1) Ok, i found why this function is dangerous.
https://buildsecurityin.us-cert.gov/bsi/articles/knowledge/coding/760-BSI.html
"Since the user cannot specify the length of the buffer passed to
getwd(), use of this function is discouraged. The length of a pathname
described in {PATH_MAX} is file system-dependent and may vary from one
mount point to another, or might even be unlimited. It is possible to
overflow this buffer in such a way as to cause applications to fail or
possible system security violations."
But here i make a test no real life project.
2) So, i found in /usr/include/linux/limits.h
Line Number: 12
#define PATH_MAX 4096 /* # chars in a path name including nul */
is this the value?
i tried this value in my example with no success, i make somewhere else
the mistake.
---------------
' Gambas module file
' Gambas module file
'char *getwd(char *buf);
Extern getwd(buf As Pointer) As Pointer In "libc:6"
Public Sub Main()
Dim pBuf As Pointer
Dim pFunc As Pointer
Dim sWorkingDirectory As String
'getwd
pBuf = Alloc(4096)
pFunc = Alloc(4096)
pFunc = getwd(pBuf)
sWorkingDirectory = Str@(pFunc)
Free(pFunc)
Free(pBuf)
Print sWorkingDirectory
End
---------------
signal #6
----------------
*** glibc detected *** Pointers5: double free or corruption (!prev):
0x0893f498 ***
======= Backtrace: =========
/lib/tls/i686/cmov/libc.so.6(+0x6b591)[0x17b591]
/lib/tls/i686/cmov/libc.so.6(+0x6cde8)[0x17cde8]
/lib/tls/i686/cmov/libc.so.6(cfree+0x6d)[0x17fecd]
Pointers5[0x805ed2e]
Pointers5[0x8076a6a]
Pointers5[0x8050a99]
Pointers5[0x80513d8]
Pointers5[0x80689cd]
/lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe6)[0x126bd6]
Pointers5[0x804b151]
======= Memory map: ========
00110000-00263000 r-xp 00000000 08:04
2019753 /lib/tls/i686/cmov/libc-2.11.1.so
00263000-00264000 ---p 00153000 08:04
2019753 /lib/tls/i686/cmov/libc-2.11.1.so
00264000-00266000 r--p 00153000 08:04
2019753 /lib/tls/i686/cmov/libc-2.11.1.so
00266000-00267000 rw-p 00155000 08:04
2019753 /lib/tls/i686/cmov/libc-2.11.1.so
00267000-0026a000 rw-p 00000000 00:00 0
00428000-00438000 r-xp 00000000 08:04
1906544 /usr/local/lib/gambas3/gb.eval.so.0.0.0
00438000-00439000 r--p 0000f000 08:04
1906544 /usr/local/lib/gambas3/gb.eval.so.0.0.0
00439000-0043b000 rw-p 00010000 08:04
1906544 /usr/local/lib/gambas3/gb.eval.so.0.0.0
0043b000-0043c000 rw-p 00000000 00:00 0
0046e000-0046f000 r-xp 00000000 00:00 0 [vdso]
006c9000-006ce000 r-xp 00000000 08:04
688690 /usr/lib/libffi.so.5.0.10
006ce000-006cf000 ---p 00005000 08:04
688690 /usr/lib/libffi.so.5.0.10
006cf000-006d0000 r--p 00005000 08:04
688690 /usr/lib/libffi.so.5.0.10
006d0000-006d1000 rw-p 00006000 08:04
688690 /usr/lib/libffi.so.5.0.10
00739000-0075d000 r-xp 00000000 08:04
2019761 /lib/tls/i686/cmov/libm-2.11.1.so
0075d000-0075e000 r--p 00023000 08:04
2019761 /lib/tls/i686/cmov/libm-2.11.1.so
0075e000-0075f000 rw-p 00024000 08:04
2019761 /lib/tls/i686/cmov/libm-2.11.1.so
00aa5000-00ac2000 r-xp 00000000 08:04 1995027 /lib/libgcc_s.so.1
00ac2000-00ac3000 r--p 0001c000 08:04 1995027 /lib/libgcc_s.so.1
00ac3000-00ac4000 rw-p 0001d000 08:04 1995027 /lib/libgcc_s.so.1
00bca000-00bcc000 r-xp 00000000 08:04
2019759 /lib/tls/i686/cmov/libdl-2.11.1.so
00bcc000-00bcd000 r--p 00001000 08:04
2019759 /lib/tls/i686/cmov/libdl-2.11.1.so
00bcd000-00bce000 rw-p 00002000 08:04
2019759 /lib/tls/i686/cmov/libdl-2.11.1.so
00c25000-00c3a000 r-xp 00000000 08:04
2019772 /lib/tls/i686/cmov/libpthread-2.11.1.so
00c3a000-00c3b000 r--p 00014000 08:04
2019772 /lib/tls/i686/cmov/libpthread-2.11.1.so
00c3b000-00c3c000 rw-p 00015000 08:04
2019772 /lib/tls/i686/cmov/libpthread-2.11.1.so
00c3c000-00c3e000 rw-p 00000000 00:00 0
00dc3000-00dc7000 r-xp 00000000 08:04
1906676 /usr/local/lib/gambas3/gb.debug.so.0.0.0
00dc7000-00dc8000 r--p 00003000 08:04
1906676 /usr/local/lib/gambas3/gb.debug.so.0.0.0
