
{ cfree (p); }
POBJECT_ATTRIBUTES create_lock_obj_attr (lockfattr_t *attr,
- ULONG flags);
+ ULONG flags, void *sd_buf);
void create_lock_obj ();
bool open_lock_obj ();
@@ -636,7 +636,7 @@ inode_t::get_all_locks_list ()
/* Create the lock object name. The name is constructed from the lock
properties which identify it uniquely, all values in hex. */
POBJECT_ATTRIBUTES
-lockf_t::create_lock_obj_attr (lockfattr_t *attr, ULONG flags)
+lockf_t::create_lock_obj_attr (lockfattr_t *attr, ULONG flags, void *sd_buf)
{
__small_swprintf (attr->name, LOCK_OBJ_NAME_FMT,
lf_flags & (F_POSIX | F_FLOCK), lf_type, lf_start, lf_end,
@@ -644,7 +644,7 @@ lockf_t::create_lock_obj_attr (lockfattr_t *attr, ULONG
flags)
RtlInitCountedUnicodeString (&attr->uname, attr->name,
LOCK_OBJ_NAME_LEN * sizeof (WCHAR));
InitializeObjectAttributes (&attr->attr, &attr->uname, flags,
lf_inode->i_dir,
- everyone_sd (FLOCK_EVENT_ACCESS));
+ _everyone_sd (sd_buf, FLOCK_EVENT_ACCESS));
return &attr->attr;
}
@@ -766,11 +766,13 @@ lockf_t::create_lock_obj ()
{
lockfattr_t attr;
NTSTATUS status;
+ POBJECT_ATTRIBUTES lock_obj_attr;
+ lock_obj_attr = create_lock_obj_attr (&attr, OBJ_INHERIT,
+ alloca (SD_MIN_SIZE));
do
{
- status = NtCreateEvent (&lf_obj, CYG_EVENT_ACCESS,
- create_lock_obj_attr (&attr, OBJ_INHERIT),
+ status = NtCreateEvent (&lf_obj, CYG_EVENT_ACCESS, lock_obj_attr,
NotificationEvent, FALSE);
if (!NT_SUCCESS (status))
{
@@ -852,7 +854,7 @@ lockf_t::open_lock_obj ()
NTSTATUS status;
status = NtOpenEvent (&lf_obj, FLOCK_EVENT_ACCESS,
- create_lock_obj_attr (&attr, 0));
+ create_lock_obj_attr (&attr, 0, alloca (SD_MIN_SIZE)));
if (!NT_SUCCESS (status))
{
SetLastError (RtlNtStatusToDosError (status));