00dc8000-00dc9000 rw-p 00004000 08:04
1906676 /usr/local/lib/gambas3/gb.debug.so.0.0.0
00eeb000-00f06000 r-xp 00000000 08:04 1996732 /lib/ld-2.11.1.so
00f06000-00f07000 r--p 0001a000 08:04 1996732 /lib/ld-2.11.1.so
00f07000-00f08000 rw-p 0001b000 08:04 1996732 /lib/ld-2.11.1.so
08048000-0807e000 r-xp 00000000 08:04 1785292 /usr/local/bin/gbx3
0807e000-0807f000 r--p 00035000 08:04 1785292 /usr/local/bin/gbx3
0807f000-08084000 rw-p 00036000 08:04 1785292 /usr/local/bin/gbx3
08084000-08086000 rw-p 00000000 00:00 0
08932000-08953000 rw-p 00000000 00:00 0 [heap]
b7500000-b7521000 rw-p 00000000 00:00 0
b7521000-b7600000 ---p 00000000 00:00 0
b768a000-b76c9000 r--p 00000000 08:04
737484 /usr/lib/locale/en_US.utf8/LC_CTYPE
b76c9000-b77e7000 r--p 00000000 08:04
737483 /usr/lib/locale/en_US.utf8/LC_COLLATE
b77e7000-b77e9000 rw-p 00000000 00:00 0
b77f1000-b77f2000 r--p 00000000 08:04
737500 /usr/lib/locale/en_US.utf8/LC_NUMERIC
b77f2000-b77f3000 r--p 00000000 08:04
735917 /usr/lib/locale/en_US.utf8/LC_TIME
b77f3000-b77f4000 r--p 00000000 08:04
735918 /usr/lib/locale/en_US.utf8/LC_MONETARY
b77f4000-b77f5000 r--p 00000000 08:04
752258 /usr/lib/locale/en_US.utf8/LC_MESSAGES/SYS_LC_MESSAGES
b77f5000-b77f6000 r--p 00000000 08:04
737523 /usr/lib/locale/en_US.utf8/LC_PAPER
b77f6000-b77f7000 r--p 00000000 08:04
737455 /usr/lib/locale/en_US.utf8/LC_NAME
b77f7000-b77f8000 r--p 00000000 08:04
735919 /usr/lib/locale/en_US.utf8/LC_ADDRESS
b77f8000-b77f9000 r--p 00000000 08:04
735920 /usr/lib/locale/en_US.utf8/LC_TELEPHONE
b77f9000-b77fa000 r--p 00000000 08:04
737398 /usr/lib/locale/en_US.utf8/LC_MEASUREMENT
b77fa000-b7801000 r--s 00000000 08:04
1619066 /usr/lib/gconv/gconv-modules.cache
b7801000-b7802000 r--p 00000000 08:04
735921 /usr/lib/locale/en_US.utf8/LC_IDENTIFICATION
b7802000-b7806000 rw-p 00000000 00:00 0
bfa53000-bfa68000 rw-p 00000000 00:00 0 [stack]
----------------
i saw that the first line says
*** glibc detected *** Pointers5: double free or corruption (!prev)
and i rem the one Free().
now i get
--------------
gbx3: warning: 1 allocation(s) non freed.
��m^@^@^@^@^@^@^@^@^@ocuments/Development/Gambas3/Pointers5
--------------
but no crash.
i played with the values of Alloc and i found that in my case a 29 bytes
are ok but with one Free() or else i get signal #11.
is there a bug with
Free(pBuf)
Free(pFunc)
?
3) On the other hand, i have a general question.
How to deal with char *pointers when their length is not known?
4) For example i try to use
'char *get_current_dir_name(void);
Extern get_current_dir_name() As Pointer In "libc:6"
again with no success.
in manuall says:
get_current_dir_name() will malloc(3) an array big enough to hold the
absolute pathname of the current working directory.
in my example:
---------------------
' Gambas module file
'char *get_current_dir_name(void);
Extern get_current_dir_name() As Pointer In "libc:6"
Public Sub Main()
Dim pFunc As Pointer
Dim sWorkingDirectory As String
'get_current_dir_name
pFunc = Alloc(4096)
pFunc = get_current_dir_name()
sWorkingDirectory = Str@(pFunc)
' Free(pFunc)
Print sWorkingDirectory
End
---------------------
if i use
Free(pFunc)
i get signal #11
gambas3-svn3418, ubuntu 10.04
Post by Benoît MinisiniPost by Demosthenes Koptsisso what can i do for
char *getwd(char *buf);
?
You must know C programming first, and understand how getwd works. By typing
'man getwd', you will learn that you must not use that function, it is
dangerous and so deprecated.
Then you will read that buf must be a pointer to a memory allocation of
PATH_MAX bytes. You must find the value of this constant inside the standard C
header files.
SizeOf(gb.String) is 4 (on 32 bits system). It is the number of bytes used by
Gambas to store a pointer to a Gambas string. This is the reason why you get a
crash.
Regards,
--
Regards,
Demosthenes